summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am16
-rw-r--r--src/Makefile.in47
-rw-r--r--src/_copyright/Makefile.in12
-rw-r--r--src/_copyright/_copyright.c14
-rw-r--r--src/_updown/Makefile.in12
-rw-r--r--src/_updown/_updown.in34
-rw-r--r--src/_updown_espmark/Makefile.in12
-rw-r--r--src/charon-cmd/Makefile.in12
-rw-r--r--src/charon-cmd/charon-cmd.8.in18
-rw-r--r--src/charon-cmd/charon-cmd.c7
-rw-r--r--src/charon-cmd/cmd/cmd_connection.c97
-rw-r--r--src/charon-cmd/cmd/cmd_options.c6
-rw-r--r--src/charon-cmd/cmd/cmd_options.h3
-rw-r--r--src/charon-nm/Makefile.in12
-rw-r--r--src/charon-nm/charon-nm.c6
-rw-r--r--src/charon-nm/nm/nm_backend.c12
-rw-r--r--src/charon-nm/nm/nm_service.c16
-rw-r--r--src/charon-tkm/Makefile.am40
-rw-r--r--src/charon-tkm/Makefile.in52
-rw-r--r--src/charon-tkm/build_common.gpr2
-rw-r--r--src/charon-tkm/build_tests.gpr6
-rw-r--r--src/charon-tkm/src/charon-tkm.c17
-rw-r--r--src/charon-tkm/src/tkm/tkm.c4
-rw-r--r--src/charon-tkm/src/tkm/tkm_diffie_hellman.c108
-rw-r--r--src/charon-tkm/src/tkm/tkm_diffie_hellman.h13
-rw-r--r--src/charon-tkm/src/tkm/tkm_id_manager.c1
-rw-r--r--src/charon-tkm/tests/chunk_map_tests.c17
-rw-r--r--src/charon-tkm/tests/diffie_hellman_tests.c18
-rw-r--r--src/charon-tkm/tests/id_manager_tests.c20
-rw-r--r--src/charon-tkm/tests/kernel_sad_tests.c23
-rw-r--r--src/charon-tkm/tests/keymat_tests.c18
-rw-r--r--src/charon-tkm/tests/nonceg_tests.c21
-rw-r--r--src/charon-tkm/tests/test_runner.c84
-rw-r--r--src/charon-tkm/tests/tests.c114
-rw-r--r--src/charon-tkm/tests/tests.h (renamed from src/charon-tkm/tests/test_runner.h)21
-rw-r--r--src/charon-tkm/tests/utils_tests.c15
-rw-r--r--src/charon/Android.mk1
-rw-r--r--src/charon/Makefile.in12
-rw-r--r--src/charon/charon.c6
-rw-r--r--src/checksum/Makefile.am19
-rw-r--r--src/checksum/Makefile.in79
-rw-r--r--src/checksum/checksum_builder.c5
-rw-r--r--src/conftest/Makefile.in12
-rw-r--r--src/conftest/conftest.c8
-rw-r--r--src/dumm/Makefile.in12
-rw-r--r--src/dumm/cowfs.h2
-rw-r--r--src/dumm/ext/dumm.c2
-rw-r--r--src/dumm/main.c2
-rw-r--r--src/include/Makefile.in12
-rw-r--r--src/ipsec/Makefile.in12
-rw-r--r--src/ipsec/_ipsec.82
-rw-r--r--src/libcharon/Android.mk1
-rw-r--r--src/libcharon/Makefile.in12
-rw-r--r--src/libcharon/config/ike_cfg.c6
-rw-r--r--src/libcharon/config/proposal.c4
-rw-r--r--src/libcharon/daemon.c36
-rw-r--r--src/libcharon/daemon.h10
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c14
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h2
-rw-r--r--src/libcharon/network/receiver.c20
-rw-r--r--src/libcharon/network/sender.c8
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in12
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in12
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in12
-rw-r--r--src/libcharon/plugins/android_log/android_log_logger.c2
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in12
-rw-r--r--src/libcharon/plugins/certexpire/certexpire_export.c30
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in12
-rw-r--r--src/libcharon/plugins/coupling/coupling_validator.c8
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in12
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c40
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in12
-rw-r--r--src/libcharon/plugins/dnscert/dnscert_plugin.c2
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in12
-rw-r--r--src/libcharon/plugins/duplicheck/duplicheck_notify.c2
-rw-r--r--src/libcharon/plugins/duplicheck/duplicheck_plugin.c2
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_server.c2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c2
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_dynamic/eap_dynamic.c4
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_gtc/eap_gtc.c2
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_peap/eap_peap.c8
-rw-r--r--src/libcharon/plugins/eap_peap/eap_peap_server.c8
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c10
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.c6
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_dae.c10
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_forward.c4
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_plugin.c34
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_xauth.c2
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_server.c2
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c4
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_tls/eap_tls.c6
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_tnc/eap_tnc.c6
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in12
-rw-r--r--src/libcharon/plugins/eap_ttls/eap_ttls.c8
-rw-r--r--src/libcharon/plugins/eap_ttls/eap_ttls_server.c8
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in12
-rw-r--r--src/libcharon/plugins/error_notify/error_notify_socket.c2
-rw-r--r--src/libcharon/plugins/farp/Makefile.in12
-rw-r--r--src/libcharon/plugins/ha/Makefile.in12
-rw-r--r--src/libcharon/plugins/ha/ha_attribute.c2
-rw-r--r--src/libcharon/plugins/ha/ha_plugin.c14
-rw-r--r--src/libcharon/plugins/ha/ha_segments.c6
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in12
-rw-r--r--src/libcharon/plugins/ipseckey/ipseckey_plugin.c2
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in12
-rw-r--r--src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c2
-rw-r--r--src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c2
-rw-r--r--src/libcharon/plugins/led/Makefile.in12
-rw-r--r--src/libcharon/plugins/led/led_listener.c6
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in12
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_config.c57
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_control.c2
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_creds.c12
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_listener.c2
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_plugin.c16
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in12
-rw-r--r--src/libcharon/plugins/lookip/lookip_socket.c39
-rw-r--r--src/libcharon/plugins/maemo/Makefile.in12
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in12
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in12
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in12
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in12
-rw-r--r--src/libcharon/plugins/radattr/radattr_listener.c52
-rw-r--r--src/libcharon/plugins/smp/Makefile.in12
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in12
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c14
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in12
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c2
-rw-r--r--src/libcharon/plugins/sql/Makefile.in12
-rw-r--r--src/libcharon/plugins/sql/sql_logger.c2
-rw-r--r--src/libcharon/plugins/sql/sql_plugin.c2
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in12
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c2
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.c2
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c53
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c53
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in12
-rw-r--r--src/libcharon/plugins/systime_fix/systime_fix_plugin.c8
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in12
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c4
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c14
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in12
-rw-r--r--src/libcharon/plugins/tnc_pdp/tnc_pdp.c14
-rw-r--r--src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c2
-rw-r--r--src/libcharon/plugins/uci/Makefile.in12
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.in12
-rw-r--r--src/libcharon/plugins/unity/Makefile.in12
-rw-r--r--src/libcharon/plugins/unity/unity_narrow.c11
-rw-r--r--src/libcharon/plugins/unity/unity_provider.c77
-rw-r--r--src/libcharon/plugins/updown/Makefile.in12
-rw-r--r--src/libcharon/plugins/updown/updown_handler.c2
-rw-r--r--src/libcharon/plugins/updown/updown_listener.c10
-rw-r--r--src/libcharon/plugins/updown/updown_plugin.c2
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in12
-rw-r--r--src/libcharon/plugins/whitelist/whitelist_control.c2
-rw-r--r--src/libcharon/plugins/whitelist/whitelist_listener.c2
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in12
-rw-r--r--src/libcharon/plugins/xauth_eap/xauth_eap.c2
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in12
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in12
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.am1
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in16
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam.c13
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_listener.c144
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_listener.h58
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c71
-rw-r--r--src/libcharon/processing/jobs/inactivity_job.c5
-rw-r--r--src/libcharon/sa/child_sa.c13
-rw-r--r--src/libcharon/sa/child_sa.h7
-rw-r--r--src/libcharon/sa/ike_sa.c41
-rw-r--r--src/libcharon/sa/ike_sa_manager.c8
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c19
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c6
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_vendor.c4
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c2
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c30
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c15
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c4
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_pre.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.c79
-rw-r--r--src/libcharon/sa/task_manager.h5
-rw-r--r--src/libcharon/sa/trap_manager.c87
-rw-r--r--src/libcharon/sa/xauth/xauth_manager.c3
-rw-r--r--src/libfast/Makefile.in12
-rw-r--r--src/libfast/fast_request.c39
-rw-r--r--src/libhydra/Android.mk1
-rw-r--r--src/libhydra/Makefile.in12
-rw-r--r--src/libhydra/attributes/mem_pool.c2
-rw-r--r--src/libhydra/hydra.c4
-rw-r--r--src/libhydra/hydra.h12
-rw-r--r--src/libhydra/kernel/kernel_interface.c4
-rw-r--r--src/libhydra/plugins/attr/Makefile.in12
-rw-r--r--src/libhydra/plugins/attr/attr_provider.c8
-rw-r--r--src/libhydra/plugins/attr_sql/Makefile.in12
-rw-r--r--src/libhydra/plugins/attr_sql/attr_sql_plugin.c4
-rw-r--r--src/libhydra/plugins/attr_sql/sql_attribute.c2
-rw-r--r--src/libhydra/plugins/kernel_klips/Makefile.in12
-rw-r--r--src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c10
-rw-r--r--src/libhydra/plugins/kernel_netlink/Makefile.in12
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c22
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c25
-rw-r--r--src/libhydra/plugins/kernel_pfkey/Makefile.in12
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c4
-rw-r--r--src/libhydra/plugins/kernel_pfroute/Makefile.in12
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c11
-rw-r--r--src/libhydra/plugins/resolve/Makefile.in12
-rw-r--r--src/libhydra/plugins/resolve/resolve_handler.c4
-rw-r--r--src/libimcv/Makefile.am4
-rw-r--r--src/libimcv/Makefile.in65
-rw-r--r--src/libimcv/imcv.c11
-rw-r--r--src/libimcv/imv/data.sql132
-rw-r--r--src/libimcv/imv/imv_msg.c4
-rw-r--r--src/libimcv/imv/imv_policy_manager.c11
-rw-r--r--src/libimcv/imv/imv_reason_string.c11
-rw-r--r--src/libimcv/imv/imv_reason_string.h3
-rw-r--r--src/libimcv/imv/imv_workitem.c5
-rw-r--r--src/libimcv/imv/imv_workitem.h3
-rw-r--r--src/libimcv/ita/ita_attr_command.c5
-rw-r--r--src/libimcv/ita/ita_attr_get_settings.c9
-rw-r--r--src/libimcv/ita/ita_attr_settings.c9
-rw-r--r--src/libimcv/os_info/os_info.c4
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in12
-rw-r--r--src/libimcv/plugins/imc_os/imc_os.c2
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in12
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner.c2
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in12
-rw-r--r--src/libimcv/plugins/imc_test/imc_test.c12
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in12
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_database.c5
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c4
-rw-r--r--src/libimcv/plugins/imv_os/pacman.c4
-rwxr-xr-xsrc/libimcv/plugins/imv_os/pacman.sh1
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in12
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c4
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in12
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_agent.c10
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c2
-rw-r--r--src/libipsec/Android.mk1
-rw-r--r--src/libipsec/Makefile.in12
-rw-r--r--src/libpts/Makefile.in12
-rw-r--r--src/libpts/plugins/imc_attestation/Makefile.in12
-rw-r--r--src/libpts/plugins/imc_attestation/imc_attestation_process.c11
-rw-r--r--src/libpts/plugins/imc_swid/Makefile.in12
-rw-r--r--src/libpts/plugins/imc_swid/imc_swid.c4
-rw-r--r--src/libpts/plugins/imv_attestation/Makefile.in12
-rw-r--r--src/libpts/plugins/imv_attestation/attest.c13
-rw-r--r--src/libpts/plugins/imv_attestation/attest_db.c4
-rw-r--r--src/libpts/plugins/imv_attestation/attest_usage.c7
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_agent.c186
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_build.c153
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_build.h5
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_process.c83
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_state.c114
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_state.h35
-rw-r--r--src/libpts/plugins/imv_swid/Makefile.in12
-rw-r--r--src/libpts/pts/components/ita/ita_comp_ima.c8
-rw-r--r--src/libpts/pts/components/ita/ita_comp_tboot.c12
-rw-r--r--src/libpts/pts/pts.c8
-rw-r--r--src/libpts/pts/pts_database.c62
-rw-r--r--src/libpts/pts/pts_file_meas.c3
-rw-r--r--src/libpts/swid/swid_inventory.c34
-rw-r--r--src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c5
-rw-r--r--src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c5
-rw-r--r--src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c2
-rw-r--r--src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c5
-rw-r--r--src/libpttls/Makefile.in12
-rw-r--r--src/libradius/Makefile.in12
-rw-r--r--src/libsimaka/Makefile.in12
-rw-r--r--src/libstrongswan/Android.mk8
-rw-r--r--src/libstrongswan/Makefile.am17
-rw-r--r--src/libstrongswan/Makefile.in73
-rw-r--r--src/libstrongswan/asn1/asn1.c80
-rw-r--r--src/libstrongswan/asn1/asn1.h7
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c1
-rw-r--r--src/libstrongswan/asn1/oid.c650
-rw-r--r--src/libstrongswan/asn1/oid.h328
-rw-r--r--src/libstrongswan/asn1/oid.txt24
-rw-r--r--src/libstrongswan/collections/array.c151
-rw-r--r--src/libstrongswan/collections/array.h73
-rw-r--r--src/libstrongswan/credentials/credential_manager.c2
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c6
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c8
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c9
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h5
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c55
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.h13
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.c324
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.txt8
-rw-r--r--src/libstrongswan/fetcher/fetcher_manager.c2
-rw-r--r--src/libstrongswan/library.c49
-rw-r--r--src/libstrongswan/library.h16
-rw-r--r--src/libstrongswan/networking/host_resolver.c8
-rw-r--r--src/libstrongswan/networking/streams/stream.c17
-rw-r--r--src/libstrongswan/networking/streams/stream.h5
-rw-r--r--src/libstrongswan/networking/tun_device.c8
-rw-r--r--src/libstrongswan/networking/tun_device.h1
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c8
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c1
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c17
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c4
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.am33
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in812
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h235
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c581
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h183
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c1034
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c360
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h167
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c384
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h101
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c242
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h96
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_drbg.c279
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_drbg.h77
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_ke.c396
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_ke.h50
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_mgf1.c182
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_mgf1.h77
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_plugin.c83
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_plugin.h42
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_poly.c416
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_poly.h99
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_trits.c133
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_trits.h61
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c7
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c2
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c35
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_dh.c2
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.c8
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c18
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c158
-rw-r--r--src/libstrongswan/plugins/plugin_loader.h18
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.c17
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.h5
-rw-r--r--src/libstrongswan/plugins/random/random_rng.c4
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/rdrand/rdrand_plugin.c16
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/sshkey/sshkey_builder.c1
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/unbound/unbound_resolver.c12
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in12
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c6
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in12
-rw-r--r--src/libstrongswan/processing/processor.c2
-rw-r--r--src/libstrongswan/processing/watcher.c2
-rw-r--r--src/libstrongswan/tests/Makefile.am67
-rw-r--r--src/libstrongswan/tests/Makefile.in1302
-rw-r--r--src/libstrongswan/tests/suites/test_array.c (renamed from src/libstrongswan/tests/test_array.c)176
-rw-r--r--src/libstrongswan/tests/suites/test_asn1.c869
-rw-r--r--src/libstrongswan/tests/suites/test_asn1_parser.c291
-rw-r--r--src/libstrongswan/tests/suites/test_bio_reader.c (renamed from src/libstrongswan/tests/test_bio_reader.c)2
-rw-r--r--src/libstrongswan/tests/suites/test_bio_writer.c (renamed from src/libstrongswan/tests/test_bio_writer.c)4
-rw-r--r--src/libstrongswan/tests/suites/test_chunk.c (renamed from src/libstrongswan/tests/test_chunk.c)157
-rw-r--r--src/libstrongswan/tests/suites/test_crypter.c107
-rw-r--r--src/libstrongswan/tests/suites/test_ecdsa.c (renamed from src/libstrongswan/tests/test_ecdsa.c)8
-rw-r--r--src/libstrongswan/tests/suites/test_enum.c (renamed from src/libstrongswan/tests/test_enum.c)0
-rw-r--r--src/libstrongswan/tests/suites/test_enumerator.c (renamed from src/libstrongswan/tests/test_enumerator.c)0
-rw-r--r--src/libstrongswan/tests/suites/test_fetch_http.c273
-rw-r--r--src/libstrongswan/tests/suites/test_hasher.c189
-rw-r--r--src/libstrongswan/tests/suites/test_hashtable.c (renamed from src/libstrongswan/tests/test_hashtable.c)0
-rw-r--r--src/libstrongswan/tests/suites/test_host.c (renamed from src/libstrongswan/tests/test_host.c)0
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c (renamed from src/libstrongswan/tests/test_identification.c)2
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list.c (renamed from src/libstrongswan/tests/test_linked_list.c)28
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list_enumerator.c (renamed from src/libstrongswan/tests/test_linked_list_enumerator.c)0
-rw-r--r--src/libstrongswan/tests/suites/test_ntru.c1042
-rw-r--r--src/libstrongswan/tests/suites/test_pen.c87
-rw-r--r--src/libstrongswan/tests/suites/test_printf.c (renamed from src/libstrongswan/tests/test_printf.c)57
-rw-r--r--src/libstrongswan/tests/suites/test_rsa.c (renamed from src/libstrongswan/tests/test_rsa.c)10
-rw-r--r--src/libstrongswan/tests/suites/test_settings.c920
-rw-r--r--src/libstrongswan/tests/suites/test_stream.c267
-rw-r--r--src/libstrongswan/tests/suites/test_test_rng.c56
-rw-r--r--src/libstrongswan/tests/suites/test_threading.c1466
-rw-r--r--src/libstrongswan/tests/suites/test_utils.c (renamed from src/libstrongswan/tests/test_utils.c)187
-rw-r--r--src/libstrongswan/tests/suites/test_vectors.c (renamed from src/libstrongswan/tests/test_vectors.c)3
-rw-r--r--src/libstrongswan/tests/suites/test_watcher.c214
-rw-r--r--src/libstrongswan/tests/test_runner.c500
-rw-r--r--src/libstrongswan/tests/test_runner.h84
-rw-r--r--src/libstrongswan/tests/test_suite.c277
-rw-r--r--src/libstrongswan/tests/test_suite.h350
-rw-r--r--src/libstrongswan/tests/test_threading.c110
-rw-r--r--src/libstrongswan/tests/tests.c56
-rw-r--r--src/libstrongswan/tests/tests.h43
-rw-r--r--src/libstrongswan/tests/utils/test_rng.c86
-rw-r--r--src/libstrongswan/tests/utils/test_rng.h36
-rw-r--r--src/libstrongswan/threading/thread.h9
-rw-r--r--src/libstrongswan/utils/backtrace.c4
-rw-r--r--src/libstrongswan/utils/backtrace.h4
-rw-r--r--src/libstrongswan/utils/capabilities.h3
-rw-r--r--src/libstrongswan/utils/chunk.c193
-rw-r--r--src/libstrongswan/utils/chunk.h44
-rw-r--r--src/libstrongswan/utils/identification.c7
-rw-r--r--src/libstrongswan/utils/integrity_checker.c37
-rw-r--r--src/libstrongswan/utils/leak_detective.c112
-rw-r--r--src/libstrongswan/utils/leak_detective.h52
-rw-r--r--src/libstrongswan/utils/printf_hook/printf_hook_builtin.c16
-rw-r--r--src/libstrongswan/utils/printf_hook/printf_hook_glibc.c2
-rw-r--r--src/libstrongswan/utils/settings.c486
-rw-r--r--src/libstrongswan/utils/settings.h25
-rw-r--r--src/libstrongswan/utils/test.c50
-rw-r--r--src/libstrongswan/utils/test.h96
-rw-r--r--src/libstrongswan/utils/utils.c220
-rw-r--r--src/libstrongswan/utils/utils.h70
-rw-r--r--src/libstrongswan/utils/utils/strerror.c97
-rw-r--r--src/libstrongswan/utils/utils/strerror.h40
-rw-r--r--src/libtls/Makefile.in12
-rw-r--r--src/libtls/tls.c1
-rw-r--r--src/libtls/tls_crypto.c12
-rw-r--r--src/libtnccs/Android.mk1
-rw-r--r--src/libtnccs/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnc_imc/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnc_imc/tnc_imc.c2
-rw-r--r--src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c2
-rw-r--r--src/libtnccs/plugins/tnc_imv/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnc_imv/tnc_imv.c2
-rw-r--r--src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c4
-rw-r--r--src/libtnccs/plugins/tnc_tnccs/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnccs_11/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnccs_11/tnccs_11.c2
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in12
-rw-r--r--src/libtnccs/plugins/tnccs_20/tnccs_20.c4
-rw-r--r--src/libtnccs/plugins/tnccs_dynamic/Makefile.in12
-rw-r--r--src/libtnccs/tnc/tnc.c44
-rw-r--r--src/libtncif/Android.mk1
-rw-r--r--src/libtncif/Makefile.in12
-rw-r--r--src/manager/Makefile.in12
-rw-r--r--src/manager/main.c2
-rw-r--r--src/medsrv/Makefile.in12
-rw-r--r--src/medsrv/main.c2
-rw-r--r--src/openac/Makefile.in12
-rw-r--r--src/openac/openac.c12
-rw-r--r--src/pki/Makefile.in12
-rw-r--r--src/pki/command.c27
-rw-r--r--src/pki/command.h6
-rw-r--r--src/pki/commands/issue.c16
-rw-r--r--src/pki/commands/keyid.c9
-rw-r--r--src/pki/commands/print.c7
-rw-r--r--src/pki/commands/pub.c9
-rw-r--r--src/pki/commands/req.c8
-rw-r--r--src/pki/commands/self.c8
-rw-r--r--src/pki/commands/verify.c8
-rw-r--r--src/pki/man/Makefile.in12
-rw-r--r--src/pki/man/pki---issue.1.in2
-rw-r--r--src/pki/pki.c2
-rw-r--r--src/pool/Makefile.am7
-rw-r--r--src/pool/Makefile.in128
-rw-r--r--src/pool/mysql.sql281
-rw-r--r--src/pool/pool.c13
-rw-r--r--src/pool/sqlite.sql283
-rw-r--r--src/pt-tls-client/Makefile.in12
-rw-r--r--src/pt-tls-client/pt-tls-client.c2
-rw-r--r--src/scepclient/Makefile.in12
-rw-r--r--src/scepclient/scepclient.c39
-rw-r--r--src/starter/Android.mk1
-rw-r--r--src/starter/Makefile.in12
-rw-r--r--src/starter/starter.c4
-rw-r--r--src/stroke/Android.mk1
-rw-r--r--src/stroke/Makefile.in12
-rw-r--r--src/stroke/stroke.c2
-rw-r--r--src/strongswan.conf34
522 files changed, 22027 insertions, 3786 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 218c9434c..7d11893d1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -96,12 +96,12 @@ if USE_MEDSRV
SUBDIRS += medsrv
endif
-if USE_INTEGRITY_TEST
- SUBDIRS += checksum
-endif
-
if USE_ATTR_SQL
SUBDIRS += pool
+else
+if USE_SQL
+ SUBDIRS += pool
+endif
endif
if USE_TKM
@@ -116,8 +116,6 @@ if USE_LIBPTTLS
SUBDIRS += pt-tls-client
endif
-EXTRA_DIST = strongswan.conf
-
-install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
+if USE_INTEGRITY_TEST
+ SUBDIRS += checksum
+endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 42dfba38e..1c2a427f7 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -101,11 +101,12 @@ host_triplet = @host@
@USE_FAST_TRUE@am__append_22 = libfast
@USE_MANAGER_TRUE@am__append_23 = manager
@USE_MEDSRV_TRUE@am__append_24 = medsrv
-@USE_INTEGRITY_TEST_TRUE@am__append_25 = checksum
-@USE_ATTR_SQL_TRUE@am__append_26 = pool
+@USE_ATTR_SQL_TRUE@am__append_25 = pool
+@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_26 = pool
@USE_TKM_TRUE@am__append_27 = charon-tkm
@USE_CMD_TRUE@am__append_28 = charon-cmd
@USE_LIBPTTLS_TRUE@am__append_29 = pt-tls-client
+@USE_INTEGRITY_TEST_TRUE@am__append_30 = checksum
subdir = src
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -183,8 +184,8 @@ DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \
libtls libradius libtncif libtnccs libpttls libimcv libpts \
libcharon starter ipsec _copyright charon charon-nm stroke \
_updown _updown_espmark openac scepclient pki conftest dumm \
- libfast manager medsrv checksum pool charon-tkm charon-cmd \
- pt-tls-client
+ libfast manager medsrv pool charon-tkm charon-cmd \
+ pt-tls-client checksum
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -225,8 +226,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +410,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -421,8 +430,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_19) $(am__append_20) $(am__append_21) \
$(am__append_22) $(am__append_23) $(am__append_24) \
$(am__append_25) $(am__append_26) $(am__append_27) \
- $(am__append_28) $(am__append_29)
-EXTRA_DIST = strongswan.conf
+ $(am__append_28) $(am__append_29) $(am__append_30)
all: all-recursive
.SUFFIXES:
@@ -678,7 +686,7 @@ install-dvi: install-dvi-recursive
install-dvi-am:
-install-exec-am: install-exec-local
+install-exec-am:
install-html: install-html-recursive
@@ -725,19 +733,14 @@ uninstall-am:
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-local \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs installdirs-am maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am
-
-
-install-exec-local :
- test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags tags-am uninstall uninstall-am
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 8a57e13bc..0783f9e7b 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -184,8 +184,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -253,6 +251,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -341,12 +344,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -361,6 +368,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/_copyright/_copyright.c b/src/_copyright/_copyright.c
index b20b17256..806f78062 100644
--- a/src/_copyright/_copyright.c
+++ b/src/_copyright/_copyright.c
@@ -24,7 +24,7 @@
#include <library.h>
static const char *copyright[] = {
- "Copyright (C) 1999-2012",
+ "Copyright (C) 1999-2013",
" Henry Spencer, D. Hugh Redelmeier, Michael Richardson, Ken Bantoft,",
" Stephen J. Bevan, JuanJo Ciarlante, Thomas Egerer, Heiko Hund,",
" Mathieu Lafon, Stephane Laroche, Kai Martius, Stephan Scholz,",
@@ -36,10 +36,12 @@ static const char *copyright[] = {
" Roger Wegmann, Simon Zwahlen,",
" ZHW Zuercher Hochschule Winterthur (Switzerland).",
"",
- " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,",
- " Andreas Eigenmann, Giuliano Grassi, Reto Guadagnini, Fabian Hartmann,",
- " Noah Heusser, Jan Hutter, Thomas Kallenberg, Daniel Roethlisberger,",
- " Ralf Sager, Joel Stillhart, Daniel Wydler, Andreas Steffen,",
+ " Philip Boetschi, Tobias Brunner, Christoph Buehler, Reto Buerki,",
+ " Sansar Choinyambuu, Adrian Doerig, Andreas Eigenmann, Giuliano Grassi,",
+ " Reto Guadagnini, Fabian Hartmann, Noah Heusser, Jan Hutter,",
+ " Thomas Kallenberg, Patrick Loetscher, Daniel Roethlisberger,",
+ " Adrian-Ken Rueegsegger, Ralf Sager, Joel Stillhart, Daniel Wydler,",
+ " Andreas Steffen,",
" HSR Hochschule fuer Technik Rapperswil (Switzerland).",
"",
" Martin Willi (revosec AG), Clavister (Sweden).",
@@ -74,7 +76,7 @@ main(int argc, char *argv[])
const char **notice = copyright;
const char **co;
- library_init(NULL);
+ library_init(NULL, "_copyright");
atexit(library_deinit);
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 30f32b2b7..e77049543 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index c68c23d8a..532bd2437 100644
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -50,6 +50,9 @@
# PLUTO_PROTO
# is the negotiated IPsec protocol, ah|esp
#
+# PLUTO_IPCOMP
+# is not empty if IPComp was negotiated
+#
# PLUTO_UNIQUEID
# is the unique identifier of the associated IKE_SA
#
@@ -411,6 +414,14 @@ up-host:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IPIP traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -435,6 +446,13 @@ down-host:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IPIP exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -474,6 +492,15 @@ up-client:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IPIP traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -517,6 +544,13 @@ down-client:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IPIP exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index 42522f5e8..918bd6a89 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index d484f6463..62d6cd725 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-cmd/charon-cmd.8.in b/src/charon-cmd/charon-cmd.8.in
index 25d706995..a2d424e9a 100644
--- a/src/charon-cmd/charon-cmd.8.in
+++ b/src/charon-cmd/charon-cmd.8.in
@@ -116,6 +116,24 @@ address will always be proposed.
.BI "\-\-remote\-ts " subnet
Traffic selector to propose for remote side, defaults to 0.0.0.0/0.
.TP
+.BI "\-\-ike\-proposal " proposal
+IKE proposal to offer instead of default. For IKEv1, a single proposal consists
+of one encryption algorithm, an integrity/PRF algorithm and a DH group. IKEv2
+can propose multiple algorithms of the same kind. To specify multiple proposals,
+repeat the option.
+.TP
+.BI "\-\-esp\-proposal " proposal
+ESP proposal to offer instead of default. For IKEv1, a single proposal consists
+of one encryption algorithm, an integrity algorithm and an optional DH group for
+Perfect Forward Secrecy rekeying. IKEv2 can propose multiple algorithms of the
+same kind. To specify multiple proposals, repeat the option.
+.TP
+.BI "\-\-ah\-proposal " proposal
+AH proposal to offer instead of ESP. For IKEv1, a single proposal consists
+of an integrity algorithm and an optional DH group for Perfect Forward Secrecy
+rekeying. IKEv2 can propose multiple algorithms of the same kind. To specify
+multiple proposals, repeat the option.
+.TP
.BI "\-\-profile " name
Authentication profile to use, the list of supported profiles can be found
in the
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index 5f4787b58..a70d314af 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -322,7 +322,7 @@ int main(int argc, char *argv[])
dbg = dbg_stderr;
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon-cmd"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -334,12 +334,12 @@ int main(int argc, char *argv[])
}
}
atexit(libhydra_deinit);
- if (!libhydra_init("charon-cmd"))
+ if (!libhydra_init())
{
exit(SS_RC_INITIALIZATION_FAILED);
}
atexit(libcharon_deinit);
- if (!libcharon_init("charon-cmd"))
+ if (!libcharon_init())
{
exit(SS_RC_INITIALIZATION_FAILED);
}
@@ -389,6 +389,7 @@ int main(int argc, char *argv[])
sigaddset(&action.sa_mask, SIGINT);
sigaddset(&action.sa_mask, SIGTERM);
sigaddset(&action.sa_mask, SIGHUP);
+ sigaddset(&action.sa_mask, SIGUSR1);
sigaction(SIGSEGV, &action, NULL);
sigaction(SIGILL, &action, NULL);
sigaction(SIGBUS, &action, NULL);
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index 180e8da98..ac085e131 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -87,6 +87,16 @@ struct private_cmd_connection_t {
linked_list_t *remote_ts;
/**
+ * List of IKE proposals
+ */
+ linked_list_t *ike_proposals;
+
+ /**
+ * List of CHILD proposals
+ */
+ linked_list_t *child_proposals;
+
+ /**
* Hostname to connect to
*/
char *host;
@@ -135,6 +145,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
ike_version_t version = IKE_ANY;
bool aggressive = FALSE;
+ proposal_t *proposal;
switch (this->profile)
{
@@ -165,7 +176,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
}
ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port,
this->host, remote_port, FRAGMENTATION_NO, 0);
- ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ if (this->ike_proposals->get_count(this->ike_proposals))
+ {
+ while (this->ike_proposals->remove_first(this->ike_proposals,
+ (void**)&proposal) == SUCCESS)
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+ }
+ else
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ }
peer_cfg = peer_cfg_create("cmd", ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
@@ -173,7 +195,6 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
TRUE, aggressive, TRUE, /* mobike, aggressive, pull */
30, 0, /* DPD delay, timeout */
FALSE, NULL, NULL); /* mediation */
- peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
return peer_cfg;
}
@@ -306,10 +327,13 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
/**
* Attach child config to peer config
*/
-static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
+static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
+ peer_cfg_t *peer_cfg)
{
child_cfg_t *child_cfg;
traffic_selector_t *ts;
+ proposal_t *proposal;
+ bool has_v4 = FALSE, has_v6 = FALSE;
lifetime_cfg_t lifetime = {
.time = {
.life = 10800 /* 3h */,
@@ -322,7 +346,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
0, 0, NULL, NULL, 0);
- child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ if (this->child_proposals->get_count(this->child_proposals))
+ {
+ while (this->child_proposals->remove_first(this->child_proposals,
+ (void**)&proposal) == SUCCESS)
+ {
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ }
+ else
+ {
+ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+ }
while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
{
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
@@ -333,12 +368,31 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this)
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
"0.0.0.0", 0, "255.255.255.255", 65535);
this->remote_ts->insert_last(this->remote_ts, ts);
+ has_v4 = TRUE;
}
while (this->remote_ts->remove_first(this->remote_ts,
(void**)&ts) == SUCCESS)
{
+ switch (ts->get_type(ts))
+ {
+ case TS_IPV4_ADDR_RANGE:
+ has_v4 = TRUE;
+ break;
+ case TS_IPV6_ADDR_RANGE:
+ has_v6 = TRUE;
+ break;
+ }
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
}
+ if (has_v4)
+ {
+ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
+ }
+ if (has_v6)
+ {
+ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("::", 0));
+ }
+ peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
return child_cfg;
}
@@ -374,8 +428,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this)
return JOB_REQUEUE_NONE;
}
- child_cfg = create_child_cfg(this);
- peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg));
+ child_cfg = create_child_cfg(this, peer_cfg);
if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg,
controller_cb_empty, NULL, 0) != SUCCESS)
@@ -421,6 +474,8 @@ static void set_profile(private_cmd_connection_t *this, char *name)
METHOD(cmd_connection_t, handle, bool,
private_cmd_connection_t *this, cmd_option_type_t opt, char *arg)
{
+ proposal_t *proposal;
+
switch (opt)
{
case CMD_OPT_HOST:
@@ -447,6 +502,30 @@ METHOD(cmd_connection_t, handle, bool,
case CMD_OPT_REMOTE_TS:
add_ts(this, this->remote_ts, arg);
break;
+ case CMD_OPT_IKE_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_IKE, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->ike_proposals->insert_last(this->ike_proposals, proposal);
+ break;
+ case CMD_OPT_ESP_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_ESP, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->child_proposals->insert_last(this->child_proposals, proposal);
+ break;
+ case CMD_OPT_AH_PROPOSAL:
+ proposal = proposal_create_from_string(PROTO_AH, arg);
+ if (!proposal)
+ {
+ exit(1);
+ }
+ this->child_proposals->insert_last(this->child_proposals, proposal);
+ break;
case CMD_OPT_PROFILE:
set_profile(this, arg);
break;
@@ -459,6 +538,10 @@ METHOD(cmd_connection_t, handle, bool,
METHOD(cmd_connection_t, destroy, void,
private_cmd_connection_t *this)
{
+ this->ike_proposals->destroy_offset(this->ike_proposals,
+ offsetof(proposal_t, destroy));
+ this->child_proposals->destroy_offset(this->child_proposals,
+ offsetof(proposal_t, destroy));
this->local_ts->destroy_offset(this->local_ts,
offsetof(traffic_selector_t, destroy));
this->remote_ts->destroy_offset(this->remote_ts,
@@ -481,6 +564,8 @@ cmd_connection_t *cmd_connection_create()
.pid = getpid(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
+ .ike_proposals = linked_list_create(),
+ .child_proposals = linked_list_create(),
.profile = PROF_UNDEF,
);
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index 597ccda1f..5428941ff 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -56,6 +56,12 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
"additional traffic selector to propose for our side", {}},
{ CMD_OPT_REMOTE_TS, "remote-ts", required_argument, "subnet",
"traffic selector to propose for remote side", {}},
+ { CMD_OPT_IKE_PROPOSAL, "ike-proposal", required_argument, "proposal",
+ "a single IKE proposal to offer instead of the default", {}},
+ { CMD_OPT_ESP_PROPOSAL, "esp-proposal", required_argument, "proposal",
+ "a single ESP proposal to offer instead of the default", {}},
+ { CMD_OPT_AH_PROPOSAL, "ah-proposal", required_argument, "proposal",
+ "a single AH proposal to offer instead of the default", {}},
{ CMD_OPT_PROFILE, "profile", required_argument, "name",
"authentication profile to use, where name is one of:", {
" ikev2-pub, ikev2-eap, ikev2-pub-eap",
diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h
index 6b8b04cdf..c7441e795 100644
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@@ -45,6 +45,9 @@ enum cmd_option_type_t {
CMD_OPT_AGENT,
CMD_OPT_LOCAL_TS,
CMD_OPT_REMOTE_TS,
+ CMD_OPT_IKE_PROPOSAL,
+ CMD_OPT_AH_PROPOSAL,
+ CMD_OPT_ESP_PROPOSAL,
CMD_OPT_PROFILE,
CMD_OPT_COUNT
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index c204c8c3a..955d15313 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -192,8 +192,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -261,6 +259,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -349,12 +352,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -369,6 +376,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 9ce6dbaeb..32cec36ec 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -161,7 +161,7 @@ int main(int argc, char *argv[])
dbg = dbg_syslog;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon-nm"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -175,7 +175,7 @@ int main(int argc, char *argv[])
exit(SS_RC_DAEMON_INTEGRITY);
}
- if (!libhydra_init("charon-nm"))
+ if (!libhydra_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
libhydra_deinit();
@@ -183,7 +183,7 @@ int main(int argc, char *argv[])
exit(SS_RC_INITIALIZATION_FAILED);
}
- if (!libcharon_init("charon-nm"))
+ if (!libcharon_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
goto deinit;
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index f474dad60..ebebde2c0 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -22,10 +22,6 @@
#include <daemon.h>
#include <processing/jobs/callback_job.h>
-#ifndef CAP_DAC_OVERRIDE
-#define CAP_DAC_OVERRIDE 1
-#endif
-
typedef struct nm_backend_t nm_backend_t;
/**
@@ -143,14 +139,6 @@ static bool nm_backend_init()
return FALSE;
}
- /* bypass file permissions to read from users ssh-agent */
- if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE))
- {
- DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability");
- nm_backend_deinit();
- return FALSE;
- }
-
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index f37367532..f0daff61e 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -412,9 +412,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
loose_gateway_id = TRUE;
}
- if (auth_class == AUTH_CLASS_EAP)
+ if (auth_class == AUTH_CLASS_EAP ||
+ auth_class == AUTH_CLASS_PSK)
{
- /* username/password authentication ... */
+ /* username/password or PSK authentication ... */
str = nm_setting_vpn_get_data_item(vpn, "user");
if (str)
{
@@ -548,7 +549,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
auth->add(auth, AUTH_RULE_IDENTITY, user);
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ if (auth_class == AUTH_CLASS_PSK)
+ {
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+ }
+ else
+ {
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ }
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
@@ -623,7 +631,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
method = nm_setting_vpn_get_data_item(settings, "method");
if (method)
{
- if (streq(method, "eap"))
+ if (streq(method, "eap") || streq(method, "psk"))
{
if (nm_setting_vpn_get_secret(settings, "password"))
{
diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
index 0fef1f62d..d2b81a3ea 100644
--- a/src/charon-tkm/Makefile.am
+++ b/src/charon-tkm/Makefile.am
@@ -1,26 +1,30 @@
-SRC = $(top_builddir)/src
+SRC = $(abs_top_srcdir)/src
+OBJ = $(abs_top_builddir)/src
-# includes relative to obj directory
AM_CPPFLAGS = \
- -include $(top_builddir)/config.h \
- -I../$(SRC)/libstrongswan \
- -I../$(SRC)/libhydra \
- -I../$(SRC)/libcharon
+ -include $(abs_top_builddir)/config.h \
+ -I$(SRC)/libstrongswan \
+ -I$(SRC)/libhydra \
+ -I$(SRC)/libcharon
LIBLD = \
- -L$(SRC)/libstrongswan/.libs \
- -L$(SRC)/libhydra/.libs \
- -L$(SRC)/libcharon/.libs
-LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs
+ -L$(OBJ)/libstrongswan/.libs \
+ -L$(OBJ)/libhydra/.libs \
+ -L$(OBJ)/libcharon/.libs
+LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs
LIBFL = -lstrongswan -lhydra -lcharon
DEFS += -DPLUGINS=\""$(PLUGINS)\"" -DIPSEC_PIDDIR=\"${piddir}\"
BUILD_OPTS = \
- -XOBJ_DIR=$(CURDIR)/obj \
+ -XOBJ_DIR=$(abs_builddir)/obj \
-cargs $(AM_CPPFLAGS) $(DEFS) \
-largs $(LIBLD) $(LIBFL)
+TEST_OPTS = \
+ -cargs -DBUILDDIR=\"${abs_top_builddir}\" \
+ -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest
+
# plugins to enable
PLUGINS = \
kernel-netlink \
@@ -35,15 +39,15 @@ build_charon: build_charon.gpr src/charon-tkm.c
@$(GPRBUILD) -p $< $(BUILD_OPTS)
build_tests: build_tests.gpr
- @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@
+ @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS)
+
+check-tkm: build_tests
+ @LD_LIBRARY_PATH=$(LIBPT) obj/tests
-if UNITTESTS
-check: build_tests
- @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner
-else
check:
- @echo "reconfigure with --enable-unit-tests"
-endif
+ @echo "TKM tests are not run automatically because they have to be run as root" >&2
+ @echo "and require a properly configured TKM daemon to be running." >&2
+ @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2
install: build_charon
$(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir)
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 5f878acf9..15e654d00 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -131,8 +131,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -318,27 +326,30 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-SRC = $(top_builddir)/src
-
-# includes relative to obj directory
+SRC = $(abs_top_srcdir)/src
+OBJ = $(abs_top_builddir)/src
AM_CPPFLAGS = \
- -include $(top_builddir)/config.h \
- -I../$(SRC)/libstrongswan \
- -I../$(SRC)/libhydra \
- -I../$(SRC)/libcharon
+ -include $(abs_top_builddir)/config.h \
+ -I$(SRC)/libstrongswan \
+ -I$(SRC)/libhydra \
+ -I$(SRC)/libcharon
LIBLD = \
- -L$(SRC)/libstrongswan/.libs \
- -L$(SRC)/libhydra/.libs \
- -L$(SRC)/libcharon/.libs
+ -L$(OBJ)/libstrongswan/.libs \
+ -L$(OBJ)/libhydra/.libs \
+ -L$(OBJ)/libcharon/.libs
-LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs
+LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs
LIBFL = -lstrongswan -lhydra -lcharon
BUILD_OPTS = \
- -XOBJ_DIR=$(CURDIR)/obj \
+ -XOBJ_DIR=$(abs_builddir)/obj \
-cargs $(AM_CPPFLAGS) $(DEFS) \
-largs $(LIBLD) $(LIBFL)
+TEST_OPTS = \
+ -cargs -DBUILDDIR=\"${abs_top_builddir}\" \
+ -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest
+
# plugins to enable
PLUGINS = \
@@ -543,12 +554,15 @@ build_charon: build_charon.gpr src/charon-tkm.c
@$(GPRBUILD) -p $< $(BUILD_OPTS)
build_tests: build_tests.gpr
- @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@
+ @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS)
+
+check-tkm: build_tests
+ @LD_LIBRARY_PATH=$(LIBPT) obj/tests
-@UNITTESTS_TRUE@check: build_tests
-@UNITTESTS_TRUE@ @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner
-@UNITTESTS_FALSE@check:
-@UNITTESTS_FALSE@ @echo "reconfigure with --enable-unit-tests"
+check:
+ @echo "TKM tests are not run automatically because they have to be run as root" >&2
+ @echo "and require a properly configured TKM daemon to be running." >&2
+ @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2
install: build_charon
$(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir)
diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr
index ac322d713..102f6b7a2 100644
--- a/src/charon-tkm/build_common.gpr
+++ b/src/charon-tkm/build_common.gpr
@@ -5,7 +5,7 @@ project Build_Common is
for Source_Dirs use ();
- Obj_Dir := "obj";
+ Obj_Dir := external ("OBJ_DIR", "obj");
C_Compiler_Switches := ("-W",
"-Wall",
diff --git a/src/charon-tkm/build_tests.gpr b/src/charon-tkm/build_tests.gpr
index 032c7969e..2bdc99650 100644
--- a/src/charon-tkm/build_tests.gpr
+++ b/src/charon-tkm/build_tests.gpr
@@ -4,11 +4,15 @@ project Build_Tests is
for Languages use ("Ada", "C");
for Source_Dirs use ("src/ees", "src/ehandler", "src/tkm", "tests");
- for Main use ("test_runner");
+ for Main use ("tests");
for Object_Dir use Build_Common.Obj_Dir;
package Compiler is
for Default_Switches ("c") use Build_Common.C_Compiler_Switches;
end Compiler;
+ package Binder is
+ for Default_Switches ("ada") use Build_Common.Ada_Binder_Switches;
+ end Binder;
+
end Build_Tests;
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 14a735590..9a22f9ad9 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -250,13 +250,13 @@ int main(int argc, char *argv[])
dbg = dbg_syslog;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, dmn_name))
{
library_deinit();
exit(status);
}
- if (!libhydra_init(dmn_name))
+ if (!libhydra_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
libhydra_deinit();
@@ -264,7 +264,7 @@ int main(int argc, char *argv[])
exit(status);
}
- if (!libcharon_init(dmn_name))
+ if (!libcharon_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
goto deinit;
@@ -288,10 +288,6 @@ int main(int argc, char *argv[])
static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN),
- PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
@@ -302,6 +298,12 @@ int main(int argc, char *argv[])
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
countof(features), TRUE);
+ if (!register_dh_mapping())
+ {
+ DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
+ goto deinit;
+ }
+
/* register TKM keymat variant */
keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
@@ -380,6 +382,7 @@ int main(int argc, char *argv[])
lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
deinit:
+ destroy_dh_mapping();
libcharon_deinit();
libhydra_deinit();
library_deinit();
diff --git a/src/charon-tkm/src/tkm/tkm.c b/src/charon-tkm/src/tkm/tkm.c
index a39221dc2..61eb6056c 100644
--- a/src/charon-tkm/src/tkm/tkm.c
+++ b/src/charon-tkm/src/tkm/tkm.c
@@ -61,7 +61,7 @@ bool tkm_init()
ehandler_init();
ikesock = lib->settings->get_str(lib->settings, "%s.ike_socket", IKE_SOCKET,
- charon->name);
+ lib->ns);
if (ike_init(ikesock) != TKM_OK)
{
tkmlib_final();
@@ -70,7 +70,7 @@ bool tkm_init()
DBG1(DBG_DMN, "connected to TKM via socket '%s'", ikesock);
eessock = lib->settings->get_str(lib->settings, "%s.ees_socket", EES_SOCKET,
- charon->name);
+ lib->ns);
ees_server_init(eessock);
DBG1(DBG_DMN, "serving EES requests on socket '%s'", eessock);
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index 19f57de01..a34d0b1d4 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -21,10 +21,13 @@
#include "tkm_utils.h"
#include "tkm_diffie_hellman.h"
-#include <utils/debug.h>
+#include <daemon.h>
+#include <collections/hashtable.h>
typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t;
+static hashtable_t *group_map = NULL;
+
/**
* Private data of a tkm_diffie_hellman_t object.
*/
@@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type,
return this->context_id;
}
+static u_int hash(void *key)
+{
+ diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
+ return chunk_hash(chunk_from_thing(k));
+}
+
+static bool equals(void *key, void *other_key)
+{
+ return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
+}
+
+/*
+ * Described in header.
+ */
+int register_dh_mapping()
+{
+ int count, i;
+ char *iana_id_str, *tkm_id_str;
+ diffie_hellman_group_t *iana_id;
+ u_int64_t *tkm_id;
+ hashtable_t *map;
+ enumerator_t *enumerator;
+
+ map = hashtable_create((hashtable_hash_t)hash,
+ (hashtable_equals_t)equals, 16);
+
+ enumerator = lib->settings->create_key_value_enumerator(lib->settings,
+ "%s.dh_mapping",
+ lib->ns);
+
+ while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
+ {
+ iana_id = malloc_thing(diffie_hellman_group_t);
+ *iana_id = settings_value_as_int(iana_id_str, 0);
+ tkm_id = malloc_thing(u_int64_t);
+ *tkm_id = settings_value_as_int(tkm_id_str, 0);
+
+ map->put(map, iana_id, tkm_id);
+ }
+ enumerator->destroy(enumerator);
+
+ count = map->get_count(map);
+ plugin_feature_t f[count + 1];
+ f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
+
+ i = 1;
+ enumerator = map->create_enumerator(map);
+ while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
+ {
+ f[i] = PLUGIN_PROVIDE(DH, *iana_id);
+ i++;
+ }
+ enumerator->destroy(enumerator);
+
+ lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
+
+ if (count > 0)
+ {
+ group_map = map;
+ }
+ else
+ {
+ map->destroy(map);
+ }
+
+ return count;
+}
+
+/*
+ * Described in header.
+ */
+void destroy_dh_mapping()
+{
+ enumerator_t *enumerator;
+ char *key, *value;
+
+ if (group_map)
+ {
+ enumerator = group_map->create_enumerator(group_map);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ free(key);
+ free(value);
+ }
+ enumerator->destroy(enumerator);
+ group_map->destroy(group_map);
+ }
+}
+
/*
* Described in header.
*/
@@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
{
private_tkm_diffie_hellman_t *this;
+ if (!group_map)
+ {
+ return NULL;
+ }
+
INIT(this,
.public = {
.dh = {
@@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
return NULL;
}
- if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK)
+ u_int64_t *dha_id = group_map->get(group_map, &group);
+ if (!dha_id)
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK)
{
free(this);
return NULL;
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
index a144303fa..d38a414d8 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
@@ -47,6 +47,19 @@ struct tkm_diffie_hellman_t {
};
/**
+ * Loads IANA DH group identifier to TKM id mapping from config and registers
+ * the corresponding DH features.
+ *
+ * @return number of registered mappings
+ */
+int register_dh_mapping();
+
+/**
+ * Destroy IANA DH group identifier to TKM id mapping.
+ */
+void destroy_dh_mapping();
+
+/**
* Creates a new tkm_diffie_hellman_t object.
*
* @param group Diffie Hellman group number to use
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c
index 407d0a87f..0fadf1acf 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.c
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.c
@@ -17,7 +17,6 @@
#include "tkm_id_manager.h"
#include <utils/debug.h>
-#include <collections/linked_list.h>
#include <threading/rwlock.h>
#define TKM_LIMIT 100
diff --git a/src/charon-tkm/tests/chunk_map_tests.c b/src/charon-tkm/tests/chunk_map_tests.c
index 6deef9a80..1283a787c 100644
--- a/src/charon-tkm/tests/chunk_map_tests.c
+++ b/src/charon-tkm/tests/chunk_map_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_chunk_map.h"
@@ -48,11 +48,20 @@ START_TEST(test_chunk_map_handling)
}
END_TEST
-TCase *make_chunk_map_tests(void)
+Suite *make_chunk_map_tests()
{
- TCase *tc = tcase_create("Chunk map tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("chunk map");
+
+ tc = tcase_create("creating");
tcase_add_test(tc, test_chunk_map_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("handling");
tcase_add_test(tc, test_chunk_map_handling);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c
index ffe99614d..89658a770 100644
--- a/src/charon-tkm/tests/diffie_hellman_tests.c
+++ b/src/charon-tkm/tests/diffie_hellman_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <daemon.h>
+#include <tests/test_suite.h>
#include "tkm_diffie_hellman.h"
@@ -49,11 +50,20 @@ START_TEST(test_dh_get_my_pubvalue)
}
END_TEST
-TCase *make_diffie_hellman_tests(void)
+Suite *make_diffie_hellman_tests()
{
- TCase *tc = tcase_create("Diffie-Hellman tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("Diffie-Hellman");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_dh_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get_my_pubvalue");
tcase_add_test(tc, test_dh_get_my_pubvalue);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c
index 15522f118..8157496ca 100644
--- a/src/charon-tkm/tests/id_manager_tests.c
+++ b/src/charon-tkm/tests/id_manager_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_id_manager.h"
@@ -135,16 +135,28 @@ START_TEST(test_release_id_nonexistent)
}
END_TEST
-TCase *make_id_manager_tests(void)
+Suite *make_id_manager_tests()
{
- TCase *tc = tcase_create("Context id manager tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("context id manager");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_id_mgr_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("acquire");
tcase_add_test(tc, test_acquire_id);
tcase_add_test(tc, test_acquire_id_invalid_kind);
tcase_add_test(tc, test_acquire_id_same);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("release");
tcase_add_test(tc, test_release_id);
tcase_add_test(tc, test_release_id_invalid_kind);
tcase_add_test(tc, test_release_id_nonexistent);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c
index 11785602d..6f0b396d3 100644
--- a/src/charon-tkm/tests/kernel_sad_tests.c
+++ b/src/charon-tkm/tests/kernel_sad_tests.c
@@ -14,7 +14,7 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
#include "tkm_kernel_sad.h"
@@ -107,16 +107,31 @@ START_TEST(test_remove_nonexistent)
}
END_TEST
-TCase *make_kernel_sad_tests(void)
+Suite *make_kernel_sad_tests()
{
- TCase *tc = tcase_create("Kernel SAD tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("kernel SAD tests");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_sad_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("insert");
tcase_add_test(tc, test_insert);
tcase_add_test(tc, test_insert_duplicate);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get_esa_id");
tcase_add_test(tc, test_get_esa_id);
tcase_add_test(tc, test_get_esa_id_nonexistent);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("remove");
tcase_add_test(tc, test_remove);
tcase_add_test(tc, test_remove_nonexistent);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c
index 2a7525d4e..1982671d3 100644
--- a/src/charon-tkm/tests/keymat_tests.c
+++ b/src/charon-tkm/tests/keymat_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <daemon.h>
#include <hydra.h>
#include <config/proposal.h>
@@ -139,11 +140,20 @@ START_TEST(test_derive_child_keys)
}
END_TEST
-TCase *make_keymat_tests(void)
+Suite *make_keymat_tests()
{
- TCase *tc = tcase_create("Keymat tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("keymat");
+
+ tc = tcase_create("derive IKE keys");
tcase_add_test(tc, test_derive_ike_keys);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("derive CHILD keys");
tcase_add_test(tc, test_derive_child_keys);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c
index 3a1effab8..6f524cb22 100644
--- a/src/charon-tkm/tests/nonceg_tests.c
+++ b/src/charon-tkm/tests/nonceg_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <tkm/client.h>
#include "tkm.h"
@@ -82,12 +83,24 @@ START_TEST(test_nonceg_get_nonce)
}
END_TEST
-TCase *make_nonceg_tests(void)
+Suite *make_nonceg_tests()
{
- TCase *tc = tcase_create("Nonce generator tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("nonce generator");
+
+ tc = tcase_create("creation");
tcase_add_test(tc, test_nonceg_creation);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("allocate");
tcase_add_test(tc, test_nonceg_allocate_nonce);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get");
tcase_add_test(tc, test_nonceg_get_nonce);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon-tkm/tests/test_runner.c b/src/charon-tkm/tests/test_runner.c
deleted file mode 100644
index 5ae032935..000000000
--- a/src/charon-tkm/tests/test_runner.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (C) 2012 Reto Buerki
- * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <library.h>
-#include <hydra.h>
-#include <daemon.h>
-
-#include "tkm.h"
-#include "tkm_nonceg.h"
-#include "tkm_diffie_hellman.h"
-#include "tkm_kernel_ipsec.h"
-#include "test_runner.h"
-
-int main(void)
-{
- library_init(NULL);
- libhydra_init("test_runner");
- libcharon_init("test_runner");
-
- lib->settings->set_int(lib->settings, "test_runner.filelog.stdout.default",
- 1);
- charon->load_loggers(charon, NULL, FALSE);
-
- /* Register TKM specific plugins */
- static plugin_feature_t features[] = {
- PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
- PLUGIN_PROVIDE(NONCE_GEN),
- PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
- PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
- };
- lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
- countof(features), TRUE);
-
- if (!charon->initialize(charon, PLUGINS))
- {
- fprintf(stderr, "Unable to init charon");
- return EXIT_FAILURE;
- }
-
- if (!tkm_init())
- {
- fprintf(stderr, "Could not connect to TKM, aborting tests\n");
- return EXIT_FAILURE;
- }
-
- int number_failed;
- Suite *s = suite_create("TKM tests");
- suite_add_tcase(s, make_id_manager_tests());
- suite_add_tcase(s, make_chunk_map_tests());
- suite_add_tcase(s, make_utility_tests());
- suite_add_tcase(s, make_nonceg_tests());
- suite_add_tcase(s, make_diffie_hellman_tests());
- suite_add_tcase(s, make_keymat_tests());
- suite_add_tcase(s, make_kernel_sad_tests());
-
- SRunner *sr = srunner_create(s);
-
- srunner_run_all(sr, CK_NORMAL);
- number_failed = srunner_ntests_failed(sr);
-
- tkm_deinit();
- libcharon_deinit();
- libhydra_deinit();
- library_deinit();
- srunner_free(sr);
-
- return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
-}
diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
new file mode 100644
index 000000000..18754c717
--- /dev/null
+++ b/src/charon-tkm/tests/tests.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <tests/test_runner.h>
+
+#include <library.h>
+#include <hydra.h>
+#include <daemon.h>
+
+#include "tkm.h"
+#include "tkm_nonceg.h"
+#include "tkm_diffie_hellman.h"
+#include "tkm_kernel_ipsec.h"
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, args) \
+ { .suite = x, .feature = PLUGIN_DEPENDS(type, args) },
+#include "tests.h"
+ { .suite = NULL, }
+};
+
+static bool tkm_initialized = false;
+
+static bool test_runner_init(bool init)
+{
+ bool result = TRUE;
+
+ if (init)
+ {
+ libhydra_init();
+ libcharon_init();
+ lib->settings->set_int(lib->settings,
+ "test_runner.filelog.stdout.default", 0);
+ charon->load_loggers(charon, NULL, FALSE);
+
+ /* Register TKM specific plugins */
+ static plugin_feature_t features[] = {
+ PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
+ PLUGIN_PROVIDE(NONCE_GEN),
+ PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
+ PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+ };
+ lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
+ countof(features), TRUE);
+
+ lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
+ lib->ns, MODP_3072_BIT);
+ lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
+ lib->ns, MODP_4096_BIT);
+ register_dh_mapping();
+
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
+ PLUGINS);
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
+ PLUGINS);
+ plugin_loader_add_plugindirs(BUILDDIR "/src/libcharon/plugins",
+ PLUGINS);
+ if (charon->initialize(charon, PLUGINS))
+ {
+ if (!tkm_initialized)
+ {
+ if (!tkm_init())
+ {
+ return FALSE;
+ }
+ tkm_initialized = true;
+ }
+ return TRUE;
+ }
+ result = FALSE;
+ }
+
+ destroy_dh_mapping();
+ libcharon_deinit();
+ libhydra_deinit();
+ return result;
+}
+
+int main(int argc, char *argv[])
+{
+ bool result;
+
+ /* disable leak detective because of how tkm_init/deinit is called, which
+ * does not work otherwise due to limitations of the external libraries */
+ setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
+
+ result = test_runner_run("tkm", tests, test_runner_init);
+ tkm_deinit();
+
+ return result;
+}
diff --git a/src/charon-tkm/tests/test_runner.h b/src/charon-tkm/tests/tests.h
index 236a7f2a6..fb5e96a9c 100644
--- a/src/charon-tkm/tests/test_runner.h
+++ b/src/charon-tkm/tests/tests.h
@@ -14,17 +14,10 @@
* for more details.
*/
-#ifndef TEST_RUNNER_H_
-#define TEST_RUNNER_H_
-
-#include <check.h>
-
-TCase *make_id_manager_tests(void);
-TCase *make_chunk_map_tests(void);
-TCase *make_utility_tests(void);
-TCase *make_nonceg_tests(void);
-TCase *make_diffie_hellman_tests(void);
-TCase *make_keymat_tests(void);
-TCase *make_kernel_sad_tests(void);
-
-#endif /** TEST_RUNNER_H_ */
+TEST_SUITE(make_id_manager_tests)
+TEST_SUITE(make_chunk_map_tests)
+TEST_SUITE(make_utility_tests)
+TEST_SUITE(make_nonceg_tests)
+TEST_SUITE(make_diffie_hellman_tests)
+TEST_SUITE(make_keymat_tests)
+TEST_SUITE(make_kernel_sad_tests)
diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c
index b3ead7633..0a4d6fbd2 100644
--- a/src/charon-tkm/tests/utils_tests.c
+++ b/src/charon-tkm/tests/utils_tests.c
@@ -14,7 +14,8 @@
* for more details.
*/
-#include <check.h>
+#include <tests/test_suite.h>
+
#include <tkm/types.h>
#include "tkm_utils.h"
@@ -53,11 +54,17 @@ START_TEST(test_chunk_to_sequence)
}
END_TEST
-TCase *make_utility_tests(void)
+Suite *make_utility_tests()
{
- TCase *tc = tcase_create("Utility tests");
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("utility tests");
+
+ tc = tcase_create("chunk<->sequence");
tcase_add_test(tc, test_sequence_to_chunk);
tcase_add_test(tc, test_chunk_to_sequence);
+ suite_add_tcase(s, tc);
- return tc;
+ return s;
}
diff --git a/src/charon/Android.mk b/src/charon/Android.mk
index 1dd27d534..852d73c10 100644
--- a/src/charon/Android.mk
+++ b/src/charon/Android.mk
@@ -8,7 +8,6 @@ charon.c
# build charon -----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libcharon \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 0bb2e67bf..f3b7cfd56 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -188,8 +188,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -257,6 +255,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -345,12 +348,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -365,6 +372,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 340f852cd..089ac4570 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
dbg = dbg_stderr;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "charon"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -303,7 +303,7 @@ int main(int argc, char *argv[])
exit(SS_RC_DAEMON_INTEGRITY);
}
- if (!libhydra_init("charon"))
+ if (!libhydra_init())
{
dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
libhydra_deinit();
@@ -311,7 +311,7 @@ int main(int argc, char *argv[])
exit(SS_RC_INITIALIZATION_FAILED);
}
- if (!libcharon_init("charon"))
+ if (!libcharon_init())
{
dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
goto deinit;
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index a22e91ed1..d172b1545 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -4,15 +4,16 @@ ipseclib_LTLIBRARIES = $(LIBCHECKSUM_LIBS)
nodist_libchecksum_la_SOURCES = checksum.c
libchecksum_la_LDFLAGS = -module -avoid-version -rpath '$(ipseclibdir)'
-noinst_PROGRAMS = checksum_builder
+EXTRA_PROGRAMS = checksum_builder
checksum_builder_SOURCES = checksum_builder.c
checksum_builder_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libhydra/libhydra.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(DLLIB)
+checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)'
-CLEANFILES = checksum.c
+CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
@@ -88,28 +89,28 @@ endif
if USE_CHARON
deps += $(top_builddir)/src/libcharon/libcharon.la
libs += $(DESTDIR)$(ipseclibdir)/libcharon.so
- exes += $(top_builddir)/src/charon/.libs/charon
+ exes += $(DESTDIR)$(ipsecdir)/charon
if !MONOLITHIC
AM_CPPFLAGS += -DC_PLUGINS=\""${c_plugins}\""
endif
endif
if USE_CMD
- exes += $(top_builddir)/src/charon-cmd/.libs/charon-cmd
+ exes += $(DESTDIR)$(sbindir)/charon-cmd
endif
if USE_TOOLS
- exes += $(top_builddir)/src/openac/.libs/openac
- exes += $(top_builddir)/src/pki/.libs/pki
- exes += $(top_builddir)/src/scepclient/.libs/scepclient
+ exes += $(DESTDIR)$(ipsecdir)/openac
+ exes += $(DESTDIR)$(ipsecdir)/scepclient
+ exes += $(DESTDIR)$(bindir)/pki
endif
if USE_ATTR_SQL
- exes += $(top_builddir)/src/pool/.libs/pool
+ exes += $(DESTDIR)$(ipsecdir)/pool
endif
if USE_IMV_ATTESTATION
- exes += $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest
+ exes += $(DESTDIR)$(ipsecdir)/attest
endif
checksum.c : checksum_builder $(deps) $(exes)
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 738133643..cdfbf1016 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -14,7 +14,6 @@
@SET_MAKE@
-
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -79,7 +78,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-noinst_PROGRAMS = checksum_builder$(EXEEXT)
+EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@MONOLITHIC_FALSE@am__append_1 = -DS_PLUGINS=\""${s_plugins}\""
@USE_LIBHYDRA_TRUE@am__append_2 = $(top_builddir)/src/libhydra/libhydra.la
@USE_LIBHYDRA_TRUE@am__append_3 = $(DESTDIR)$(ipseclibdir)/libhydra.so
@@ -103,15 +102,14 @@ noinst_PROGRAMS = checksum_builder$(EXEEXT)
@USE_PTS_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so
@USE_CHARON_TRUE@am__append_22 = $(top_builddir)/src/libcharon/libcharon.la
@USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so
-@USE_CHARON_TRUE@am__append_24 = $(top_builddir)/src/charon/.libs/charon
+@USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon
@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_25 = -DC_PLUGINS=\""${c_plugins}\""
-@USE_CMD_TRUE@am__append_26 = $(top_builddir)/src/charon-cmd/.libs/charon-cmd
-@USE_TOOLS_TRUE@am__append_27 = \
-@USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \
-@USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \
-@USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient
-@USE_ATTR_SQL_TRUE@am__append_28 = $(top_builddir)/src/pool/.libs/pool
-@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest
+@USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd
+@USE_TOOLS_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/openac \
+@USE_TOOLS_TRUE@ $(DESTDIR)$(ipsecdir)/scepclient \
+@USE_TOOLS_TRUE@ $(DESTDIR)$(bindir)/pki
+@USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool
+@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -172,7 +170,6 @@ libchecksum_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(libchecksum_la_LDFLAGS) $(LDFLAGS) -o \
$@
-PROGRAMS = $(noinst_PROGRAMS)
am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT)
checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS)
am__DEPENDENCIES_1 =
@@ -181,6 +178,10 @@ checksum_builder_DEPENDENCIES = \
$(top_builddir)/src/libhydra/libhydra.la \
$(top_builddir)/src/libcharon/libcharon.la \
$(am__DEPENDENCIES_1)
+checksum_builder_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(checksum_builder_LDFLAGS) $(LDFLAGS) \
+ -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -256,8 +257,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -325,6 +324,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -413,12 +417,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -433,6 +441,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -456,7 +465,8 @@ checksum_builder_LDADD = \
$(top_builddir)/src/libcharon/libcharon.la \
$(DLLIB)
-CLEANFILES = checksum.c
+checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)'
+CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
@@ -552,18 +562,9 @@ clean-ipseclibLTLIBRARIES:
libchecksum.la: $(libchecksum_la_OBJECTS) $(libchecksum_la_DEPENDENCIES) $(EXTRA_libchecksum_la_DEPENDENCIES)
$(AM_V_CCLD)$(libchecksum_la_LINK) $(libchecksum_la_OBJECTS) $(libchecksum_la_LIBADD) $(LIBS)
-clean-noinstPROGRAMS:
- @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
checksum_builder$(EXEEXT): $(checksum_builder_OBJECTS) $(checksum_builder_DEPENDENCIES) $(EXTRA_checksum_builder_DEPENDENCIES)
@rm -f checksum_builder$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(checksum_builder_LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -688,7 +689,7 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+all-am: Makefile $(LTLIBRARIES)
installdirs:
for dir in "$(DESTDIR)$(ipseclibdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
@@ -727,7 +728,7 @@ maintainer-clean-generic:
clean: clean-am
clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
- clean-local clean-noinstPROGRAMS mostlyclean-am
+ clean-local mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -801,19 +802,19 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-ipseclibLTLIBRARIES clean-libtool clean-local \
- clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am \
- install-data-hook install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipseclibLTLIBRARIES install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-hook uninstall-ipseclibLTLIBRARIES
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipseclibLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-hook \
+ uninstall-ipseclibLTLIBRARIES
checksum.c : checksum_builder $(deps) $(exes)
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index bccd269cf..cc8185ecd 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -23,9 +23,6 @@
#include <daemon.h>
#include <collections/enumerator.h>
-/* we need to fake the pluto symbol to dlopen() the xauth plugin */
-void *pluto;
-
/**
* Integrity checker
*/
@@ -139,7 +136,7 @@ int main(int argc, char* argv[])
/* avoid confusing leak reports in build process */
setenv("LEAK_DETECTIVE_DISABLE", "1", 0);
/* don't use a strongswan.conf, forces integrity check to disabled */
- library_init("");
+ library_init("", "checksum_builder");
atexit(library_deinit);
integrity = integrity_checker_create(NULL);
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 73bf7240c..ee6bf57f5 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -202,8 +202,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -271,6 +269,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -359,12 +362,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -379,6 +386,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index faf9df91f..584a2698a 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -81,7 +81,7 @@ static bool load_configs(char *suite_file, char *test_file)
}
conftest->test = settings_create(suite_file);
conftest->test->load_files(conftest->test, test_file, TRUE);
- conftest->suite_dir = strdup(dirname(suite_file));
+ conftest->suite_dir = path_dirname(suite_file);
return TRUE;
}
@@ -435,18 +435,18 @@ int main(int argc, char *argv[])
char *suite_file = "suite.conf", *test_file = NULL, *preload, *plugins;
file_logger_t *logger;
- if (!library_init(NULL))
+ if (!library_init(NULL, "conftest"))
{
library_deinit();
return SS_RC_LIBSTRONGSWAN_INTEGRITY;
}
- if (!libhydra_init("conftest"))
+ if (!libhydra_init())
{
libhydra_deinit();
library_deinit();
return SS_RC_INITIALIZATION_FAILED;
}
- if (!libcharon_init("conftest"))
+ if (!libcharon_init())
{
libcharon_deinit();
libhydra_deinit();
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index ab818f1be..f1628ef69 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -223,8 +223,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h
index b9334dc96..6869e3563 100644
--- a/src/dumm/cowfs.h
+++ b/src/dumm/cowfs.h
@@ -64,7 +64,7 @@ struct cowfs_t {
* @param master read only master file system directory
* @param host copy on write host directory
* @param mount mountpoint where union is mounted
- * @return instance, or NULL if FUSE initalization failed
+ * @return instance, or NULL if FUSE initialization failed
*/
cowfs_t *cowfs_create(char *master, char *host, char *mount);
diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c
index 5acda3a9c..03ecbe40d 100644
--- a/src/dumm/ext/dumm.c
+++ b/src/dumm/ext/dumm.c
@@ -774,7 +774,7 @@ void Init_dumm()
/* there are too many to report, rubyruby... */
setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
- library_init(NULL);
+ library_init(NULL, "dumm");
dumm = dumm_create(NULL);
diff --git a/src/dumm/main.c b/src/dumm/main.c
index 4cdf4682f..a53e1f67c 100644
--- a/src/dumm/main.c
+++ b/src/dumm/main.c
@@ -479,7 +479,7 @@ int main(int argc, char *argv[])
enumerator_t *enumerator;
guest_t *guest;
- library_init(NULL);
+ library_init(NULL, "dumm");
gtk_init(&argc, &argv);
pages = linked_list_create();
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 1e301feb0..1987dbde5 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -131,8 +131,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 091519292..69b736a7a 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -165,8 +165,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 9548f9b15..b7d820e21 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.1.1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.1.2rc2" "strongSwan"
.
.SH NAME
.
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index 0fe88efb4..cc5220973 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -217,7 +217,6 @@ endif
# build libcharon --------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 4413d69c0..5f8453616 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -715,8 +715,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -784,6 +782,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -872,12 +875,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -892,6 +899,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index cb6f6ca0e..c74daa0cc 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -14,12 +14,12 @@
* for more details.
*/
-#include "ike_cfg.h"
-
+#define _GNU_SOURCE /* for stdndup() */
#include <string.h>
-#include <daemon.h>
+#include "ike_cfg.h"
+#include <daemon.h>
ENUM(ike_version_names, IKE_ANY, IKEV2,
"IKEv1/2",
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 1f3f2ba8b..891d1be84 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -741,6 +741,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
case ECP_256_BP:
case ECP_384_BP:
case ECP_512_BP:
+ case NTRU_112_BIT:
+ case NTRU_128_BIT:
+ case NTRU_192_BIT:
+ case NTRU_256_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index 5e3ae72b9..0cecd1d3b 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -181,7 +181,7 @@ static void handle_syslog_identifier(private_daemon_t *this)
char *identifier;
identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier",
- NULL, charon->name);
+ NULL, lib->ns);
if (identifier)
{ /* set identifier, which is prepended to each log line */
if (!this->syslog_identifier ||
@@ -292,15 +292,15 @@ static void load_sys_logger(private_daemon_t *this, char *facility,
sys_logger = add_sys_logger(this, facility, current_loggers);
sys_logger->set_options(sys_logger,
lib->settings->get_bool(lib->settings, "%s.syslog.%s.ike_name",
- FALSE, charon->name, facility));
+ FALSE, lib->ns, facility));
def = lib->settings->get_int(lib->settings, "%s.syslog.%s.default", 1,
- charon->name, facility);
+ lib->ns, facility);
for (group = 0; group < DBG_MAX; group++)
{
sys_logger->set_level(sys_logger, group,
lib->settings->get_int(lib->settings, "%s.syslog.%s.%N", def,
- charon->name, facility, debug_lower_names, group));
+ lib->ns, facility, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &sys_logger->logger);
}
@@ -318,25 +318,25 @@ static void load_file_logger(private_daemon_t *this, char *filename,
char *time_format;
time_format = lib->settings->get_str(lib->settings,
- "%s.filelog.%s.time_format", NULL, charon->name, filename);
+ "%s.filelog.%s.time_format", NULL, lib->ns, filename);
ike_name = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.ike_name", FALSE, charon->name, filename);
+ "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
flush_line = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.flush_line", FALSE, charon->name, filename);
+ "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
append = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.append", TRUE, charon->name, filename);
+ "%s.filelog.%s.append", TRUE, lib->ns, filename);
file_logger = add_file_logger(this, filename, current_loggers);
file_logger->set_options(file_logger, time_format, ike_name);
file_logger->open(file_logger, flush_line, append);
def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
- charon->name, filename);
+ lib->ns, filename);
for (group = 0; group < DBG_MAX; group++)
{
file_logger->set_level(file_logger, group,
lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
- charon->name, filename, debug_lower_names, group));
+ lib->ns, filename, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &file_logger->logger);
}
@@ -353,7 +353,7 @@ METHOD(daemon_t, load_loggers, void,
current_loggers = this->loggers;
this->loggers = linked_list_create();
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.syslog", charon->name);
+ "%s.syslog", lib->ns);
while (enumerator->enumerate(enumerator, &target))
{
load_sys_logger(this, target, current_loggers);
@@ -361,7 +361,7 @@ METHOD(daemon_t, load_loggers, void,
enumerator->destroy(enumerator);
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.filelog", charon->name);
+ "%s.filelog", lib->ns);
while (enumerator->enumerate(enumerator, &target))
{
load_file_logger(this, target, current_loggers);
@@ -473,7 +473,6 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.bus);
this->loggers->destroy_function(this->loggers, (void*)logger_entry_destroy);
this->mutex->destroy(this->mutex);
- free((void*)this->public.name);
free(this);
}
@@ -483,7 +482,7 @@ METHOD(daemon_t, start, void,
/* start the engine, go multithreaded */
lib->processor->set_threads(lib->processor,
lib->settings->get_int(lib->settings, "%s.threads",
- DEFAULT_THREADS, charon->name));
+ DEFAULT_THREADS, lib->ns));
}
@@ -525,7 +524,7 @@ METHOD(daemon_t, initialize, bool,
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_DEPENDS(CUSTOM, "socket"),
};
- lib->plugins->add_static_features(lib->plugins, charon->name, features,
+ lib->plugins->add_static_features(lib->plugins, lib->ns, features,
countof(features), TRUE);
/* load plugins, further infrastructure may need it */
@@ -558,7 +557,7 @@ METHOD(daemon_t, initialize, bool,
/**
* Create the daemon.
*/
-private_daemon_t *daemon_create(const char *name)
+private_daemon_t *daemon_create()
{
private_daemon_t *this;
@@ -569,7 +568,6 @@ private_daemon_t *daemon_create(const char *name)
.load_loggers = _load_loggers,
.set_level = _set_level,
.bus = bus_create(),
- .name = strdup(name ?: "libcharon"),
},
.loggers = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
@@ -607,7 +605,7 @@ void libcharon_deinit()
/**
* Described in header.
*/
-bool libcharon_init(const char *name)
+bool libcharon_init()
{
private_daemon_t *this;
@@ -618,7 +616,7 @@ bool libcharon_init(const char *name)
return !this->integrity_failed;
}
- this = daemon_create(name);
+ this = daemon_create();
/* for uncritical pseudo random numbers */
srandom(time(NULL) + getpid());
diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index 24e623c44..36242bb04 100644
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -272,11 +272,6 @@ struct daemon_t {
#endif /* ME */
/**
- * Name of the binary that uses the library (used for settings etc.)
- */
- const char *name;
-
- /**
* Initialize the daemon.
*
* @param plugins list of plugins to load
@@ -324,12 +319,11 @@ extern daemon_t *charon;
* calling initialize().
*
* libcharon_init() may be called multiple times in a single process, but each
- * caller should call libcharon_deinit() for each call to libcharon_init().
+ * caller must call libcharon_deinit() for each call to libcharon_init().
*
- * @param name name of the binary that uses the library
* @return FALSE if integrity check failed
*/
-bool libcharon_init(const char *name);
+bool libcharon_init();
/**
* Deinitialize libcharon and destroy the "charon" instance of daemon_t.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index f7a13d728..889ad6358 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_
"ME_CONNECT_FAILED");
ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_NOTIFY_STATUS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -109,8 +109,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
"SECURE PASSWORD_METHOD",
"PSK_PERSIST",
"PSK_CONFIRM",
- "ERX_SUPPORTED");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED,
+ "ERX_SUPPORTED",
+ "IFOM_CAPABILITY");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -171,7 +172,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S
"ME_CONN_FAIL");
ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_STATUS");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -215,8 +216,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STA
"SEC_PASSWD",
"PSK_PST",
"PSK_CFM",
- "ERX_SUP");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED,
+ "ERX_SUP",
+ "IFOM_CAP");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 847fddc69..c67644a01 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -145,6 +145,8 @@ enum notify_type_t {
PSK_CONFIRM = 16426,
/* EAP Re-authentication Extension, RFC 6867 */
ERX_SUPPORTED = 16427,
+ /* IFOM capability, 3GPP TS 24.303, annex B.2 */
+ IFOM_CAPABILITY = 16428,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 2209f1997..8dfb47b69 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -633,27 +633,27 @@ receiver_t *receiver_create()
);
if (lib->settings->get_bool(lib->settings,
- "%s.dos_protection", TRUE, charon->name))
+ "%s.dos_protection", TRUE, lib->ns))
{
this->cookie_threshold = lib->settings->get_int(lib->settings,
- "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, charon->name);
+ "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, lib->ns);
this->block_threshold = lib->settings->get_int(lib->settings,
- "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, charon->name);
+ "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, lib->ns);
}
this->init_limit_job_load = lib->settings->get_int(lib->settings,
- "%s.init_limit_job_load", 0, charon->name);
+ "%s.init_limit_job_load", 0, lib->ns);
this->init_limit_half_open = lib->settings->get_int(lib->settings,
- "%s.init_limit_half_open", 0, charon->name);
+ "%s.init_limit_half_open", 0, lib->ns);
this->receive_delay = lib->settings->get_int(lib->settings,
- "%s.receive_delay", 0, charon->name);
+ "%s.receive_delay", 0, lib->ns);
this->receive_delay_type = lib->settings->get_int(lib->settings,
- "%s.receive_delay_type", 0, charon->name),
+ "%s.receive_delay_type", 0, lib->ns),
this->receive_delay_request = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_request", TRUE, charon->name),
+ "%s.receive_delay_request", TRUE, lib->ns),
this->receive_delay_response = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_response", TRUE, charon->name),
+ "%s.receive_delay_response", TRUE, lib->ns),
this->initiator_only = lib->settings->get_bool(lib->settings,
- "%s.initiator_only", FALSE, charon->name),
+ "%s.initiator_only", FALSE, lib->ns),
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!this->hasher)
diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c
index dd8efc1ec..bed4f35ce 100644
--- a/src/libcharon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -204,13 +204,13 @@ sender_t * sender_create()
.got = condvar_create(CONDVAR_TYPE_DEFAULT),
.sent = condvar_create(CONDVAR_TYPE_DEFAULT),
.send_delay = lib->settings->get_int(lib->settings,
- "%s.send_delay", 0, charon->name),
+ "%s.send_delay", 0, lib->ns),
.send_delay_type = lib->settings->get_int(lib->settings,
- "%s.send_delay_type", 0, charon->name),
+ "%s.send_delay_type", 0, lib->ns),
.send_delay_request = lib->settings->get_bool(lib->settings,
- "%s.send_delay_request", TRUE, charon->name),
+ "%s.send_delay_request", TRUE, lib->ns),
.send_delay_response = lib->settings->get_bool(lib->settings,
- "%s.send_delay_response", TRUE, charon->name),
+ "%s.send_delay_response", TRUE, lib->ns),
);
lib->processor->queue_job(lib->processor,
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 4a8150291..bc32b5ade 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index f2147f694..6278a6234 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 7d8d12d3b..ae64a8758 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/android_log/android_log_logger.c b/src/libcharon/plugins/android_log/android_log_logger.c
index 48bcaa577..99eb66bb1 100644
--- a/src/libcharon/plugins/android_log/android_log_logger.c
+++ b/src/libcharon/plugins/android_log/android_log_logger.c
@@ -100,7 +100,7 @@ android_log_logger_t *android_log_logger_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.level = lib->settings->get_int(lib->settings,
- "%s.plugins.android_log.loglevel", 1, charon->name),
+ "%s.plugins.android_log.loglevel", 1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 8fcd0f19f..f812770f3 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/certexpire/certexpire_export.c b/src/libcharon/plugins/certexpire/certexpire_export.c
index f1205cfd8..4aa84904b 100644
--- a/src/libcharon/plugins/certexpire/certexpire_export.c
+++ b/src/libcharon/plugins/certexpire/certexpire_export.c
@@ -430,31 +430,31 @@ certexpire_export_t *certexpire_export_create()
(hashtable_equals_t)equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.local_path = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.local",
- NULL, charon->name),
+ "%s.plugins.certexpire.csv.local",
+ NULL, lib->ns),
.remote_path = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.remote",
- NULL, charon->name),
+ "%s.plugins.certexpire.csv.remote",
+ NULL, lib->ns),
.separator = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.separator",
- ",", charon->name),
+ "%s.plugins.certexpire.csv.separator",
+ ",", lib->ns),
.format = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.format",
- "%d:%m:%Y", charon->name),
+ "%s.plugins.certexpire.csv.format",
+ "%d:%m:%Y", lib->ns),
.fixed_fields = lib->settings->get_bool(lib->settings,
- "%s.plugins.certexpire.csv.fixed_fields",
- TRUE, charon->name),
+ "%s.plugins.certexpire.csv.fixed_fields",
+ TRUE, lib->ns),
.empty_string = lib->settings->get_str(lib->settings,
- "%s.plugins.certexpire.csv.empty_string",
- "", charon->name),
+ "%s.plugins.certexpire.csv.empty_string",
+ "", lib->ns),
.force = lib->settings->get_bool(lib->settings,
- "%s.plugins.certexpire.csv.force",
- TRUE, charon->name),
+ "%s.plugins.certexpire.csv.force",
+ TRUE, lib->ns),
);
cron = lib->settings->get_str(lib->settings,
"%s.plugins.certexpire.csv.cron",
- NULL, charon->name);
+ NULL, lib->ns);
if (cron)
{
this->cron = certexpire_cron_create(cron,
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 48492595d..d8eb802b7 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c
index 958bd2b6d..fc35462e3 100644
--- a/src/libcharon/plugins/coupling/coupling_validator.c
+++ b/src/libcharon/plugins/coupling/coupling_validator.c
@@ -214,12 +214,11 @@ coupling_validator_t *coupling_validator_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_couplings = lib->settings->get_int(lib->settings,
"%s.plugins.coupling.max", 1,
- charon->name),
+ lib->ns),
);
hash = lib->settings->get_str(lib->settings,
- "%s.plugins.coupling.hash", "sha1",
- charon->name);
+ "%s.plugins.coupling.hash", "sha1", lib->ns);
this->hasher = lib->crypto->create_hasher(lib->crypto,
enum_from_name(hash_algorithm_short_names, hash));
if (!this->hasher)
@@ -230,8 +229,7 @@ coupling_validator_t *coupling_validator_create()
}
path = lib->settings->get_str(lib->settings,
- "%s.plugins.coupling.file", NULL,
- charon->name);
+ "%s.plugins.coupling.file", NULL, lib->ns);
if (!path)
{
DBG1(DBG_CFG, "coupling file path unspecified");
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 4a2ebe7f4..395cd76ea 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 044c8a819..b8c1b4059 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -643,6 +643,28 @@ METHOD(dhcp_socket_t, destroy, void,
}
/**
+ * Bind a socket to a particular interface name
+ */
+static bool bind_to_device(int fd, char *iface)
+{
+ struct ifreq ifreq;
+
+ if (strlen(iface) > sizeof(ifreq.ifr_name))
+ {
+ DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface);
+ return FALSE;
+ }
+ memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name));
+ if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq)))
+ {
+ DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s",
+ iface, strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
* See header
*/
dhcp_socket_t *dhcp_socket_create()
@@ -655,6 +677,7 @@ dhcp_socket_t *dhcp_socket_create()
.s_addr = INADDR_ANY,
},
};
+ char *iface;
int on = 1;
struct sock_filter dhcp_filter_code[] = {
BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
@@ -711,13 +734,15 @@ dhcp_socket_t *dhcp_socket_create()
}
this->identity_lease = lib->settings->get_bool(lib->settings,
"%s.plugins.dhcp.identity_lease", FALSE,
- charon->name);
+ lib->ns);
this->force_dst = lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.force_server_address", FALSE,
- charon->name);
+ lib->ns);
this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.server", "255.255.255.255",
- charon->name), DHCP_SERVER_PORT);
+ lib->ns), DHCP_SERVER_PORT);
+ iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface",
+ NULL, lib->ns);
if (!this->dst)
{
DBG1(DBG_CFG, "configured DHCP server address invalid");
@@ -766,6 +791,15 @@ dhcp_socket_t *dhcp_socket_create()
destroy(this);
return NULL;
}
+ if (iface)
+ {
+ if (!bind_to_device(this->send, iface) ||
+ !bind_to_device(this->receive, iface))
+ {
+ destroy(this);
+ return NULL;
+ }
+ }
lib->watcher->add(lib->watcher, this->receive, WATCHER_READ,
(watcher_cb_t)receive_dhcp, this);
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index c9222c202..4be453ea8 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/dnscert/dnscert_plugin.c b/src/libcharon/plugins/dnscert/dnscert_plugin.c
index 713bc9e3b..1b93480cf 100644
--- a/src/libcharon/plugins/dnscert/dnscert_plugin.c
+++ b/src/libcharon/plugins/dnscert/dnscert_plugin.c
@@ -74,7 +74,7 @@ METHOD(plugin_t, reload, bool,
private_dnscert_plugin_t *this)
{
bool enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.dnscert.enable", FALSE, charon->name);
+ "%s.plugins.dnscert.enable", FALSE, lib->ns);
if (enabled != this->enabled)
{
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index bac7d846f..e9da68ee8 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -225,8 +225,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
index e3a4e17b7..f77b48b09 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
@@ -130,7 +130,7 @@ duplicheck_notify_t *duplicheck_notify_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.duplicheck.socket", "unix://" DUPLICHECK_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 3);
if (!this->service)
{
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
index 4d018dbef..689c795d8 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
@@ -93,7 +93,7 @@ plugin_t *duplicheck_plugin_create()
private_duplicheck_plugin_t *this;
if (!lib->settings->get_bool(lib->settings,
- "%s.plugins.duplicheck.enable", TRUE, charon->name))
+ "%s.plugins.duplicheck.enable", TRUE, lib->ns))
{
return NULL;
}
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 139ce1483..67cf66720 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index b7608382d..eba7af874 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -721,7 +721,7 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
this->permanent = peer->clone(peer);
this->use_reauth = this->use_pseudonym = this->use_permanent =
lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-aka.request_identity", TRUE, charon->name);
+ "%s.plugins.eap-aka.request_identity", TRUE, lib->ns);
/* generate a non-zero identifier */
do {
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 9fb9ef709..7d6ae956c 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index 1bfc39e5a..a71dae78a 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
@@ -177,7 +177,7 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f)
#else /* !SEQ_CHECK */
FALSE,
#endif /* SEQ_CHECK */
- charon->name),
+ lib->ns),
);
eap_aka_3gpp2_get_sqn(this->sqn, 0);
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 61a9da187..6ff0acb32 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
index d24cbd128..3216446af 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
@@ -377,14 +377,14 @@ eap_dynamic_t *eap_dynamic_create(identification_t *server,
.server = server->clone(server),
.types = linked_list_create(),
.prefer_peer = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-dynamic.prefer_peer", FALSE, charon->name),
+ "%s.plugins.eap-dynamic.prefer_peer", FALSE, lib->ns),
);
/* get all supported EAP methods */
get_supported_eap_types(this);
/* move preferred methods to the front */
preferred = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-dynamic.preferred", NULL, charon->name);
+ "%s.plugins.eap-dynamic.preferred", NULL, lib->ns);
if (preferred)
{
handle_preferred_eap_types(this, preferred);
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index c48d95527..99ae94e37 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index 2f64f325c..e751b51b6 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
@@ -149,7 +149,7 @@ METHOD(eap_method_t, process_server, status_t,
/* get XAuth backend to use for credential verification. Default to PAM
* to support legacy EAP-GTC configurations */
backend = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-gtc.backend", "pam", charon->name);
+ "%s.plugins.eap-gtc.backend", "pam", lib->ns);
xauth = charon->xauth->create_instance(charon->xauth, backend, XAUTH_SERVER,
this->server, this->peer);
if (!xauth)
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 01fbe22a5..688879a82 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 6ae97da15..150b131f0 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index bdc6a9d1d..d52f26a9a 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 35ec4db8b..7ac4a6edf 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c
index 8aba703c5..c24dd578c 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap.c
@@ -157,18 +157,18 @@ static eap_peap_t *eap_peap_create(private_eap_peap_t * this,
if (is_server && !lib->settings->get_bool(lib->settings,
"%s.plugins.eap-peap.request_peer_auth", FALSE,
- charon->name))
+ lib->ns))
{
peer = NULL;
}
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.include_length", FALSE, charon->name);
+ "%s.plugins.eap-peap.include_length", FALSE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP,
application, NULL);
this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count,
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 5237cb62c..33b01e95e 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -92,7 +92,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this)
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-peap.phase2_method", "mschapv2",
- charon->name);
+ lib->ns);
type = eap_type_from_string(eap_type_str);
if (type == 0)
{
@@ -129,7 +129,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this)
static status_t start_phase2_tnc(private_eap_peap_server_t *this)
{
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.phase2_tnc", FALSE, charon->name))
+ "%s.plugins.eap-peap.phase2_tnc", FALSE, lib->ns))
{
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_TNC,
@@ -274,7 +274,7 @@ METHOD(tls_application_t, process, status_t,
/* Start Phase 2 of EAP-PEAP authentication */
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-peap.request_peer_auth", FALSE, charon->name))
+ "%s.plugins.eap-peap.request_peer_auth", FALSE, lib->ns))
{
return start_phase2_tnc(this);
}
@@ -425,7 +425,7 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
.start_phase2_tnc = TRUE,
.start_phase2_id = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-peap.phase2_piggyback",
- FALSE, charon->name),
+ FALSE, lib->ns),
.phase2_result = EAP_FAILURE,
.avp = eap_peap_avp_create(TRUE),
);
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index 3064ceadb..3e2bf046d 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 6087a528f..6719497d3 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -188,7 +188,7 @@ void eap_radius_build_attributes(radius_message_t *request)
}
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.station_id_with_port",
- TRUE, charon->name))
+ TRUE, lib->ns))
{
station_id_fmt = "%#H";
}
@@ -573,12 +573,12 @@ static void process_cfg_attributes(radius_message_t *msg)
void eap_radius_process_attributes(radius_message_t *message)
{
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE, charon->name))
+ "%s.plugins.eap-radius.class_group", FALSE, lib->ns))
{
process_class(message);
}
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.filter_id", FALSE, charon->name))
+ "%s.plugins.eap-radius.filter_id", FALSE, lib->ns))
{
process_filter_id(message);
}
@@ -720,10 +720,10 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
.type = EAP_RADIUS,
.eap_start = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.eap_start", FALSE,
- charon->name),
+ lib->ns),
.id_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.id_prefix", "",
- charon->name),
+ lib->ns),
);
this->client = eap_radius_create_client();
if (!this->client)
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index afb661e19..8c780e78d 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -712,7 +712,7 @@ eap_radius_accounting_t *eap_radius_accounting_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
+ "%s.plugins.eap-radius.station_id_with_port", TRUE, lib->ns))
{
this->station_id_fmt = "%#H";
}
@@ -721,14 +721,14 @@ eap_radius_accounting_t *eap_radius_accounting_create()
this->station_id_fmt = "%H";
}
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.accounting", FALSE, charon->name))
+ "%s.plugins.eap-radius.accounting", FALSE, lib->ns))
{
singleton = this;
charon->bus->add_listener(charon->bus, &this->public.listener);
}
this->acct_req_vip = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.accounting_requires_vip",
- FALSE, charon->name);
+ FALSE, lib->ns);
return &this->public;
}
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index f22ddc56f..a0bf99efd 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -452,11 +452,11 @@ static bool open_socket(private_eap_radius_dae_t *this)
host = host_create_from_string(
lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.dae.listen", "0.0.0.0",
- charon->name),
+ "%s.plugins.eap-radius.dae.listen", "0.0.0.0",
+ lib->ns),
lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT,
- charon->name));
+ "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT,
+ lib->ns));
if (!host)
{
DBG1(DBG_CFG, "invalid RADIUS DAE listen address");
@@ -504,7 +504,7 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting)
.secret = {
.ptr = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.dae.secret", NULL,
- charon->name),
+ lib->ns),
},
.hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5),
.signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128),
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
index 3e80e8918..b873e1d69 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c
@@ -438,10 +438,10 @@ eap_radius_forward_t *eap_radius_forward_create()
},
.from_attr = parse_selector(lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.forward.ike_to_radius", "",
- charon->name)),
+ lib->ns)),
.to_attr = parse_selector(lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.forward.radius_to_ike", "",
- charon->name)),
+ lib->ns)),
.from = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 8),
.to = hashtable_create((hashtable_hash_t)hash,
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 90a4ef6de..1a48c07e5 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -100,23 +100,23 @@ static void load_configs(private_eap_radius_plugin_t *this)
int auth_port, acct_port, sockets, preference;
address = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.server", NULL, charon->name);
+ "%s.plugins.eap-radius.server", NULL, lib->ns);
if (address)
{ /* legacy configuration */
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.secret", NULL, charon->name);
+ "%s.plugins.eap-radius.secret", NULL, lib->ns);
if (!secret)
{
DBG1(DBG_CFG, "no RADIUS secret defined");
return;
}
nas_identifier = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-radius.nas_identifier", "strongSwan",
- charon->name);
+ "%s.plugins.eap-radius.nas_identifier", "strongSwan",
+ lib->ns);
auth_port = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.port", AUTH_PORT, charon->name);
+ "%s.plugins.eap-radius.port", AUTH_PORT, lib->ns);
sockets = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-radius.sockets", 1, charon->name);
+ "%s.plugins.eap-radius.sockets", 1, lib->ns);
config = radius_config_create(address, address, auth_port, ACCT_PORT,
nas_identifier, secret, sockets, 0);
if (!config)
@@ -129,12 +129,12 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "%s.plugins.eap-radius.servers", charon->name);
+ "%s.plugins.eap-radius.servers", lib->ns);
while (enumerator->enumerate(enumerator, &section))
{
address = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.address", NULL,
- charon->name, section);
+ lib->ns, section);
if (!address)
{
DBG1(DBG_CFG, "RADIUS server '%s' misses address, skipped", section);
@@ -142,7 +142,7 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
secret = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.secret", NULL,
- charon->name, section);
+ lib->ns, section);
if (!secret)
{
DBG1(DBG_CFG, "RADIUS server '%s' misses secret, skipped", section);
@@ -150,22 +150,22 @@ static void load_configs(private_eap_radius_plugin_t *this)
}
nas_identifier = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.servers.%s.nas_identifier", "strongSwan",
- charon->name, section);
+ lib->ns, section);
auth_port = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.auth_port",
lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.port",
- AUTH_PORT, charon->name, section),
- charon->name, section);
+ AUTH_PORT, lib->ns, section),
+ lib->ns, section);
acct_port = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.acct_port", ACCT_PORT,
- charon->name, section);
+ lib->ns, section);
sockets = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.sockets", 1,
- charon->name, section);
+ lib->ns, section);
preference = lib->settings->get_int(lib->settings,
"%s.plugins.eap-radius.servers.%s.preference", 0,
- charon->name, section);
+ lib->ns, section);
config = radius_config_create(section, address, auth_port, acct_port,
nas_identifier, secret, sockets, preference);
if (!config)
@@ -203,7 +203,7 @@ static bool plugin_cb(private_eap_radius_plugin_t *this,
load_configs(this);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.dae.enable", FALSE, charon->name))
+ "%s.plugins.eap-radius.dae.enable", FALSE, lib->ns))
{
this->dae = eap_radius_dae_create(this->accounting);
}
@@ -368,7 +368,7 @@ void eap_radius_handle_timeout(ike_sa_id_t *id)
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.close_all_on_timeout",
- FALSE, charon->name))
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "deleting all IKE_SAs after RADIUS timeout");
lib->processor->queue_job(lib->processor,
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
index e66bbf38f..d00f6bb2c 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
@@ -256,7 +256,7 @@ static bool parse_rounds(private_eap_radius_xauth_t *this, char *profile)
}
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.eap-radius.xauth.%s", charon->name, profile);
+ "%s.plugins.eap-radius.xauth.%s", lib->ns, profile);
while (enumerator->enumerate(enumerator, &type, &message))
{
bool invalid = TRUE;
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index c9d80681a..3707f64f3 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index 334e2df1d..f22266bda 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -635,7 +635,7 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server,
this->use_reauth = this->use_pseudonym = this->use_permanent =
lib->settings->get_bool(lib->settings,
"%s.plugins.eap-sim.request_identity", TRUE,
- charon->name);
+ lib->ns);
/* generate a non-zero identifier */
do {
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 39995495e..05bbc3129 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 2723f4059..a22a5c355 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 27a9f0c09..189baacbc 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 5c136cec4..33443a1d2 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 86cf3a752..02cf1532c 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
index 6bcc58e66..176321833 100644
--- a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c
@@ -66,7 +66,7 @@ static bool load_db(private_eap_simaka_sql_t *this,
uri = lib->settings->get_str(lib->settings,
"%s.plugins.eap-simaka-sql.database", NULL,
- charon->name);
+ lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "eap-simaka-sql database URI missing");
@@ -80,7 +80,7 @@ static bool load_db(private_eap_simaka_sql_t *this,
}
remove_used = lib->settings->get_bool(lib->settings,
"%s.plugins.eap-simaka-sql.remove_used", FALSE,
- charon->name);
+ lib->ns);
this->provider = eap_simaka_sql_provider_create(this->db, remove_used);
this->card = eap_simaka_sql_card_create(this->db, remove_used);
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index 7be65990c..ec189f895 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c
index 48e38755d..dffbaf266 100644
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@@ -145,12 +145,12 @@ static eap_tls_t *eap_tls_create(identification_t *server,
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-tls.include_length", TRUE, charon->name);
+ "%s.plugins.eap-tls.include_length", TRUE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL, NULL);
this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count,
include_length);
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index e482a7148..6d4ff8756 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index f9ab74258..2147c0482 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -273,10 +273,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
);
max_msg_count = lib->settings->get_int(lib->settings,
- "%s.plugins.eap-tnc.max_message_count",
- EAP_TNC_MAX_MESSAGE_COUNT, charon->name);
+ "%s.plugins.eap-tnc.max_message_count",
+ EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
protocol = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-tnc.protocol", "tnccs-1.1", charon->name);
+ "%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns);
if (strcaseeq(protocol, "tnccs-2.0"))
{
type = TNCCS_2_0;
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index a774ad609..a22b1e220 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index ebd1c5479..703cd3f29 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -147,18 +147,18 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
);
if (is_server && !lib->settings->get_bool(lib->settings,
"%s.plugins.eap-ttls.request_peer_auth", FALSE,
- charon->name))
+ lib->ns))
{
peer = NULL;
}
frag_size = lib->settings->get_int(lib->settings,
"%s.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN,
- charon->name);
+ lib->ns);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT,
- charon->name);
+ lib->ns);
include_length = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.include_length", TRUE, charon->name);
+ "%s.plugins.eap-ttls.include_length", TRUE, lib->ns);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS,
application, NULL);
this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count,
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
index eef8d6682..88c2b88c6 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c
@@ -80,7 +80,7 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this)
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-ttls.phase2_method", "md5",
- charon->name);
+ lib->ns);
type = eap_type_from_string(eap_type_str);
if (type == 0)
{
@@ -115,7 +115,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
eap_inner_method_t *inner_method;
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.phase2_tnc", FALSE, charon->name))
+ "%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
{
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
this->method = charon->eap->create_instance(charon->eap, EAP_TNC,
@@ -242,7 +242,7 @@ METHOD(tls_application_t, process, status_t,
/* Start Phase 2 of EAP-TTLS authentication */
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.request_peer_auth", FALSE, charon->name))
+ "%s.plugins.eap-ttls.request_peer_auth", FALSE, lib->ns))
{
return start_phase2_tnc(this, EAP_TLS);
}
@@ -301,7 +301,7 @@ METHOD(tls_application_t, build, status_t,
if (this->method == NULL && this->start_phase2 &&
lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-ttls.phase2_piggyback", FALSE, charon->name))
+ "%s.plugins.eap-ttls.phase2_piggyback", FALSE, lib->ns))
{
/* generate an EAP Identity request which will be piggybacked right
* onto the TLS Finished message thus initiating EAP-TTLS phase2
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index ad8aba11e..d8a135cc1 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -226,8 +226,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -295,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -383,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -403,6 +410,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c
index aafd0a4cd..959c4c67d 100644
--- a/src/libcharon/plugins/error_notify/error_notify_socket.c
+++ b/src/libcharon/plugins/error_notify/error_notify_socket.c
@@ -142,7 +142,7 @@ error_notify_socket_t *error_notify_socket_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.error-notify.socket", "unix://" ERROR_NOTIFY_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 4d2a32e6f..60c55f01e 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 9948ab3db..2f3263064 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c
index d26c38325..dd55fae8b 100644
--- a/src/libcharon/plugins/ha/ha_attribute.c
+++ b/src/libcharon/plugins/ha/ha_attribute.c
@@ -309,7 +309,7 @@ static void load_pools(private_ha_attribute_t *this)
pool_t *pool;
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.ha.pools", charon->name);
+ "%s.plugins.ha.pools", lib->ns);
while (enumerator->enumerate(enumerator, &name, &net))
{
net = strdup(net);
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
index 5d4cc6184..493cad5ec 100644
--- a/src/libcharon/plugins/ha/ha_plugin.c
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -160,19 +160,19 @@ plugin_t *ha_plugin_create()
bool fifo, monitor, resync;
local = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.local", NULL, charon->name);
+ "%s.plugins.ha.local", NULL, lib->ns);
remote = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.remote", NULL, charon->name);
+ "%s.plugins.ha.remote", NULL, lib->ns);
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.ha.secret", NULL, charon->name);
+ "%s.plugins.ha.secret", NULL, lib->ns);
fifo = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.fifo_interface", TRUE, charon->name);
+ "%s.plugins.ha.fifo_interface", TRUE, lib->ns);
monitor = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.monitor", TRUE, charon->name);
+ "%s.plugins.ha.monitor", TRUE, lib->ns);
resync = lib->settings->get_bool(lib->settings,
- "%s.plugins.ha.resync", TRUE, charon->name);
+ "%s.plugins.ha.resync", TRUE, lib->ns);
count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings,
- "%s.plugins.ha.segment_count", 1, charon->name));
+ "%s.plugins.ha.segment_count", 1, lib->ns));
if (!local || !remote)
{
DBG1(DBG_CFG, "HA config misses local/remote address");
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
index cab38c63d..fc7d7a8b4 100644
--- a/src/libcharon/plugins/ha/ha_segments.c
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -470,12 +470,12 @@ ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
.heartbeat_delay = lib->settings->get_int(lib->settings,
"%s.plugins.ha.heartbeat_delay", DEFAULT_HEARTBEAT_DELAY,
- charon->name),
+ lib->ns),
.heartbeat_timeout = lib->settings->get_int(lib->settings,
"%s.plugins.ha.heartbeat_timeout", DEFAULT_HEARTBEAT_TIMEOUT,
- charon->name),
+ lib->ns),
.autobalance = lib->settings->get_int(lib->settings,
- "%s.plugins.ha.autobalance", 0, charon->name),
+ "%s.plugins.ha.autobalance", 0, lib->ns),
);
if (monitor)
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 5c3d01558..2ee5a49f1 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
index 9bc49ba28..9f00abe8b 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -53,7 +53,7 @@ METHOD(plugin_t, reload, bool,
private_ipseckey_plugin_t *this)
{
bool enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.ipseckey.enable", FALSE, charon->name);
+ "%s.plugins.ipseckey.enable", FALSE, lib->ns);
if (enabled != this->enabled)
{
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index fa28babe4..1726c689c 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index d0744e300..b33580700 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -695,7 +695,7 @@ kernel_libipsec_ipsec_t *kernel_libipsec_ipsec_create()
.policies = linked_list_create(),
.excludes = linked_list_create(),
.allow_peer_ts = lib->settings->get_bool(lib->settings,
- "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, hydra->daemon),
+ "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, lib->ns),
);
ipsec->events->register_listener(ipsec->events, &this->ipsec_listener);
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
index 56f526217..e3b688dd6 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
@@ -144,6 +144,6 @@ plugin_t *kernel_libipsec_plugin_create()
/* set TUN device as default to install VIPs */
lib->settings->set_str(lib->settings, "%s.install_virtual_ip_on",
- this->tun->get_name(this->tun), charon->name);
+ this->tun->get_name(this->tun), lib->ns);
return &this->public.plugin;
}
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 9373703a2..48163aff2 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/led/led_listener.c b/src/libcharon/plugins/led/led_listener.c
index be80bcde2..3351f6614 100644
--- a/src/libcharon/plugins/led/led_listener.c
+++ b/src/libcharon/plugins/led/led_listener.c
@@ -230,12 +230,12 @@ led_listener_t *led_listener_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.blink_time = lib->settings->get_int(lib->settings,
- "%s.plugins.led.blink_time", 50, charon->name),
+ "%s.plugins.led.blink_time", 50, lib->ns),
);
this->activity = open_led(lib->settings->get_str(lib->settings,
- "%s.plugins.led.activity_led", NULL, charon->name),
- &this->activity_max);
+ "%s.plugins.led.activity_led", NULL, lib->ns),
+ &this->activity_max);
set_led(this->activity, 0);
return &this->public;
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 93dd6b486..2369044dd 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -228,8 +228,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -297,6 +295,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -385,12 +388,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -405,6 +412,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index e4e47c1ac..e133190b4 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -236,11 +236,11 @@ static void load_addrs(private_load_tester_config_t *this)
mem_pool_t *pool;
this->keep = lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.addrs_keep", FALSE, charon->name);
+ "%s.plugins.load-tester.addrs_keep", FALSE, lib->ns);
this->prefix = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.addrs_prefix", 16, charon->name);
+ "%s.plugins.load-tester.addrs_prefix", 16, lib->ns);
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.load-tester.addrs", charon->name);
+ "%s.plugins.load-tester.addrs", lib->ns);
while (enumerator->enumerate(enumerator, &iface, &token))
{
tokens = enumerator_create_token(token, ",", " ");
@@ -917,72 +917,71 @@ load_tester_config_t *load_tester_config_create()
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.request_virtual_ip", FALSE, charon->name))
+ "%s.plugins.load-tester.request_virtual_ip", FALSE, lib->ns))
{
this->vip = host_create_from_string("0.0.0.0", 0);
}
this->pool = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.pool", NULL, charon->name);
+ "%s.plugins.load-tester.pool", NULL, lib->ns);
this->initiator = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator", "0.0.0.0", charon->name);
+ "%s.plugins.load-tester.initiator", "0.0.0.0", lib->ns);
this->responder = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder", "127.0.0.1", charon->name);
+ "%s.plugins.load-tester.responder", "127.0.0.1", lib->ns);
this->proposal = proposal_create_from_string(PROTO_IKE,
lib->settings->get_str(lib->settings,
"%s.plugins.load-tester.proposal", "aes128-sha1-modp768",
- charon->name));
+ lib->ns));
if (!this->proposal)
{ /* fallback */
this->proposal = proposal_create_from_string(PROTO_IKE,
"aes128-sha1-modp768");
}
this->esp = proposal_create_from_string(PROTO_ESP,
- lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.esp", "aes128-sha1",
- charon->name));
+ lib->settings->get_str(lib->settings,
+ "%s.plugins.load-tester.esp", "aes128-sha1", lib->ns));
if (!this->esp)
{ /* fallback */
this->esp = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
}
this->ike_rekey = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.ike_rekey", 0, charon->name);
+ "%s.plugins.load-tester.ike_rekey", 0, lib->ns);
this->child_rekey = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.child_rekey", 600, charon->name);
+ "%s.plugins.load-tester.child_rekey", 600, lib->ns);
this->dpd_delay = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dpd_delay", 0, charon->name);
+ "%s.plugins.load-tester.dpd_delay", 0, lib->ns);
this->dpd_timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dpd_timeout", 0, charon->name);
+ "%s.plugins.load-tester.dpd_timeout", 0, lib->ns);
this->initiator_auth = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_auth", "pubkey", charon->name);
+ "%s.plugins.load-tester.initiator_auth", "pubkey", lib->ns);
this->responder_auth = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_auth", "pubkey", charon->name);
+ "%s.plugins.load-tester.responder_auth", "pubkey", lib->ns);
this->initiator_id = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_id", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_id", NULL, lib->ns);
this->initiator_match = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_match", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_match", NULL, lib->ns);
this->responder_id = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_id", NULL, charon->name);
+ "%s.plugins.load-tester.responder_id", NULL, lib->ns);
this->mode = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.mode", NULL, charon->name);
+ "%s.plugins.load-tester.mode", NULL, lib->ns);
this->initiator_tsi = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_tsi", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_tsi", NULL, lib->ns);
this->responder_tsi =lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_tsi",
- this->initiator_tsi, charon->name);
+ "%s.plugins.load-tester.responder_tsi",
+ this->initiator_tsi, lib->ns);
this->initiator_tsr = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.initiator_tsr", NULL, charon->name);
+ "%s.plugins.load-tester.initiator_tsr", NULL, lib->ns);
this->responder_tsr =lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.responder_tsr",
- this->initiator_tsr, charon->name);
+ "%s.plugins.load-tester.responder_tsr",
+ this->initiator_tsr, lib->ns);
this->port = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.dynamic_port", 0, charon->name);
+ "%s.plugins.load-tester.dynamic_port", 0, lib->ns);
this->version = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.version", IKE_ANY, charon->name);
+ "%s.plugins.load-tester.version", IKE_ANY, lib->ns);
load_addrs(this);
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
index f9ec9142f..5f089f5db 100644
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
@@ -302,7 +302,7 @@ load_tester_control_t *load_tester_control_create()
uri = lib->settings->get_str(lib->settings,
"%s.plugins.load-tester.socket", "unix://" LOAD_TESTER_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (this->service)
{
diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 028205bd2..f17d41f46 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@@ -202,7 +202,7 @@ static private_key_t *load_issuer_key()
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.issuer_key", NULL, charon->name);
+ "%s.plugins.load-tester.issuer_key", NULL, lib->ns);
if (!path)
{
return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
@@ -222,7 +222,7 @@ static certificate_t *load_issuer_cert()
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.issuer_cert", NULL, charon->name);
+ "%s.plugins.load-tester.issuer_cert", NULL, lib->ns);
if (!path)
{
return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
@@ -246,7 +246,7 @@ static void load_ca_certs(private_load_tester_creds_t *this)
char *path;
path = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.ca_dir", NULL, charon->name);
+ "%s.plugins.load-tester.ca_dir", NULL, lib->ns);
if (path)
{
enumerator = enumerator_create_directory(path);
@@ -445,11 +445,11 @@ load_tester_creds_t *load_tester_creds_create()
char *pwd, *psk, *digest;
psk = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.preshared_key", default_psk, charon->name);
+ "%s.plugins.load-tester.preshared_key", default_psk, lib->ns);
pwd = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.eap_password", default_pwd, charon->name);
+ "%s.plugins.load-tester.eap_password", default_pwd, lib->ns);
digest = lib->settings->get_str(lib->settings,
- "%s.plugins.load-tester.digest", "sha1", charon->name);
+ "%s.plugins.load-tester.digest", "sha1", lib->ns);
INIT(this,
.public = {
diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c
index 7e832ddc0..068020ef7 100644
--- a/src/libcharon/plugins/load_tester/load_tester_listener.c
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.c
@@ -126,7 +126,7 @@ load_tester_listener_t *load_tester_listener_create(u_int shutdown_on,
},
.delete_after_established = lib->settings->get_bool(lib->settings,
"%s.plugins.load-tester.delete_after_established", FALSE,
- charon->name),
+ lib->ns),
.shutdown_on = shutdown_on,
.config = config,
);
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index 03557a269..e684f22ce 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -193,7 +193,7 @@ static bool register_load_tester(private_load_tester_plugin_t *this,
lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.shutdown_when_complete", 0, charon->name))
+ "%s.plugins.load-tester.shutdown_when_complete", 0, lib->ns))
{
shutdown_on = this->iterations * this->initiators;
}
@@ -262,8 +262,8 @@ plugin_t *load_tester_plugin_create()
{
private_load_tester_plugin_t *this;
- if (!lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.enable", FALSE, charon->name))
+ if (!lib->settings->get_bool(lib->settings, "%s.plugins.load-tester.enable",
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "disabling load-tester plugin, not configured");
return NULL;
@@ -279,19 +279,19 @@ plugin_t *load_tester_plugin_create()
},
},
.delay = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.delay", 0, charon->name),
+ "%s.plugins.load-tester.delay", 0, lib->ns),
.iterations = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.iterations", 1, charon->name),
+ "%s.plugins.load-tester.iterations", 1, lib->ns),
.initiators = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.initiators", 0, charon->name),
+ "%s.plugins.load-tester.initiators", 0, lib->ns),
.init_limit = lib->settings->get_int(lib->settings,
- "%s.plugins.load-tester.init_limit", 0, charon->name),
+ "%s.plugins.load-tester.init_limit", 0, lib->ns),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
);
if (lib->settings->get_bool(lib->settings,
- "%s.plugins.load-tester.fake_kernel", FALSE, charon->name))
+ "%s.plugins.load-tester.fake_kernel", FALSE, lib->ns))
{
hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface,
(kernel_ipsec_constructor_t)load_tester_ipsec_create);
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index d74ce4668..4b6d214de 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -224,8 +224,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/lookip/lookip_socket.c b/src/libcharon/plugins/lookip/lookip_socket.c
index d25573bf4..4b33e3e31 100644
--- a/src/libcharon/plugins/lookip/lookip_socket.c
+++ b/src/libcharon/plugins/lookip/lookip_socket.c
@@ -87,10 +87,21 @@ static void entry_destroy(entry_t *entry)
}
/**
- * Disconnect a stream, remove connection entry
+ * Data for async disconnect job
*/
-static void disconnect(private_lookip_socket_t *this, stream_t *stream)
+typedef struct {
+ /** socket ref */
+ private_lookip_socket_t *this;
+ /** stream to disconnect */
+ stream_t *stream;
+} disconnect_data_t;
+
+/**
+ * Disconnect a stream asynchronously, remove connection entry
+ */
+static job_requeue_t disconnect_async(disconnect_data_t *data)
{
+ private_lookip_socket_t *this = data->this;
enumerator_t *enumerator;
entry_t *entry;
@@ -98,7 +109,7 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream)
enumerator = this->connected->create_enumerator(this->connected);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->stream == stream)
+ if (entry->stream == data->stream)
{
this->connected->remove_at(this->connected, enumerator);
if (entry->up || entry->down)
@@ -111,6 +122,24 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream)
}
enumerator->destroy(enumerator);
this->mutex->unlock(this->mutex);
+ return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Queue async disconnect job
+ */
+static void disconnect(private_lookip_socket_t *this, stream_t *stream)
+{
+ disconnect_data_t *data;
+
+ INIT(data,
+ .this = this,
+ .stream = stream,
+ );
+
+ lib->processor->queue_job(lib->processor,
+ (job_t*)callback_job_create((void*)disconnect_async, data,
+ free, NULL));
}
/**
@@ -393,8 +422,8 @@ lookip_socket_t *lookip_socket_create(lookip_listener_t *listener)
);
uri = lib->settings->get_str(lib->settings,
- "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET,
- charon->name);
+ "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET,
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index a8b793f6f..314088a25 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 76b05c634..8d7ca04e6 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 20e3553e7..7abc23e50 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index 9e794cec3..b891f55f1 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index c8d8fae1c..bf85d5713 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/radattr/radattr_listener.c b/src/libcharon/plugins/radattr/radattr_listener.c
index 5443800e5..aca83aafc 100644
--- a/src/libcharon/plugins/radattr/radattr_listener.c
+++ b/src/libcharon/plugins/radattr/radattr_listener.c
@@ -19,7 +19,6 @@
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
-#include <sys/mman.h>
#include <errno.h>
#include <daemon.h>
@@ -110,10 +109,7 @@ static void add_radius_attribute(private_radattr_listener_t *this,
identification_t *id;
auth_cfg_t *auth;
char path[PATH_MAX];
- chunk_t data;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *data;
auth = ike_sa->get_auth_cfg(ike_sa, TRUE);
id = auth->get(auth, AUTH_RULE_EAP_IDENTITY);
@@ -123,44 +119,16 @@ static void add_radius_attribute(private_radattr_listener_t *this,
}
snprintf(path, sizeof(path), "%s/%Y", this->dir, id);
- fd = open(path, O_RDONLY);
- if (fd != -1)
+ data = chunk_map(path, FALSE);
+ if (data)
{
- if (fstat(fd, &sb) != -1)
+ if (data->len >= 2)
{
- if (sb.st_size <= MAX_ATTR_SIZE)
- {
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr != MAP_FAILED)
- {
- data = chunk_create(addr, sb.st_size);
- if (data.len >= 2)
- {
- DBG1(DBG_CFG, "adding RADIUS %N attribute",
- radius_attribute_type_names, data.ptr[0]);
- message->add_notify(message, FALSE,
- RADIUS_ATTRIBUTE, data);
- }
- munmap(addr, sb.st_size);
- }
- else
- {
- DBG1(DBG_CFG, "mapping RADIUS attribute '%s' failed: %s",
- path, strerror(errno));
- }
- }
- else
- {
- DBG1(DBG_CFG, "RADIUS attribute '%s' exceeds size limit",
- path);
- }
- }
- else
- {
- DBG1(DBG_CFG, "fstat RADIUS attribute '%s' failed: %s",
- path, strerror(errno));
+ DBG1(DBG_CFG, "adding RADIUS %N attribute",
+ radius_attribute_type_names, data->ptr[0]);
+ message->add_notify(message, FALSE, RADIUS_ATTRIBUTE, *data);
}
- close(fd);
+ chunk_unmap(data);
}
else
{
@@ -212,9 +180,9 @@ radattr_listener_t *radattr_listener_create()
.destroy = _destroy,
},
.dir = lib->settings->get_str(lib->settings,
- "%s.plugins.radattr.dir", NULL, charon->name),
+ "%s.plugins.radattr.dir", NULL, lib->ns),
.mid = lib->settings->get_int(lib->settings,
- "%s.plugins.radattr.message_id", -1, charon->name),
+ "%s.plugins.radattr.message_id", -1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index f56840410..43f3c6fbf 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index cfcee2f79..155113e48 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index ea976dfe9..081d3efc7 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -617,7 +617,7 @@ static int open_socket(private_socket_default_socket_t *this,
mark_t mark;
fwmark = lib->settings->get_str(lib->settings,
- "%s.plugins.socket-default.fwmark", NULL, charon->name);
+ "%s.plugins.socket-default.fwmark", NULL, lib->ns);
if (fwmark && mark_from_string(fwmark, &mark))
{
if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value,
@@ -657,10 +657,10 @@ static bool use_family(int family)
{
case AF_INET:
return lib->settings->get_bool(lib->settings,
- "%s.plugins.socket-default.use_ipv4", TRUE, charon->name);
+ "%s.plugins.socket-default.use_ipv4", TRUE, lib->ns);
case AF_INET6:
return lib->settings->get_bool(lib->settings,
- "%s.plugins.socket-default.use_ipv6", TRUE, charon->name);
+ "%s.plugins.socket-default.use_ipv6", TRUE, lib->ns);
default:
return FALSE;
}
@@ -735,14 +735,14 @@ socket_default_socket_t *socket_default_socket_create()
},
},
.port = lib->settings->get_int(lib->settings,
- "%s.port", CHARON_UDP_PORT, charon->name),
+ "%s.port", CHARON_UDP_PORT, lib->ns),
.natt = lib->settings->get_int(lib->settings,
- "%s.port_nat_t", CHARON_NATT_PORT, charon->name),
+ "%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
.set_source = lib->settings->get_bool(lib->settings,
"%s.plugins.socket-default.set_source", TRUE,
- charon->name),
+ lib->ns),
);
if (this->port && this->port == this->natt)
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 1efbdabbc..da40a433b 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index 012f18e31..3161a709f 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -668,7 +668,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create()
},
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
);
if (pipe(this->notify) != 0)
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 18461fa04..963804932 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index 547e7691e..9a7a6e0ff 100644
--- a/src/libcharon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
@@ -141,7 +141,7 @@ sql_logger_t *sql_logger_create(database_t *db)
.db = db,
.recursive = thread_value_create(NULL),
.level = lib->settings->get_int(lib->settings,
- "%s.plugins.sql.loglevel", -1, charon->name),
+ "%s.plugins.sql.loglevel", -1, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index c1b4461d2..c5dd6e8b3 100644
--- a/src/libcharon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -73,7 +73,7 @@ static bool open_database(private_sql_plugin_t *this,
char *uri;
uri = lib->settings->get_str(lib->settings, "%s.plugins.sql.database",
- NULL, charon->name);
+ NULL, lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "sql plugin: database URI not set");
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index a913e063e..11a8771cc 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2e10f324b..e5e6d9246 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -880,7 +880,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
else
{
vip = host_create_from_string(token, 0);
- if (vip)
+ if (!vip)
{
DBG1(DBG_CFG, "ignored invalid subnet token: %s", token);
}
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index b583bfc53..f770d7c9e 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -778,7 +778,7 @@ stroke_control_t *stroke_control_create()
.destroy = _destroy,
},
.timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.stroke.timeout", 0, charon->name),
+ "%s.plugins.stroke.timeout", 0, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 8d0001271..f908219ed 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -17,8 +17,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <limits.h>
-#include <libgen.h>
-#include <sys/mman.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
@@ -521,7 +519,16 @@ METHOD(stroke_cred_t, cache_cert, void,
if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
{
- chunk_write(chunk, buf, "crl", 022, TRUE);
+ if (chunk_write(chunk, buf, 022, TRUE))
+ {
+ DBG1(DBG_CFG, " written crl file '%s' (%d bytes)",
+ buf, chunk.len);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " writing crl file '%s' failed: %s",
+ buf, strerror(errno));
+ }
free(chunk.ptr);
}
}
@@ -1092,46 +1099,24 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr,
static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
char *file, int level, FILE *prompt)
{
- int line_nr = 0, fd;
- chunk_t src, line;
- struct stat sb;
- void *addr;
+ int line_nr = 0;
+ chunk_t *src, line;
DBG1(DBG_CFG, "loading secrets from '%s'", file);
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ src = chunk_map(file, FALSE);
+ if (!src)
{
DBG1(DBG_CFG, "opening secrets file '%s' failed: %s", file,
strerror(errno));
return;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return;
- }
- if (sb.st_size == 0)
- { /* skip empty files, as mmap() complains */
- close(fd);
- return;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return;
- }
- src = chunk_create(addr, sb.st_size);
if (!secrets)
{
secrets = mem_cred_create();
}
- while (fetchline(&src, &line))
+ while (fetchline(src, &line))
{
chunk_t ids, token;
shared_key_type_t type;
@@ -1172,8 +1157,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
}
else
{ /* use directory of current file if relative */
- dir = strdup(file);
- dir = dirname(dir);
+ dir = path_dirname(file);
if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern))
{
@@ -1272,8 +1256,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
break;
}
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(src);
if (level == 0)
{ /* replace secrets in active credential set */
@@ -1394,7 +1377,7 @@ stroke_cred_t *stroke_cred_create()
this->force_ca_cert = lib->settings->get_bool(lib->settings,
"%s.plugins.stroke.ignore_missing_ca_basic_constraint",
- FALSE, charon->name);
+ FALSE, lib->ns);
load_certs(this);
load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 3adebb523..169ff2bf6 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Tobias Brunner
+ * Copyright (C) 2011-2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -99,6 +99,11 @@ struct private_stroke_socket_t {
* Counter values for IKE events
*/
stroke_counter_t *counter;
+
+ /**
+ * TRUE if log level changes are not allowed
+ */
+ bool prevent_loglevel_changes;
};
/**
@@ -490,6 +495,25 @@ static void stroke_leases(private_stroke_socket_t *this,
}
/**
+ * Callback function for usage report
+ */
+static void report_usage(FILE *out, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ fprintf(out, "%zu bytes total, %d allocations, %zu bytes average:\n",
+ bytes, count, bytes / count);
+ bt->log(bt, out, detailed);
+}
+
+/**
+ * Callback function for memusage summary
+ */
+static void sum_usage(FILE *out, int count, size_t bytes, int whitelisted)
+{
+ fprintf(out, "Total memory usage: %zu\n", bytes);
+}
+
+/**
* Show memory usage
*/
static void stroke_memusage(private_stroke_socket_t *this,
@@ -497,7 +521,9 @@ static void stroke_memusage(private_stroke_socket_t *this,
{
if (lib->leak_detective)
{
- lib->leak_detective->usage(lib->leak_detective, out);
+ lib->leak_detective->usage(lib->leak_detective,
+ (leak_detective_report_cb_t)report_usage,
+ (leak_detective_summary_cb_t)sum_usage, out);
}
}
@@ -546,6 +572,12 @@ static void stroke_loglevel(private_stroke_socket_t *this,
DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
msg->loglevel.level, msg->loglevel.type);
+ if (this->prevent_loglevel_changes)
+ {
+ DBG1(DBG_CFG, "prevented log level change");
+ fprintf(out, "command not allowed!\n");
+ return;
+ }
if (strcaseeq(msg->loglevel.type, "any"))
{
group = DBG_ANY;
@@ -555,7 +587,7 @@ static void stroke_loglevel(private_stroke_socket_t *this,
group = enum_from_name(debug_names, msg->loglevel.type);
if ((int)group < 0)
{
- fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
+ fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
return;
}
}
@@ -591,8 +623,8 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
return FALSE;
}
- /* read message */
- msg = malloc(len);
+ /* read message (we need an additional byte to terminate the buffer) */
+ msg = malloc(len + 1);
msg->length = len;
if (!stream->read_all(stream, (char*)msg + sizeof(len), len - sizeof(len)))
{
@@ -603,6 +635,9 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
free(msg);
return FALSE;
}
+ /* make sure even incorrectly unterminated strings don't extend over the
+ * message boundaries */
+ ((char*)msg)[len] = '\0';
DBG3(DBG_CFG, "stroke message %b", (void*)msg, len);
@@ -727,6 +762,8 @@ stroke_socket_t *stroke_socket_create()
.public = {
.destroy = _destroy,
},
+ .prevent_loglevel_changes = lib->settings->get_bool(lib->settings,
+ "%s.plugins.stroke.prevent_loglevel_changes", FALSE, lib->ns),
);
this->cred = stroke_cred_create();
@@ -746,10 +783,10 @@ stroke_socket_t *stroke_socket_create()
charon->bus->add_listener(charon->bus, &this->counter->listener);
max_concurrent = lib->settings->get_int(lib->settings,
- "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
- charon->name);
+ "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
+ lib->ns);
uri = lib->settings->get_str(lib->settings,
- "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, charon->name);
+ "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 8ad5c88ba..63724728a 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
index c8596114c..c1594b0b2 100644
--- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
+++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
@@ -178,9 +178,9 @@ static bool load_validator(private_systime_fix_plugin_t *this)
char *str, *fmt;
fmt = lib->settings->get_str(lib->settings,
- "%s.plugins.%s.threshold_format", "%Y", charon->name, get_name(this));
+ "%s.plugins.%s.threshold_format", "%Y", lib->ns, get_name(this));
str = lib->settings->get_str(lib->settings,
- "%s.plugins.%s.threshold", NULL, charon->name, get_name(this));
+ "%s.plugins.%s.threshold", NULL, lib->ns, get_name(this));
if (!str)
{
DBG1(DBG_CFG, "no threshold configured for %s, disabled",
@@ -274,9 +274,9 @@ plugin_t *systime_fix_plugin_create()
},
},
.interval = lib->settings->get_int(lib->settings,
- "%s.plugins.%s.interval", 0, charon->name, get_name(this)),
+ "%s.plugins.%s.interval", 0, lib->ns, get_name(this)),
.reauth = lib->settings->get_bool(lib->settings,
- "%s.plugins.%s.reauth", FALSE, charon->name, get_name(this)),
+ "%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)),
);
return &this->public.plugin;
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index ca995b01f..ace18e77c 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 4ad19c530..d2ba2e345 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -191,8 +191,8 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
/* schedule periodic transmission of IF-MAP renewSession request */
reschedule = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-ifmap.renew_session_interval",
- IFMAP_RENEW_SESSION_INTERVAL, charon->name);
+ "%s.plugins.tnc-ifmap.renew_session_interval",
+ IFMAP_RENEW_SESSION_INTERVAL, lib->ns);
job = (job_t*)tnc_ifmap_renew_session_job_create(
this->ifmap->get_ref(this->ifmap), reschedule);
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index df7d2e2a1..8f24daea3 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -134,8 +134,8 @@ METHOD(tnc_ifmap_soap_t, newSession, bool,
/* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
this->device_name = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.device_name",
- this->ifmap_publisher_id, charon->name);
+ "%s.plugins.tnc-ifmap.device_name",
+ this->ifmap_publisher_id, lib->ns);
this->device_name = strdup(this->device_name);
return this->session_id && this->ifmap_publisher_id;
@@ -731,15 +731,15 @@ static bool soap_init(private_tnc_ifmap_soap_t *this)
/* getting configuration parameters from strongswan.conf */
server_uri = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, charon->name);
+ "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, lib->ns);
server_cert = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.server_cert", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.server_cert", NULL, lib->ns);
client_cert = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.client_cert", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.client_cert", NULL, lib->ns);
client_key = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.client_key", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.client_key", NULL, lib->ns);
user_pass = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap.username_password", NULL, charon->name);
+ "%s.plugins.tnc-ifmap.username_password", NULL, lib->ns);
/* load [self-signed] MAP server certificate */
if (!server_cert)
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index d263bdec4..b2958efdb 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -222,8 +222,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -291,6 +289,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -379,12 +382,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -399,6 +406,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 31cee9e2b..89237f564 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -758,19 +758,19 @@ tnc_pdp_t *tnc_pdp_create(void)
bool radius_enable, pt_tls_enable;
server = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.server", NULL, charon->name);
+ "%s.plugins.tnc-pdp.server", NULL, lib->ns);
pt_tls_enable = lib->settings->get_bool(lib->settings,
- "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, charon->name);
+ "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, lib->ns);
pt_tls_port = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, charon->name);
+ "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, lib->ns);
radius_enable = lib->settings->get_bool(lib->settings,
- "%s.plugins.tnc-pdp.radius.enable", TRUE, charon->name);
+ "%s.plugins.tnc-pdp.radius.enable", TRUE, lib->ns);
radius_port = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, charon->name);
+ "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, lib->ns);
secret = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.radius.secret", NULL, charon->name);
+ "%s.plugins.tnc-pdp.radius.secret", NULL, lib->ns);
eap_type_str = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-pdp.radius.method", "ttls", charon->name);
+ "%s.plugins.tnc-pdp.radius.method", "ttls", lib->ns);
if (!pt_tls_enable && !radius_enable)
{
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
index f789c31d2..6c7659bb1 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c
@@ -298,7 +298,7 @@ tnc_pdp_connections_t *tnc_pdp_connections_create(void)
.list = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, charon->name),
+ "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index b36a53394..b2b473c32 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 2f8a65c07..2d9f59678 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 11d6091db..65fe14e1d 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index edff51a08..9f72a80da 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -97,9 +97,9 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa,
}
/**
- * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits
+ * As initiator and responder, bump up TS to 0.0.0.0/0 for on-the-wire bits
*/
-static void narrow_initiator_pre(linked_list_t *list)
+static void narrow_pre(linked_list_t *list, char *side)
{
traffic_selector_t *ts;
@@ -112,7 +112,7 @@ static void narrow_initiator_pre(linked_list_t *list)
"255.255.255.255", 65535);
if (ts)
{
- DBG2(DBG_CFG, "changing proposed traffic selectors for other:");
+ DBG2(DBG_CFG, "changing proposed traffic selectors for %s:", side);
DBG2(DBG_CFG, " %R", ts);
list->insert_last(list, ts);
}
@@ -149,12 +149,15 @@ METHOD(listener_t, narrow, bool,
switch (type)
{
case NARROW_INITIATOR_PRE_AUTH:
- narrow_initiator_pre(remote);
+ narrow_pre(remote, "other");
break;
case NARROW_INITIATOR_POST_AUTH:
narrow_initiator(this, ike_sa,
child_sa->get_config(child_sa), remote);
break;
+ case NARROW_RESPONDER:
+ narrow_pre(local, "us");
+ break;
case NARROW_RESPONDER_POST:
narrow_responder_post(child_sa->get_config(child_sa), local);
break;
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index ac6f93d69..86f81fcfb 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -16,6 +19,7 @@
#include "unity_provider.h"
#include <daemon.h>
+#include <bio/bio_writer.h>
typedef struct private_unity_provider_t private_unity_provider_t;
@@ -31,58 +35,70 @@ struct private_unity_provider_t {
};
/**
- * Attribute enumerator for traffic selector list
+ * Attribute enumerator for UNITY_SPLIT_INCLUDE attribute
*/
typedef struct {
/** Implements enumerator_t */
enumerator_t public;
/** list of traffic selectors to enumerate */
linked_list_t *list;
- /** currently enumerating subnet */
- u_char subnet[4];
- /** currently enumerating subnet mask */
- u_char mask[4];
+ /** attribute value */
+ chunk_t attr;
} attribute_enumerator_t;
+/**
+ * Append data from the given traffic selector to the attribute data
+ */
+static void append_ts(bio_writer_t *writer, traffic_selector_t *ts)
+{
+ host_t *net, *mask;
+ chunk_t padding;
+ u_int8_t bits;
+
+ if (!ts->to_subnet(ts, &net, &bits))
+ {
+ return;
+ }
+ mask = host_create_netmask(AF_INET, bits);
+ if (!mask)
+ {
+ net->destroy(net);
+ return;
+ }
+ writer->write_data(writer, net->get_address(net));
+ writer->write_data(writer, mask->get_address(mask));
+ /* the Cisco client parses the "padding" as protocol, src and dst port, the
+ * first two in network order the last in host order - no other clients seem
+ * to support these fields so we don't use them either */
+ padding = writer->skip(writer, 6);
+ memset(padding.ptr, 0, padding.len);
+ mask->destroy(mask);
+ net->destroy(net);
+}
+
METHOD(enumerator_t, attribute_enumerate, bool,
attribute_enumerator_t *this, configuration_attribute_type_t *type,
chunk_t *attr)
{
traffic_selector_t *ts;
- u_int8_t i, mask;
- host_t *net;
+ bio_writer_t *writer;
- while (TRUE)
+ if (this->list->get_count(this->list) == 0)
{
- if (this->list->remove_first(this->list, (void**)&ts) != SUCCESS)
- {
- return FALSE;
- }
- if (ts->to_subnet(ts, &net, &mask))
- {
- ts->destroy(ts);
- break;
- }
- ts->destroy(ts);
+ return FALSE;
}
- memset(this->mask, 0, sizeof(this->mask));
- for (i = 0; i < sizeof(this->mask); i++)
+ writer = bio_writer_create(14);
+ while (this->list->remove_first(this->list, (void**)&ts) == SUCCESS)
{
- if (mask < 8)
- {
- this->mask[i] = 0xFF << (8 - mask);
- break;
- }
- this->mask[i] = 0xFF;
- mask -= 8;
+ append_ts(writer, ts);
+ ts->destroy(ts);
}
- memcpy(this->subnet, net->get_address(net).ptr, sizeof(this->subnet));
- net->destroy(net);
*type = UNITY_SPLIT_INCLUDE;
- *attr = chunk_create(this->subnet, sizeof(this->subnet) + sizeof(this->mask));
+ *attr = this->attr = writer->extract_buf(writer);
+ writer->destroy(writer);
return TRUE;
}
@@ -90,6 +106,7 @@ METHOD(enumerator_t, attribute_destroy, void,
attribute_enumerator_t *this)
{
this->list->destroy_offset(this->list, offsetof(traffic_selector_t, destroy));
+ chunk_free(&this->attr);
free(this);
}
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 697c95917..e2d6d32fb 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/updown/updown_handler.c b/src/libcharon/plugins/updown/updown_handler.c
index 3a644380a..0894d2d07 100644
--- a/src/libcharon/plugins/updown/updown_handler.c
+++ b/src/libcharon/plugins/updown/updown_handler.c
@@ -188,7 +188,7 @@ METHOD(updown_handler_t, create_dns_enumerator, enumerator_t*,
ike_sa = charon->bus->get_sa(charon->bus);
if (!ike_sa)
{
- return FALSE;
+ return enumerator_create_empty();
}
this->lock->read_lock(this->lock);
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 81adfdb13..2c3f93298 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -218,12 +219,12 @@ METHOD(listener_t, child_updown, bool,
enumerator = child_sa->create_policy_enumerator(child_sa);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
- char command[1024];
+ char command[2048];
host_t *my_client, *other_client;
u_int8_t my_client_mask, other_client_mask;
char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth;
mark_t mark;
- bool is_host, is_ipv6;
+ bool is_host, is_ipv6, use_ipcomp;
FILE *shell;
my_ts->to_subnet(my_ts, &my_client, &my_client_mask);
@@ -322,6 +323,9 @@ METHOD(listener_t, child_updown, bool,
dns = make_dns_vars(this, ike_sa);
+ /* check for IPComp */
+ use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE;
+
/* determine IPv4/IPv6 and client/host situation */
is_host = my_ts->is_host(my_ts, me);
is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) :
@@ -355,6 +359,7 @@ METHOD(listener_t, child_updown, bool,
"%s"
"%s"
"%s"
+ "%s"
"%s",
up ? "up" : "down",
is_host ? "-host" : "-client",
@@ -377,6 +382,7 @@ METHOD(listener_t, child_updown, bool,
mark_in,
mark_out,
udp_enc,
+ use_ipcomp ? "PLUTO_IPCOMP='1' " : "",
config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "",
dns,
script);
diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c
index 3c1aba5cc..d30267dee 100644
--- a/src/libcharon/plugins/updown/updown_plugin.c
+++ b/src/libcharon/plugins/updown/updown_plugin.c
@@ -58,7 +58,7 @@ static bool plugin_cb(private_updown_plugin_t *this,
if (reg)
{
if (lib->settings->get_bool(lib->settings,
- "charon.plugins.updown.dns_handler", FALSE))
+ "%s.plugins.updown.dns_handler", FALSE, lib->ns))
{
this->handler = updown_handler_create();
hydra->attributes->add_handler(hydra->attributes,
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 218ecaaf7..aa8ad2e10 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -225,8 +225,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c
index 996f263c9..c1b619c3c 100644
--- a/src/libcharon/plugins/whitelist/whitelist_control.c
+++ b/src/libcharon/plugins/whitelist/whitelist_control.c
@@ -157,7 +157,7 @@ whitelist_control_t *whitelist_control_create(whitelist_listener_t *listener)
uri = lib->settings->get_str(lib->settings,
"%s.plugins.whitelist.socket", "unix://" WHITELIST_SOCKET,
- charon->name);
+ lib->ns);
this->service = lib->streams->create_service(lib->streams, uri, 10);
if (!this->service)
{
diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c
index 382ee3b8b..d0357b410 100644
--- a/src/libcharon/plugins/whitelist/whitelist_listener.c
+++ b/src/libcharon/plugins/whitelist/whitelist_listener.c
@@ -206,7 +206,7 @@ whitelist_listener_t *whitelist_listener_create()
.ids = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 32),
.enabled = lib->settings->get_bool(lib->settings,
- "%s.plugins.whitelist.enable", FALSE, charon->name),
+ "%s.plugins.whitelist.enable", FALSE, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index c5eba1467..cf0c326e3 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c
index 5ac4f10d2..f597bb7ae 100644
--- a/src/libcharon/plugins/xauth_eap/xauth_eap.c
+++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c
@@ -224,7 +224,7 @@ METHOD(xauth_method_t, process, status_t,
name = lib->settings->get_str(lib->settings,
"%s.plugins.xauth-eap.backend", "radius",
- charon->name);
+ lib->ns);
type = eap_type_from_string(name);
if (!type)
{
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 47c216177..2d18f60df 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 22244930d..8173631ae 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.am b/src/libcharon/plugins/xauth_pam/Makefile.am
index a7d4f6436..1875f81d3 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.am
+++ b/src/libcharon/plugins/xauth_pam/Makefile.am
@@ -14,6 +14,7 @@ endif
libstrongswan_xauth_pam_la_SOURCES = \
xauth_pam_plugin.h xauth_pam_plugin.c \
+ xauth_pam_listener.h xauth_pam_listener.c \
xauth_pam.h xauth_pam.c
libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index dbcc4f405..1ee269e04 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -129,7 +129,7 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_xauth_pam_la_LIBADD =
am_libstrongswan_xauth_pam_la_OBJECTS = xauth_pam_plugin.lo \
- xauth_pam.lo
+ xauth_pam_listener.lo xauth_pam.lo
libstrongswan_xauth_pam_la_OBJECTS = \
$(am_libstrongswan_xauth_pam_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -417,6 +425,7 @@ AM_CFLAGS = \
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xauth-pam.la
libstrongswan_xauth_pam_la_SOURCES = \
xauth_pam_plugin.h xauth_pam_plugin.c \
+ xauth_pam_listener.h xauth_pam_listener.c \
xauth_pam.h xauth_pam.c
libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam
@@ -511,6 +520,7 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam_listener.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam_plugin.Plo@am__quote@
.c.o:
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c
index 8ba2c764d..71c79ecc0 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c
@@ -116,7 +116,11 @@ static void attr2string(char *buf, size_t len, chunk_t chunk)
{
if (chunk.len && chunk.len < len)
{
- snprintf(buf, len, "%.*s", (int)chunk.len, chunk.ptr);
+ chunk_t sane;
+
+ chunk_printable(chunk, &sane, '?');
+ snprintf(buf, len, "%.*s", (int)sane.len, sane.ptr);
+ chunk_clear(&sane);
}
}
@@ -138,7 +142,7 @@ METHOD(xauth_method_t, process, status_t,
/* trim to username part if email address given */
if (lib->settings->get_bool(lib->settings,
"%s.plugins.xauth-pam.trim_email",
- TRUE, charon->name))
+ TRUE, lib->ns))
{
pos = memchr(chunk.ptr, '@', chunk.len);
if (pos)
@@ -171,9 +175,8 @@ METHOD(xauth_method_t, process, status_t,
service = lib->settings->get_str(lib->settings,
"%s.plugins.xauth-pam.pam_service",
lib->settings->get_str(lib->settings,
- "%s.plugins.eap-gtc.pam_service",
- "login", charon->name),
- charon->name);
+ "%s.plugins.eap-gtc.pam_service", "login", lib->ns),
+ lib->ns);
if (authenticate(service, user, pass))
{
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c
new file mode 100644
index 000000000..eb06f54bb
--- /dev/null
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2013 Endian srl
+ * Author: Andrea Bonomi - <a.bonomi@endian.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "xauth_pam_listener.h"
+
+#include <daemon.h>
+#include <library.h>
+
+#include <security/pam_appl.h>
+
+typedef struct private_xauth_pam_listener_t private_xauth_pam_listener_t;
+
+/**
+ * Private data of an xauth_pam_listener_t object.
+ */
+struct private_xauth_pam_listener_t {
+
+ /**
+ * Public xauth_pam_listener_t interface.
+ */
+ xauth_pam_listener_t public;
+
+ /**
+ * PAM service
+ */
+ char *service;
+};
+
+/**
+ * PAM conv callback function
+ */
+static int conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ int i;
+
+ for (i = 0; i < num_msg; i++)
+ {
+ /* ignore any text info, but fail on any interaction request */
+ if (msg[i]->msg_style != PAM_TEXT_INFO)
+ {
+ return PAM_CONV_ERR;
+ }
+ }
+ return PAM_SUCCESS;
+}
+
+METHOD(listener_t, ike_updown, bool,
+ private_xauth_pam_listener_t *this, ike_sa_t *ike_sa, bool up)
+{
+ struct pam_conv null_conv = {
+ .conv = conv,
+ };
+ pam_handle_t *pamh = NULL;
+ char *user;
+ int ret;
+
+ if (asprintf(&user, "%Y", ike_sa->get_other_eap_id(ike_sa)) != -1)
+ {
+ ret = pam_start(this->service, user, &null_conv, &pamh);
+ if (ret == PAM_SUCCESS)
+ {
+ if (up)
+ {
+ ret = pam_open_session(pamh, 0);
+ if (ret != PAM_SUCCESS)
+ {
+ DBG1(DBG_IKE, "XAuth pam_open_session for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ }
+ else
+ {
+ ret = pam_close_session(pamh, 0);
+ if (ret != PAM_SUCCESS)
+ {
+ DBG1(DBG_IKE, "XAuth pam_close_session for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ }
+ }
+ else
+ {
+ DBG1(DBG_IKE, "XAuth pam_start for '%s' failed: %s",
+ user, pam_strerror(pamh, ret));
+ }
+ pam_end(pamh, ret);
+ free(user);
+ }
+ return TRUE;
+}
+
+METHOD(xauth_pam_listener_t, listener_destroy, void,
+ private_xauth_pam_listener_t *this)
+{
+ free(this);
+}
+
+xauth_pam_listener_t *xauth_pam_listener_create()
+{
+ private_xauth_pam_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .ike_updown = _ike_updown,
+ },
+ .destroy = _listener_destroy,
+ },
+ /* Look for PAM service, with a legacy fallback for the eap-gtc plugin.
+ * Default to "login". */
+ .service = lib->settings->get_str(lib->settings,
+ "%s.plugins.xauth-pam.pam_service",
+ lib->settings->get_str(lib->settings,
+ "%s.plugins.eap-gtc.pam_service",
+ "login", lib->ns),
+ lib->ns),
+ );
+
+ return &this->public;
+}
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h
new file mode 100644
index 000000000..5b15410f4
--- /dev/null
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Endian srl
+ * Author: Andrea Bonomi - <a.bonomi@endian.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup xauth_pam_i xauth_pam
+ * @{ @ingroup xauth_pam
+ */
+
+#ifndef XAUTH_PAM_LISENER_H_
+#define XAUTH_PAM_LISTENER_H_
+
+typedef struct xauth_pam_listener_t xauth_pam_listener_t;
+
+#include <bus/listeners/listener.h>
+
+/**
+ * Listener
+ */
+struct xauth_pam_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a xauth_pam_listener_t.
+ */
+ void (*destroy)(xauth_pam_listener_t *this);
+};
+
+/**
+ * Create a xauth_pam_listener instance.
+ */
+xauth_pam_listener_t *xauth_pam_listener_create();
+
+
+#endif /** XAUTH_PAM_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index 2ef9a6c8f..497ad3dd9 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -15,6 +15,7 @@
#include "xauth_pam_plugin.h"
#include "xauth_pam.h"
+#include "xauth_pam_listener.h"
#include <daemon.h>
@@ -22,26 +23,73 @@
#define CAP_AUDIT_WRITE 29
#endif
+typedef struct private_xauth_pam_plugin_t private_xauth_pam_plugin_t;
+
+/**
+ * private data of xauth_pam plugin
+ */
+struct private_xauth_pam_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ xauth_pam_plugin_t public;
+
+ /**
+ * Listener
+ */
+ xauth_pam_listener_t *listener;
+
+ /**
+ * Do PAM session management?
+ */
+ bool session;
+};
+
+/**
+ * Register XAuth method and listener
+ */
+static bool register_listener(private_xauth_pam_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *data)
+{
+ if (reg)
+ {
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+ }
+ else
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ }
+ return TRUE;
+}
+
METHOD(plugin_t, get_name, char*,
- xauth_pam_plugin_t *this)
+ private_xauth_pam_plugin_t *this)
{
return "xauth-pam";
}
METHOD(plugin_t, get_features, int,
- xauth_pam_plugin_t *this, plugin_feature_t *features[])
+ private_xauth_pam_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
PLUGIN_CALLBACK(xauth_method_register, xauth_pam_create_server),
PLUGIN_PROVIDE(XAUTH_SERVER, "pam"),
+ PLUGIN_CALLBACK((plugin_feature_callback_t)register_listener, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "pam-session"),
};
*features = f;
+ if (!this->session)
+ {
+ return 2;
+ }
return countof(f);
}
METHOD(plugin_t, destroy, void,
- xauth_pam_plugin_t *this)
+ private_xauth_pam_plugin_t *this)
{
+ this->listener->destroy(this->listener),
free(this);
}
@@ -50,7 +98,7 @@ METHOD(plugin_t, destroy, void,
*/
plugin_t *xauth_pam_plugin_create()
{
- xauth_pam_plugin_t *this;
+ private_xauth_pam_plugin_t *this;
/* required for PAM authentication */
if (!lib->caps->keep(lib->caps, CAP_AUDIT_WRITE))
@@ -60,12 +108,17 @@ plugin_t *xauth_pam_plugin_create()
}
INIT(this,
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
},
+ .session = lib->settings->get_str(lib->settings,
+ "%s.plugins.xauth-pam.session", FALSE, lib->ns),
+ .listener = xauth_pam_listener_create(),
);
- return &this->plugin;
+ return &this->public.plugin;
}
diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index 9ab69b417..197733979 100644
--- a/src/libcharon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
@@ -73,12 +73,13 @@ METHOD(job_t, execute, job_requeue_t,
{
if (child_sa->get_reqid(child_sa) == this->reqid)
{
- time_t in, out, diff;
+ time_t in, out, install, diff;
child_sa->get_usestats(child_sa, TRUE, &in, NULL, NULL);
child_sa->get_usestats(child_sa, FALSE, &out, NULL, NULL);
+ install = child_sa->get_installtime(child_sa);
- diff = time_monotonic(NULL) - max(in, out);
+ diff = time_monotonic(NULL) - max(max(in, out), install);
if (diff >= this->timeout)
{
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 9c3876a94..720a58553 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -120,6 +120,11 @@ struct private_child_sa_t {
time_t expire_time;
/**
+ * absolute time when SA has been installed
+ */
+ time_t install_time;
+
+ /**
* state of the CHILD_SA
*/
child_sa_state_t state;
@@ -586,6 +591,12 @@ METHOD(child_sa_t, get_lifetime, time_t,
return hard ? this->expire_time : this->rekey_time;
}
+METHOD(child_sa_t, get_installtime, time_t,
+ private_child_sa_t *this)
+{
+ return this->install_time;
+}
+
METHOD(child_sa_t, alloc_spi, u_int32_t,
private_child_sa_t *this, protocol_id_t protocol)
{
@@ -1140,6 +1151,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
.get_proposal = _get_proposal,
.set_proposal = _set_proposal,
.get_lifetime = _get_lifetime,
+ .get_installtime = _get_installtime,
.get_usestats = _get_usestats,
.get_mark = _get_mark,
.has_encap = _has_encap,
@@ -1170,6 +1182,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
.reqid = config->get_reqid(config),
.mark_in = config->get_mark(config, TRUE),
.mark_out = config->get_mark(config, FALSE),
+ .install_time = time_monotonic(NULL),
);
this->config = config;
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index ed52d60b1..a0c6c357f 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -265,6 +265,13 @@ struct child_sa_t {
time_t (*get_lifetime)(child_sa_t *this, bool hard);
/**
+ * Get the absolute time when this SA has been installed.
+ *
+ * @return monotonic absolute install time
+ */
+ time_t (*get_installtime)(child_sa_t *this);
+
+ /**
* Get last use time and the number of bytes processed.
*
* @param inbound TRUE for inbound traffic, FALSE for outbound
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 028208782..2c15dc5eb 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
}
trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
+ if (trigger_dpd)
+ {
+ /* Some peers delay the DELETE after rekeying an IKE_SA.
+ * If this delay is longer than our DPD delay, we would
+ * send a DPD request here. The IKE_SA is not ready to do
+ * so yet, so prevent that. */
+ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
+ }
}
break;
}
@@ -1162,26 +1170,13 @@ METHOD(ike_sa_t, initiate, status_t,
#endif /* ME */
)
{
- bool is_anyaddr;
- host_t *host;
char *addr;
- addr = this->ike_cfg->get_my_addr(this->ike_cfg);
- host = this->ike_cfg->resolve_other(this->ike_cfg, AF_UNSPEC);
- is_anyaddr = host && host->is_anyaddr(host);
- DESTROY_IF(host);
-
- if (is_anyaddr || !this->retry_initiate_interval)
+ addr = this->ike_cfg->get_other_addr(this->ike_cfg);
+ if (!this->retry_initiate_interval)
{
- if (is_anyaddr)
- {
- DBG1(DBG_IKE, "unable to initiate to %s", addr);
- }
- else
- {
- DBG1(DBG_IKE, "unable to resolve %s, initiate aborted",
- addr);
- }
+ DBG1(DBG_IKE, "unable to resolve %s, initiate aborted",
+ addr);
DESTROY_IF(child_cfg);
charon->bus->alert(charon->bus, ALERT_PEER_ADDR_FAILED);
return DESTROY_ME;
@@ -2130,7 +2125,10 @@ METHOD(ike_sa_t, destroy, void,
charon->bus->set_sa(charon->bus, &this->public);
set_state(this, IKE_DESTROYING);
- DESTROY_IF(this->task_manager);
+ if (this->task_manager)
+ {
+ this->task_manager->flush(this->task_manager);
+ }
/* remove attributes first, as we pass the IKE_SA to the handler */
while (array_remove(this->attributes, ARRAY_TAIL, &entry))
@@ -2174,6 +2172,7 @@ METHOD(ike_sa_t, destroy, void,
charon->bus->set_sa(charon->bus, NULL);
array_destroy(this->child_sas);
+ DESTROY_IF(this->task_manager);
DESTROY_IF(this->keymat);
array_destroy(this->attributes);
array_destroy(this->my_vips);
@@ -2330,11 +2329,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.attributes = array_create(sizeof(attribute_entry_t), 0),
.unique_id = ref_get(&unique_id),
.keepalive_interval = lib->settings->get_time(lib->settings,
- "%s.keep_alive", KEEPALIVE_INTERVAL, charon->name),
+ "%s.keep_alive", KEEPALIVE_INTERVAL, lib->ns),
.retry_initiate_interval = lib->settings->get_time(lib->settings,
- "%s.retry_initiate_interval", 0, charon->name),
+ "%s.retry_initiate_interval", 0, lib->ns),
.flush_auth_cfg = lib->settings->get_bool(lib->settings,
- "%s.flush_auth_cfg", FALSE, charon->name),
+ "%s.flush_auth_cfg", FALSE, lib->ns),
);
if (version == IKEV2)
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 5768803aa..f2f81cf33 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -2150,17 +2150,17 @@ ike_sa_manager_t *ike_sa_manager_create()
}
this->ikesa_limit = lib->settings->get_int(lib->settings,
- "%s.ikesa_limit", 0, charon->name);
+ "%s.ikesa_limit", 0, lib->ns);
this->table_size = get_nearest_powerof2(lib->settings->get_int(
lib->settings, "%s.ikesa_table_size",
- DEFAULT_HASHTABLE_SIZE, charon->name));
+ DEFAULT_HASHTABLE_SIZE, lib->ns));
this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE));
this->table_mask = this->table_size - 1;
this->segment_count = get_nearest_powerof2(lib->settings->get_int(
lib->settings, "%s.ikesa_table_segments",
- DEFAULT_SEGMENT_COUNT, charon->name));
+ DEFAULT_SEGMENT_COUNT, lib->ns));
this->segment_count = max(1, min(this->segment_count, this->table_size));
this->segment_mask = this->segment_count - 1;
@@ -2200,6 +2200,6 @@ ike_sa_manager_t *ike_sa_manager_create()
}
this->reuse_ikesa = lib->settings->get_bool(lib->settings,
- "%s.reuse_ikesa", TRUE, charon->name);
+ "%s.reuse_ikesa", TRUE, lib->ns);
return &this->public;
}
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 597416e36..8fc158bba 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -339,10 +339,8 @@ METHOD(task_manager_t, flush_queue, void,
}
}
-/**
- * flush all tasks in the task manager
- */
-static void flush(private_task_manager_t *this)
+METHOD(task_manager_t, flush, void,
+ private_task_manager_t *this)
{
flush_queue(this, TASK_QUEUE_QUEUED);
flush_queue(this, TASK_QUEUE_PASSIVE);
@@ -1581,7 +1579,7 @@ METHOD(task_manager_t, process_message, status_t,
lib->scheduler->schedule_job(lib->scheduler, job,
lib->settings->get_int(lib->settings,
"%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
- charon->name));
+ lib->ns));
}
this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE);
charon->bus->message(charon->bus, msg, TRUE, TRUE);
@@ -2070,6 +2068,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.adopt_child_tasks = _adopt_child_tasks,
.busy = _busy,
.create_task_enumerator = _create_task_enumerator,
+ .flush = _flush,
.flush_queue = _flush_queue,
.destroy = _destroy,
},
@@ -2083,9 +2082,9 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.frag = {
.exchange = ID_PROT,
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, charon->name),
+ "%s.max_packet", MAX_PACKET, lib->ns),
.size = lib->settings->get_int(lib->settings,
- "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name),
+ "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns),
},
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
@@ -2093,11 +2092,11 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.active_tasks = linked_list_create(),
.passive_tasks = linked_list_create(),
.retransmit_tries = lib->settings->get_int(lib->settings,
- "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
+ "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
.retransmit_timeout = lib->settings->get_double(lib->settings,
- "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
+ "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
.retransmit_base = lib->settings->get_double(lib->settings,
- "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
+ "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
);
if (!this->rng)
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 46cbb879b..6cc3e04b3 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -421,7 +421,7 @@ METHOD(task_t, process_r, status_t,
case AUTH_PSK:
if (!lib->settings->get_bool(lib->settings, "%s.i_dont_care"
"_about_security_and_use_aggressive_mode_psk",
- FALSE, charon->name))
+ FALSE, lib->ns))
{
DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
"security reasons");
@@ -478,7 +478,7 @@ METHOD(task_t, process_r, status_t,
while (TRUE)
{
if (this->ph1->verify_auth(this->ph1, this->method, message,
- this->id_data))
+ chunk_clone(this->id_data)))
{
break;
}
@@ -487,12 +487,10 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, NULL);
if (!this->peer_cfg)
{
- this->id_data = chunk_empty;
return send_delete(this);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
}
- this->id_data = chunk_empty;
if (!charon->bus->authorize(charon->bus, FALSE))
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 11155b287..e07ac0ab4 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -191,9 +191,9 @@ static void build(private_isakmp_vendor_t *this, message_t *message)
int i;
strongswan = lib->settings->get_bool(lib->settings,
- "%s.send_vendor_id", FALSE, charon->name);
+ "%s.send_vendor_id", FALSE, lib->ns);
cisco_unity = lib->settings->get_bool(lib->settings,
- "%s.cisco_unity", FALSE, charon->name);
+ "%s.cisco_unity", FALSE, lib->ns);
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
fragmentation = ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO;
if (!this->initiator && fragmentation)
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 12ee594b9..6e7da9852 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -194,7 +194,7 @@ static void schedule_inactivity_timeout(private_quick_mode_t *this)
if (timeout)
{
close_ike = lib->settings->get_bool(lib->settings,
- "%s.inactivity_close_ike", FALSE, charon->name);
+ "%s.inactivity_close_ike", FALSE, lib->ns);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
timeout, close_ike), timeout);
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 4d0683f0a..8c7ba8d55 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -278,6 +278,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
{
DBG1(DBG_IKE, "no %N selected",
transform_type_names, PSEUDO_RANDOM_FUNCTION);
+ chunk_clear(&secret);
return FALSE;
}
this->prf_alg = alg;
@@ -287,6 +288,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
DBG1(DBG_IKE, "%N %N not supported!",
transform_type_names, PSEUDO_RANDOM_FUNCTION,
pseudo_random_function_names, alg);
+ chunk_clear(&secret);
return FALSE;
}
DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
@@ -339,6 +341,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
{
DBG1(DBG_IKE, "PRF of old SA %N not supported!",
pseudo_random_function_names, rekey_function);
+ chunk_clear(&secret);
chunk_free(&full_nonce);
chunk_free(&fixed_nonce);
chunk_clear(&prf_plus_seed);
@@ -450,17 +453,6 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
chunk_t seed, secret = chunk_empty;
prf_plus_t *prf_plus;
- if (dh)
- {
- if (dh->get_shared_secret(dh, &secret) != SUCCESS)
- {
- return FALSE;
- }
- DBG4(DBG_CHD, "DH secret %B", &secret);
- }
- seed = chunk_cata("mcc", secret, nonce_i, nonce_r);
- DBG4(DBG_CHD, "seed %B", &seed);
-
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
&enc_alg, &enc_size))
{
@@ -527,7 +519,21 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
{
return FALSE;
}
+
+ if (dh)
+ {
+ if (dh->get_shared_secret(dh, &secret) != SUCCESS)
+ {
+ return FALSE;
+ }
+ DBG4(DBG_CHD, "DH secret %B", &secret);
+ }
+ seed = chunk_cata("scc", secret, nonce_i, nonce_r);
+ DBG4(DBG_CHD, "seed %B", &seed);
+
prf_plus = prf_plus_create(this->prf, TRUE, seed);
+ memwipe(seed.ptr, seed.len);
+
if (!prf_plus)
{
return FALSE;
@@ -590,7 +596,7 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
idx = chunk_cata("cc", chunk, id->get_encoding(id));
DBG3(DBG_IKE, "IDx' %B", &idx);
- DBG3(DBG_IKE, "SK_p %B", &skp);
+ DBG4(DBG_IKE, "SK_p %B", &skp);
if (!this->prf->set_key(this->prf, skp) ||
!this->prf->allocate_bytes(this->prf, idx, &chunk))
{
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 8e6da1609..ac3be900f 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -184,10 +184,8 @@ METHOD(task_manager_t, flush_queue, void,
}
}
-/**
- * flush all tasks in the task manager
- */
-static void flush(private_task_manager_t *this)
+METHOD(task_manager_t, flush, void,
+ private_task_manager_t *this)
{
flush_queue(this, TASK_QUEUE_QUEUED);
flush_queue(this, TASK_QUEUE_PASSIVE);
@@ -1231,7 +1229,7 @@ METHOD(task_manager_t, process_message, status_t,
lib->scheduler->schedule_job(lib->scheduler, job,
lib->settings->get_int(lib->settings,
"%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT,
- charon->name));
+ lib->ns));
}
return SUCCESS;
}
@@ -1569,6 +1567,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
.adopt_child_tasks = _adopt_child_tasks,
.busy = _busy,
.create_task_enumerator = _create_task_enumerator,
+ .flush = _flush,
.flush_queue = _flush_queue,
.destroy = _destroy,
},
@@ -1579,11 +1578,11 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
.active_tasks = array_create(0, 0),
.passive_tasks = array_create(0, 0),
.retransmit_tries = lib->settings->get_int(lib->settings,
- "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name),
+ "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns),
.retransmit_timeout = lib->settings->get_double(lib->settings,
- "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name),
+ "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns),
.retransmit_base = lib->settings->get_double(lib->settings,
- "%s.retransmit_base", RETRANSMIT_BASE, charon->name),
+ "%s.retransmit_base", RETRANSMIT_BASE, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 7cfa537a9..df7bc96d6 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -293,7 +293,7 @@ static void schedule_inactivity_timeout(private_child_create_t *this)
if (timeout)
{
close_ike = lib->settings->get_bool(lib->settings,
- "%s.inactivity_close_ike", FALSE, charon->name);
+ "%s.inactivity_close_ike", FALSE, lib->ns);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
timeout, close_ike), timeout);
@@ -1072,7 +1072,7 @@ static void handle_child_sa_failure(private_child_create_t *this,
{
if (message->get_exchange_type(message) == IKE_AUTH &&
lib->settings->get_bool(lib->settings,
- "%s.close_ike_on_child_failure", FALSE, charon->name))
+ "%s.close_ike_on_child_failure", FALSE, lib->ns))
{
/* we delay the delete for 100ms, as the IKE_AUTH response must arrive
* first */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 8f83c4884..800dab07e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -120,7 +120,7 @@ struct private_ike_auth_t {
static bool multiple_auth_enabled()
{
return lib->settings->get_bool(lib->settings,
- "%s.multiple_authentication", TRUE, charon->name);
+ "%s.multiple_authentication", TRUE, lib->ns);
}
/**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index 2cbe8f8c5..bd28b29d7 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -428,7 +428,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
message->add_payload(message, (payload_t*)req);
if (lib->settings->get_bool(lib->settings,
- "%s.hash_and_url", FALSE, charon->name))
+ "%s.hash_and_url", FALSE, lib->ns))
{
message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED,
chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 2730f5876..16ac16673 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -42,24 +42,60 @@ struct private_ike_vendor_t {
};
/**
- * strongSwan specific vendor ID without version, MD5("strongSwan")
+ * Vendor ID database entry
*/
-static chunk_t strongswan_vid = chunk_from_chars(
- 0x88,0x2f,0xe5,0x6d,0x6f,0xd2,0x0d,0xbc,
- 0x22,0x51,0x61,0x3b,0x2e,0xbe,0x5b,0xeb
-);
+typedef struct {
+ /* Description */
+ char *desc;
+ /* extension flag negotiated with vendor ID, if any */
+ ike_extension_t extension;
+ /* length of vendor ID string, 0 for NULL terminated */
+ int len;
+ /* vendor ID string */
+ char *id;
+} vid_data_t;
+
+/**
+ * Get the data of a vendor ID as a chunk
+ */
+static chunk_t get_vid_data(vid_data_t *data)
+{
+ return chunk_create(data->id, data->len ?: strlen(data->id));
+}
+
+/**
+ * IKEv2 Vendor ID database entry
+ */
+static vid_data_t vids[] = {
+ /* strongSwan MD5("strongSwan") */
+ { "strongSwan", EXT_STRONGSWAN, 16,
+ "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
+ { "Cisco Delete Reason", 0, 0,
+ "CISCO-DELETE-REASON" },
+ { "Cisco Copyright (c) 2009", 0, 0,
+ "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
+ { "FRAGMENTATION", 0, 16,
+ "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"},
+};
METHOD(task_t, build, status_t,
private_ike_vendor_t *this, message_t *message)
{
- if (lib->settings->get_bool(lib->settings,
- "%s.send_vendor_id", FALSE, charon->name))
- {
- vendor_id_payload_t *vid;
+ vendor_id_payload_t *vid;
+ bool strongswan;
+ int i;
- vid = vendor_id_payload_create_data(VENDOR_ID,
- chunk_clone(strongswan_vid));
- message->add_payload(message, &vid->payload_interface);
+ strongswan = lib->settings->get_bool(lib->settings,
+ "%s.send_vendor_id", FALSE, lib->ns);
+ for (i = 0; i < countof(vids); i++)
+ {
+ if (vids[i].extension == EXT_STRONGSWAN && strongswan)
+ {
+ DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
+ vid = vendor_id_payload_create_data(VENDOR_ID,
+ chunk_clone(get_vid_data(&vids[i])));
+ message->add_payload(message, &vid->payload_interface);
+ }
}
return this->initiator ? NEED_MORE : SUCCESS;
@@ -70,6 +106,7 @@ METHOD(task_t, process, status_t,
{
enumerator_t *enumerator;
payload_t *payload;
+ int i;
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
@@ -78,16 +115,26 @@ METHOD(task_t, process, status_t,
{
vendor_id_payload_t *vid;
chunk_t data;
+ bool found = FALSE;
vid = (vendor_id_payload_t*)payload;
data = vid->get_data(vid);
- if (chunk_equals(data, strongswan_vid))
+ for (i = 0; i < countof(vids); i++)
{
- DBG1(DBG_IKE, "received strongSwan vendor ID");
- this->ike_sa->enable_extension(this->ike_sa, EXT_STRONGSWAN);
+ if (chunk_equals(get_vid_data(&vids[i]), data))
+ {
+ DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc);
+ if (vids[i].extension)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ vids[i].extension);
+ }
+ found = TRUE;
+ break;
+ }
}
- else
+ if (!found)
{
DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
}
diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h
index a1ebb4117..e7a6bf463 100644
--- a/src/libcharon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
@@ -261,6 +261,11 @@ struct task_manager_t {
task_queue_t queue);
/**
+ * Flush all tasks, regardless of the queue.
+ */
+ void (*flush)(task_manager_t *this);
+
+ /**
* Flush a queue, cancelling all tasks.
*
* @param queue queue to flush
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 1f66d6ceb..7e55d6b0f 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -19,7 +19,6 @@
#include <hydra.h>
#include <daemon.h>
#include <threading/rwlock.h>
-#include <threading/thread_value.h>
#include <collections/linked_list.h>
@@ -63,11 +62,6 @@ struct private_trap_manager_t {
rwlock_t *lock;
/**
- * track if the current thread is installing a trap policy
- */
- thread_value_t *installing;
-
- /**
* listener to track acquiring IKE_SAs
*/
trap_listener_t listener;
@@ -77,6 +71,8 @@ struct private_trap_manager_t {
* A installed trap entry
*/
typedef struct {
+ /** name of the trapped CHILD_SA */
+ char *name;
/** ref to peer_cfg to initiate */
peer_cfg_t *peer_cfg;
/** ref to instanciated CHILD_SA */
@@ -94,6 +90,7 @@ static void destroy_entry(entry_t *entry)
{
entry->child_sa->destroy(entry->child_sa);
entry->peer_cfg->destroy(entry->peer_cfg);
+ free(entry->name);
free(entry);
}
@@ -137,27 +134,42 @@ METHOD(trap_manager_t, install, u_int32_t,
}
this->lock->write_lock(this->lock);
- this->installing->set(this->installing, this);
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (streq(entry->child_sa->get_name(entry->child_sa),
- child->get_name(child)))
+ if (streq(entry->name, child->get_name(child)))
{
- this->traps->remove_at(this->traps, enumerator);
found = entry;
+ if (entry->child_sa)
+ { /* replace it with an updated version, if already installed */
+ this->traps->remove_at(this->traps, enumerator);
+ }
break;
}
}
enumerator->destroy(enumerator);
if (found)
- { /* config might have changed so update everything */
- DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'",
- child->get_name(child));
+ {
+ if (!found->child_sa)
+ {
+ DBG1(DBG_CFG, "CHILD_SA '%s' is already being routed", found->name);
+ this->lock->unlock(this->lock);
+ return 0;
+ }
+ /* config might have changed so update everything */
+ DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", found->name);
reqid = found->child_sa->get_reqid(found->child_sa);
}
+ INIT(entry,
+ .name = strdup(child->get_name(child)),
+ .peer_cfg = peer->get_ref(peer),
+ );
+ this->traps->insert_first(this->traps, entry);
+ /* don't hold lock while creating CHILD_SA and installing policies */
+ this->lock->unlock(this->lock);
+
/* create and route CHILD_SA */
child_sa = child_sa_create(me, other, child, reqid, FALSE);
@@ -185,24 +197,19 @@ METHOD(trap_manager_t, install, u_int32_t,
if (status != SUCCESS)
{
DBG1(DBG_CFG, "installing trap failed");
+ this->lock->write_lock(this->lock);
+ this->traps->remove(this->traps, entry, NULL);
+ this->lock->unlock(this->lock);
+ entry->child_sa = child_sa;
+ destroy_entry(entry);
reqid = 0;
- /* hold off destroying the CHILD_SA until we released the lock */
}
else
{
- INIT(entry,
- .child_sa = child_sa,
- .peer_cfg = peer->get_ref(peer),
- );
- this->traps->insert_last(this->traps, entry);
reqid = child_sa->get_reqid(child_sa);
- }
- this->installing->set(this->installing, NULL);
- this->lock->unlock(this->lock);
-
- if (status != SUCCESS)
- {
- child_sa->destroy(child_sa);
+ this->lock->write_lock(this->lock);
+ entry->child_sa = child_sa;
+ this->lock->unlock(this->lock);
}
if (found)
{
@@ -221,7 +228,8 @@ METHOD(trap_manager_t, uninstall, bool,
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->child_sa->get_reqid(entry->child_sa) == reqid)
+ if (entry->child_sa &&
+ entry->child_sa->get_reqid(entry->child_sa) == reqid)
{
this->traps->remove_at(this->traps, enumerator);
found = entry;
@@ -236,7 +244,6 @@ METHOD(trap_manager_t, uninstall, bool,
DBG1(DBG_CFG, "trap %d not found to uninstall", reqid);
return FALSE;
}
-
destroy_entry(found);
return TRUE;
}
@@ -247,6 +254,10 @@ METHOD(trap_manager_t, uninstall, bool,
static bool trap_filter(rwlock_t *lock, entry_t **entry, peer_cfg_t **peer_cfg,
void *none, child_sa_t **child_sa)
{
+ if (!(*entry)->child_sa)
+ { /* skip entries that are currently being installed */
+ return FALSE;
+ }
if (peer_cfg)
{
*peer_cfg = (*entry)->peer_cfg;
@@ -271,28 +282,24 @@ METHOD(trap_manager_t, find_reqid, u_int32_t,
private_trap_manager_t *this, child_cfg_t *child)
{
enumerator_t *enumerator;
- child_cfg_t *current;
entry_t *entry;
u_int32_t reqid = 0;
- if (this->installing->get(this->installing))
- { /* current thread holds the lock */
- return reqid;
- }
this->lock->read_lock(this->lock);
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- current = entry->child_sa->get_config(entry->child_sa);
- if (streq(current->get_name(current), child->get_name(child)))
+ if (streq(entry->name, child->get_name(child)))
{
- reqid = entry->child_sa->get_reqid(entry->child_sa);
+ if (entry->child_sa)
+ {
+ reqid = entry->child_sa->get_reqid(entry->child_sa);
+ }
break;
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
return reqid;
}
@@ -310,7 +317,8 @@ METHOD(trap_manager_t, acquire, void,
enumerator = this->traps->create_enumerator(this->traps);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->child_sa->get_reqid(entry->child_sa) == reqid)
+ if (entry->child_sa &&
+ entry->child_sa->get_reqid(entry->child_sa) == reqid)
{
found = entry;
break;
@@ -365,6 +373,7 @@ METHOD(trap_manager_t, acquire, void,
else
{
ike_sa->destroy(ike_sa);
+ charon->bus->set_sa(charon->bus, NULL);
}
}
peer->destroy(peer);
@@ -445,7 +454,6 @@ METHOD(trap_manager_t, destroy, void,
{
charon->bus->remove_listener(charon->bus, &this->listener.listener);
this->traps->destroy_function(this->traps, (void*)destroy_entry);
- this->installing->destroy(this->installing);
this->lock->destroy(this->lock);
free(this);
}
@@ -476,7 +484,6 @@ trap_manager_t *trap_manager_create(void)
},
.traps = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- .installing = thread_value_create(NULL),
);
charon->bus->add_listener(charon->bus, &this->listener.listener);
diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c
index 17eecc2c9..3aabe7eae 100644
--- a/src/libcharon/sa/xauth/xauth_manager.c
+++ b/src/libcharon/sa/xauth/xauth_manager.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "xauth_manager.h"
#include <collections/linked_list.h>
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 032385431..dbfb9889b 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libfast/fast_request.c b/src/libfast/fast_request.c
index 0673750b7..a56a59167 100644
--- a/src/libfast/fast_request.c
+++ b/src/libfast/fast_request.c
@@ -23,7 +23,6 @@
#include <pthread.h>
#include <string.h>
#include <unistd.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -294,31 +293,17 @@ METHOD(fast_request_t, serve, void,
METHOD(fast_request_t, sendfile, bool,
private_fast_request_t *this, char *path, char *mime)
{
- struct stat sb;
- chunk_t data;
- void *addr;
- int fd, written;
+ chunk_t *data;
+ int written;
char buf[24];
- fd = open(path, O_RDONLY);
- if (fd == -1)
+ data = chunk_map(path, FALSE);
+ if (!data)
{
return FALSE;
}
- if (fstat(fd, &sb) == -1)
- {
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- close(fd);
- return FALSE;
- }
-
/* FCGX does not like large integers, print to a buffer using libc */
- snprintf(buf, sizeof(buf), "%lld", (int64_t)sb.st_size);
+ snprintf(buf, sizeof(buf), "%lld", (int64_t)data->len);
FCGX_FPrintF(this->req.out, "Content-Length: %s\n", buf);
if (mime)
{
@@ -326,22 +311,18 @@ METHOD(fast_request_t, sendfile, bool,
}
FCGX_FPrintF(this->req.out, "\n");
- data = chunk_create(addr, sb.st_size);
-
- while (data.len)
+ while (data->len)
{
- written = FCGX_PutStr(data.ptr, data.len, this->req.out);
+ written = FCGX_PutStr(data->ptr, data->len, this->req.out);
if (written == -1)
{
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(data);
return FALSE;
}
- data = chunk_skip(data, written);
+ *data = chunk_skip(*data, written);
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(data);
return TRUE;
}
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
index 429feed55..ff134da7b 100644
--- a/src/libhydra/Android.mk
+++ b/src/libhydra/Android.mk
@@ -26,7 +26,6 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
# build libhydra ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index d3c3ed459..5e0bf3f17 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -275,8 +275,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -344,6 +342,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -432,12 +435,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -452,6 +459,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
index 77567ce48..cc45e5629 100644
--- a/src/libhydra/attributes/mem_pool.c
+++ b/src/libhydra/attributes/mem_pool.c
@@ -573,7 +573,7 @@ static private_mem_pool_t *create_generic(char *name)
(hashtable_equals_t)id_equals, 16),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.reassign_online = lib->settings->get_bool(lib->settings,
- "%s.mem-pool.reassign_online", FALSE, hydra->daemon),
+ "%s.mem-pool.reassign_online", FALSE, lib->ns),
);
return this;
diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c
index f531bd5f4..1b5065081 100644
--- a/src/libhydra/hydra.c
+++ b/src/libhydra/hydra.c
@@ -59,7 +59,6 @@ void libhydra_deinit()
this->public.attributes->destroy(this->public.attributes);
this->public.kernel_interface->destroy(this->public.kernel_interface);
- free((void*)this->public.daemon);
free(this);
hydra = NULL;
}
@@ -67,7 +66,7 @@ void libhydra_deinit()
/**
* Described in header.
*/
-bool libhydra_init(const char *daemon)
+bool libhydra_init()
{
private_hydra_t *this;
@@ -81,7 +80,6 @@ bool libhydra_init(const char *daemon)
INIT(this,
.public = {
.attributes = attribute_manager_create(),
- .daemon = strdup(daemon ?: "libhydra"),
},
.ref = 1,
);
diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h
index 2a8709d72..94209ff59 100644
--- a/src/libhydra/hydra.h
+++ b/src/libhydra/hydra.h
@@ -53,11 +53,6 @@ struct hydra_t {
* kernel interface to communicate with kernel
*/
kernel_interface_t *kernel_interface;
-
- /**
- * name of the daemon that initialized the library
- */
- const char *daemon;
};
/**
@@ -70,15 +65,12 @@ extern hydra_t *hydra;
/**
* Initialize libhydra.
*
- * The daemon's name is used to load daemon-specific settings.
- *
* libhydra_init() may be called multiple times in a single process, but each
- * caller should call libhydra_deinit() for each call to libhydra_init().
+ * caller must call libhydra_deinit() for each call to libhydra_init().
*
- * @param daemon name of the daemon that initializes the library
* @return FALSE if integrity check failed
*/
-bool libhydra_init(const char *daemon);
+bool libhydra_init();
/**
* Deinitialize libhydra.
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index cbfddd03b..3e34d20a6 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -796,12 +796,12 @@ kernel_interface_t *kernel_interface_create()
);
ifaces = lib->settings->get_str(lib->settings,
- "%s.interfaces_use", NULL, hydra->daemon);
+ "%s.interfaces_use", NULL, lib->ns);
if (!ifaces)
{
this->ifaces_exclude = TRUE;
ifaces = lib->settings->get_str(lib->settings,
- "%s.interfaces_ignore", NULL, hydra->daemon);
+ "%s.interfaces_ignore", NULL, lib->ns);
}
if (ifaces)
{
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index af0a77fe3..e762b7757 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 1a2fa7f28..a27fd57b1 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -109,7 +109,7 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
host_t *host;
char *str;
- str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon,
+ str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, lib->ns,
key, nr);
if (str)
{
@@ -179,7 +179,7 @@ static void load_entries(private_attr_provider_t *this)
}
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
- "%s.plugins.attr", hydra->daemon);
+ "%s.plugins.attr", lib->ns);
while (enumerator->enumerate(enumerator, &key, &value))
{
configuration_attribute_type_t type;
@@ -190,6 +190,10 @@ static void load_entries(private_attr_provider_t *this)
char *pos;
int i, mask = -1, family;
+ if (streq(key, "load"))
+ {
+ continue;
+ }
type = atoi(key);
if (!type)
{
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 7b7b5de05..1d258f2fb 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index 702872c57..dde90051a 100644
--- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -61,7 +61,7 @@ static bool open_database(private_attr_sql_plugin_t *this,
char *uri;
uri = lib->settings->get_str(lib->settings,
- "libhydra.plugins.attr-sql.database", NULL);
+ "%s.plugins.attr-sql.database", NULL, lib->ns);
if (!uri)
{
DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
@@ -122,6 +122,8 @@ plugin_t *attr_sql_plugin_create()
},
},
);
+ lib->settings->add_fallback(lib->settings, "%s.plugins.attr-sql",
+ "libhydra.plugins.attr-sql", lib->ns);
return &this->public.plugin;
}
diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
index 0a06c419f..d527c3fba 100644
--- a/src/libhydra/plugins/attr_sql/sql_attribute.c
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.c
@@ -457,7 +457,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
},
.db = db,
.history = lib->settings->get_bool(lib->settings,
- "libhydra.plugins.attr-sql.lease_history", TRUE),
+ "%s.plugins.attr-sql.lease_history", TRUE, lib->ns),
);
/* close any "online" leases in the case we crashed */
diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in
index a639ef6c3..c804c8e81 100644
--- a/src/libhydra/plugins/kernel_klips/Makefile.in
+++ b/src/libhydra/plugins/kernel_klips/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index a226162c3..a75ccf3b6 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -311,8 +311,8 @@ static status_t attach_ipsec_dev(char* name, char *phys_name)
}
mtu = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-klips.ipsec_dev_mtu", 0,
- hydra->daemon);
+ "%s.plugins.kernel-klips.ipsec_dev_mtu", 0,
+ lib->ns);
if (mtu <= 0)
{
/* guess MTU as physical MTU - ESP overhead [- NAT-T overhead]
@@ -2505,8 +2505,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
{
int i, count = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-klips.ipsec_dev_count",
- DEFAULT_IPSEC_DEV_COUNT, hydra->daemon);
+ "%s.plugins.kernel-klips.ipsec_dev_count",
+ DEFAULT_IPSEC_DEV_COUNT, lib->ns);
for (i = 0; i < count; ++i)
{
@@ -2611,7 +2611,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE,
- hydra->daemon),
+ lib->ns),
);
/* initialize ipsec devices */
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index 5f85da653..5910cfd92 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8352b9311..c864a92f4 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1203,6 +1203,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
struct nlmsghdr *hdr;
struct xfrm_usersa_info *sa;
u_int16_t icv_size = 64;
+ ipsec_mode_t original_mode = mode;
status_t status = FAILED;
/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
@@ -1213,7 +1214,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark,
tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED,
chunk_empty, mode, ipcomp, 0, initiator, FALSE, FALSE, inbound,
- NULL, NULL);
+ src_ts, dst_ts);
ipcomp = IPCOMP_NONE;
/* use transport mode ESP SA, IPComp uses tunnel mode */
mode = MODE_TRANSPORT;
@@ -1243,7 +1244,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
break;
case MODE_BEET:
case MODE_TRANSPORT:
- if(src_ts && dst_ts)
+ if (original_mode == MODE_TUNNEL)
+ { /* don't install selectors for switched SAs. because only one
+ * selector can be installed other traffic would get dropped */
+ break;
+ }
+ if (src_ts && dst_ts)
{
sa->sel = ts2selector(src_ts, dst_ts);
/* don't install proto/port on SA. This would break
@@ -1459,8 +1465,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
- if (tfc)
- {
+ if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL)
+ { /* the kernel supports TFC padding only for tunnel mode ESP SAs */
u_int32_t *tfcpad;
tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
@@ -2679,15 +2685,15 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.policy_history = TRUE,
.install_routes = lib->settings->get_bool(lib->settings,
- "%s.install_routes", TRUE, hydra->daemon),
+ "%s.install_routes", TRUE, lib->ns),
.replay_window = lib->settings->get_int(lib->settings,
- "%s.replay_window", DEFAULT_REPLAY_WINDOW, hydra->daemon),
+ "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
);
this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) /
(sizeof(u_int32_t) * 8);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
@@ -2697,7 +2703,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
{
fprintf(f, "%u", lib->settings->get_int(lib->settings,
"%s.plugins.kernel-netlink.xfrm_acq_expires",
- DEFAULT_ACQUIRE_LIFETIME, hydra->daemon));
+ DEFAULT_ACQUIRE_LIFETIME, lib->ns));
fclose(f);
}
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index d27075082..3cf317634 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1962,10 +1962,13 @@ METHOD(kernel_net_t, add_route, status_t,
this->routes_lock->unlock(this->routes_lock);
return ALREADY_DONE;
}
- found = route_entry_clone(&route);
- this->routes->put(this->routes, found, found);
status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
dst_net, prefixlen, gateway, src_ip, if_name);
+ if (status == SUCCESS)
+ {
+ found = route_entry_clone(&route);
+ this->routes->put(this->routes, found, found);
+ }
this->routes_lock->unlock(this->routes_lock);
return status;
}
@@ -2122,7 +2125,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request));
fwmark = lib->settings->get_str(lib->settings,
- "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon);
+ "%s.plugins.kernel-netlink.fwmark", NULL, lib->ns);
if (fwmark)
{
#ifdef HAVE_LINUX_FIB_RULES_H
@@ -2282,30 +2285,30 @@ kernel_netlink_net_t *kernel_netlink_net_create()
.condvar = rwlock_condvar_create(),
.roam_lock = spinlock_create(),
.routing_table = lib->settings->get_int(lib->settings,
- "%s.routing_table", ROUTING_TABLE, hydra->daemon),
+ "%s.routing_table", ROUTING_TABLE, lib->ns),
.routing_table_prio = lib->settings->get_int(lib->settings,
- "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon),
+ "%s.routing_table_prio", ROUTING_TABLE_PRIO, lib->ns),
.process_route = lib->settings->get_bool(lib->settings,
- "%s.process_route", TRUE, hydra->daemon),
+ "%s.process_route", TRUE, lib->ns),
.install_virtual_ip = lib->settings->get_bool(lib->settings,
- "%s.install_virtual_ip", TRUE, hydra->daemon),
+ "%s.install_virtual_ip", TRUE, lib->ns),
.install_virtual_ip_on = lib->settings->get_str(lib->settings,
- "%s.install_virtual_ip_on", NULL, hydra->daemon),
+ "%s.install_virtual_ip_on", NULL, lib->ns),
.roam_events = lib->settings->get_bool(lib->settings,
- "%s.plugins.kernel-netlink.roam_events", TRUE, hydra->daemon),
+ "%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
check_kernel_features(this);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
exclude = lib->settings->get_str(lib->settings,
- "%s.ignore_routing_tables", NULL, hydra->daemon);
+ "%s.ignore_routing_tables", NULL, lib->ns);
if (exclude)
{
char *token;
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 8903a460e..5d0e927de 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 98a6f81d5..4704d419f 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2861,10 +2861,10 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE,
- hydra->daemon),
+ lib->ns),
);
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{ /* starter has no threads, so we do not register for kernel events */
register_for_events = FALSE;
}
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 29a70799f..8e01d2992 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index bc10610cd..a8a57a5a2 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1420,9 +1420,12 @@ METHOD(kernel_net_t, add_route, status_t,
this->routes_lock->unlock(this->routes_lock);
return ALREADY_DONE;
}
- found = route_entry_clone(&route);
- this->routes->put(this->routes, found, found);
status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name);
+ if (status == SUCCESS)
+ {
+ found = route_entry_clone(&route);
+ this->routes->put(this->routes, found, found);
+ }
this->routes_lock->unlock(this->routes_lock);
return status;
}
@@ -1782,7 +1785,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
.net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT),
.roam_lock = spinlock_create(),
.vip_wait = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon),
+ "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
@@ -1796,7 +1799,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
return NULL;
}
- if (streq(hydra->daemon, "starter"))
+ if (streq(lib->ns, "starter"))
{
/* starter has no threads, so we do not register for kernel events */
if (shutdown(this->socket, SHUT_RD) != 0)
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index 28b4b8fcf..0e520f126 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c
index 2eee854a9..069466ab5 100644
--- a/src/libhydra/plugins/resolve/resolve_handler.c
+++ b/src/libhydra/plugins/resolve/resolve_handler.c
@@ -361,7 +361,7 @@ resolve_handler_t *resolve_handler_create()
},
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.file = lib->settings->get_str(lib->settings, "%s.plugins.resolve.file",
- RESOLV_CONF, hydra->daemon),
+ RESOLV_CONF, lib->ns),
);
if (stat(RESOLVCONF_EXEC, &st) == 0)
@@ -369,7 +369,7 @@ resolve_handler_t *resolve_handler_create()
this->use_resolvconf = TRUE;
this->iface_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.resolve.resolvconf.iface_prefix",
- RESOLVCONF_PREFIX, hydra->daemon);
+ RESOLVCONF_PREFIX, lib->ns);
}
return &this->public;
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 86f172dd8..96e759724 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -24,7 +24,6 @@ libimcv_la_SOURCES = \
imv/imv_remediation_string.h imv/imv_remediation_string.c \
imv/imv_session.h imv/imv_session.c \
imv/imv_workitem.h imv/imv_workitem.c \
- imv/tables.sql imv/data.sql \
ietf/ietf_attr.h ietf/ietf_attr.c \
ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
@@ -53,6 +52,9 @@ libimcv_la_SOURCES = \
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy
+templatesdir = $(pkgdatadir)/templates/database/imv
+dist_templates_DATA = imv/tables.sql imv/data.sql
+
ipsec_PROGRAMS = imv_policy_manager
imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 2d488eabb..4c8287b70 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -16,6 +16,7 @@
+
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -89,7 +90,7 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
@USE_IMV_OS_TRUE@am__append_6 = plugins/imv_os
subdir = src/libimcv
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+ $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -135,7 +136,7 @@ am__uninstall_files_from_dir = { \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" \
- "$(DESTDIR)$(ipsecdir)"
+ "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"
LTLIBRARIES = $(ipseclib_LTLIBRARIES)
libimcv_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
@@ -224,6 +225,7 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+DATA = $(dist_templates_DATA)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
@@ -293,8 +295,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -362,6 +362,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -450,12 +455,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -470,6 +479,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -505,7 +515,6 @@ libimcv_la_SOURCES = \
imv/imv_remediation_string.h imv/imv_remediation_string.c \
imv/imv_session.h imv/imv_session.c \
imv/imv_workitem.h imv/imv_workitem.c \
- imv/tables.sql imv/data.sql \
ietf/ietf_attr.h ietf/ietf_attr.c \
ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \
ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \
@@ -533,6 +542,8 @@ libimcv_la_SOURCES = \
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy
+templatesdir = $(pkgdatadir)/templates/database/imv
+dist_templates_DATA = imv/tables.sql imv/data.sql
imv_policy_manager_SOURCES = \
imv/imv_policy_manager.c \
imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c
@@ -891,6 +902,27 @@ clean-libtool:
-rm -rf ita/.libs ita/_libs
-rm -rf os_info/.libs os_info/_libs
-rm -rf pa_tnc/.libs pa_tnc/_libs
+install-dist_templatesDATA: $(dist_templates_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+ done
+
+uninstall-dist_templatesDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir)
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
@@ -1048,10 +1080,10 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-recursive
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS)
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA)
installdirs: installdirs-recursive
installdirs-am:
- for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
@@ -1119,8 +1151,8 @@ info: info-recursive
info-am:
-install-data-am: install-ipsecPROGRAMS install-ipsecSCRIPTS \
- install-ipseclibLTLIBRARIES
+install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS \
+ install-ipsecSCRIPTS install-ipseclibLTLIBRARIES
install-dvi: install-dvi-recursive
@@ -1166,8 +1198,8 @@ ps: ps-recursive
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
- uninstall-ipseclibLTLIBRARIES
+uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
+ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
.MAKE: $(am__recursive_targets) install-am install-strip
@@ -1177,17 +1209,18 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-ipsecSCRIPTS \
+ install-data-am install-dist_templatesDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-ipsecSCRIPTS \
install-ipseclibLTLIBRARIES install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \
- uninstall-ipseclibLTLIBRARIES
+ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
+ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
index b5862daee..2a4fd33df 100644
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@@ -109,7 +109,7 @@ bool libimcv_init(bool is_imv)
else
{
/* we are the first to initialize libstrongswan */
- if (!library_init(NULL))
+ if (!library_init(NULL, "libimcv"))
{
return FALSE;
}
@@ -134,6 +134,10 @@ bool libimcv_init(bool is_imv)
}
ref_get(&libstrongswan_ref);
+ lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns);
+ lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
+ lib->ns);
+
if (libimcv_ref == 0)
{
char *uri, *script;
@@ -149,9 +153,10 @@ bool libimcv_init(bool is_imv)
if (is_imv)
{
uri = lib->settings->get_str(lib->settings,
- "libimcv.database", NULL);
+ "%s.imcv.database", NULL, lib->ns);
script = lib->settings->get_str(lib->settings,
- "libimcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT);
+ "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT,
+ lib->ns);
if (uri)
{
imcv_db = imv_database_create(uri, script);
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 241a99645..9d938b9b8 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -168,6 +168,42 @@ INSERT INTO products ( /* 28 */
'Debian 7.2 x86_64'
);
+INSERT INTO products ( /* 29 */
+ name
+) VALUES (
+ 'Android 4.1.2'
+);
+
+INSERT INTO products ( /* 30 */
+ name
+) VALUES (
+ 'Android 4.2.2'
+);
+
+INSERT INTO products ( /* 31 */
+ name
+) VALUES (
+ 'Android 4.3.1'
+);
+
+INSERT INTO products ( /* 32 */
+ name
+) VALUES (
+ 'Android 4.4'
+);
+
+INSERT INTO products ( /* 33 */
+ name
+) VALUES (
+ 'Android 4.4.1'
+);
+
+INSERT INTO products ( /* 34 */
+ name
+) VALUES (
+ 'Android 4.4.2'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -568,6 +604,24 @@ INSERT INTO groups ( /* 10 */
'Ref. Linux', 8
);
+INSERT INTO groups ( /* 11 */
+ name
+) VALUES (
+ 'TPM BIOS'
+);
+
+INSERT INTO groups ( /* 12 */
+ name
+) VALUES (
+ 'TPM IMA'
+);
+
+INSERT INTO groups ( /* 13 */
+ name
+) VALUES (
+ 'TPM BIOS/IMA'
+);
+
/* Default Product Groups */
INSERT INTO groups_product_defaults (
@@ -732,6 +786,42 @@ INSERT INTO groups_product_defaults (
3, 22
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 29
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 30
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 31
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 32
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 33
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 3, 34
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
@@ -842,6 +932,24 @@ INSERT INTO policies ( /* 18 */
15, 'SWID Tags', '', 2, 2
);
+INSERT INTO policies ( /* 19 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM BIOS Measurements', 'B', 2, 2
+);
+
+INSERT INTO policies ( /* 20 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM IMA Measurements', 'I', 2, 2
+);
+
+INSERT INTO policies ( /* 21 */
+ type, name, argument, rec_fail, rec_noresult
+) VALUES (
+ 16, 'TPM BIOS/IMA Measurements', 'BI', 2, 2
+);
+
/* Enforcements */
INSERT INTO enforcements ( /* 1 */
@@ -928,6 +1036,24 @@ INSERT INTO enforcements ( /* 14 */
15, 9, 0
);
+INSERT INTO enforcements ( /* 15 */
+ policy, group_id, max_age
+) VALUES (
+ 19, 11, 60
+);
+
+INSERT INTO enforcements ( /* 16 */
+ policy, group_id, max_age
+) VALUES (
+ 20, 12, 60
+);
+
+INSERT INTO enforcements ( /* 17 */
+ policy, group_id, max_age
+) VALUES (
+ 21, 13, 60
+);
+
/* regids */
INSERT INTO regids ( /* 1 */
@@ -1058,3 +1184,9 @@ INSERT INTO tags (
10, 'strongSwan-5-1-1'
);
+INSERT INTO tags (
+ regid, unique_sw_id
+) VALUES (
+ 10, 'strongSwan-5-1-2'
+);
+
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index 642b47935..e7181750c 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -208,8 +208,8 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
}
/* Send an IETF Assessment Result attribute if enabled */
- if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result",
- TRUE))
+ if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result",
+ TRUE, lib->ns))
{
this->state->get_recommendation(this->state, &rec, &eval);
attr = ietf_attr_assess_result_create(eval);
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 61e0cd05b..028721af3 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -188,7 +188,7 @@ static bool policy_start(database_t *db, int session_id)
e->destroy(e);
/* if a device ID with a creation date exists, get all group memberships */
- if (device_id & created)
+ if (device_id && created)
{
e = db->query(db,
"SELECT group_id FROM groups_members WHERE device_id = ?",
@@ -288,7 +288,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "imv_policy_manager"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -328,7 +328,12 @@ int main(int argc, char *argv[])
session_id = atoi(tnc_session_id);
/* attach IMV database */
- uri = lib->settings->get_str(lib->settings, "libimcv.database", NULL);
+ uri = lib->settings->get_str(lib->settings,
+ "imv_policy_manager.database",
+ lib->settings->get_str(lib->settings,
+ "charon.imcv.database",
+ lib->settings->get_str(lib->settings,
+ "libimcv.database", NULL)));
if (!uri)
{
fprintf(stderr, "database uri not defined.\n");
diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c
index d1447ec35..c09b7bdba 100644
--- a/src/libimcv/imv/imv_reason_string.c
+++ b/src/libimcv/imv/imv_reason_string.c
@@ -35,6 +35,11 @@ struct private_imv_reason_string_t {
char *lang;
/**
+ * Separator concatenating multiple reasons
+ */
+ char *separator;
+
+ /**
* Contains the concatenated reasons
*/
chunk_t reasons;
@@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void,
if (this->reasons.len)
{
/* append any further reasons */
- this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'),
+ this->reasons = chunk_cat("mcc", this->reasons,
+ chunk_from_str(this->separator),
chunk_create(s_reason, strlen(s_reason)));
}
else
@@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void,
/**
* Described in header.
*/
-imv_reason_string_t *imv_reason_string_create(char *lang)
+imv_reason_string_t *imv_reason_string_create(char *lang, char *separator)
{
private_imv_reason_string_t *this;
@@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang)
.destroy = _destroy,
},
.lang = lang,
+ .separator = separator,
);
return &this->public;
diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h
index cb4c27f93..c35ec36cc 100644
--- a/src/libimcv/imv/imv_reason_string.h
+++ b/src/libimcv/imv/imv_reason_string.h
@@ -58,7 +58,8 @@ struct imv_reason_string_t {
* Creates an Reason String object
*
* @param lang Preferred language
+ * @param separator String separating multiple reasons
*/
- imv_reason_string_t* imv_reason_string_create(char *lang);
+ imv_reason_string_t* imv_reason_string_create(char *lang, char *separator);
#endif /** IMV_REASON_STRING_H_ @}*/
diff --git a/src/libimcv/imv/imv_workitem.c b/src/libimcv/imv/imv_workitem.c
index 2141f73e6..8784a0ccf 100644
--- a/src/libimcv/imv/imv_workitem.c
+++ b/src/libimcv/imv/imv_workitem.c
@@ -20,7 +20,7 @@
typedef struct private_imv_workitem_t private_imv_workitem_t;
-ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
+ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_TPM_ATTEST,
"PCKGS",
"UNSRC",
"FWDEN",
@@ -35,7 +35,8 @@ ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS,
"TCPBL",
"UDPOP",
"UDPBL",
- "SWIDT"
+ "SWIDT",
+ "TPMRA"
);
/**
diff --git a/src/libimcv/imv/imv_workitem.h b/src/libimcv/imv/imv_workitem.h
index 868997797..93a4b5874 100644
--- a/src/libimcv/imv/imv_workitem.h
+++ b/src/libimcv/imv/imv_workitem.h
@@ -44,7 +44,8 @@ enum imv_workitem_type_t {
IMV_WORKITEM_TCP_PORT_BLOCK = 12,
IMV_WORKITEM_UDP_PORT_OPEN = 13,
IMV_WORKITEM_UDP_PORT_BLOCK = 14,
- IMV_WORKITEM_SWID_TAGS = 15
+ IMV_WORKITEM_SWID_TAGS = 15,
+ IMV_WORKITEM_TPM_ATTEST = 16
};
extern enum_name_t *imv_workitem_type_names;
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index f32ab2bfe..9692e1ffd 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -13,14 +13,15 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_command.h"
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_command_t private_ita_attr_command_t;
/**
diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c
index 196613153..d0bc31d32 100644
--- a/src/libimcv/ita/ita_attr_get_settings.c
+++ b/src/libimcv/ita/ita_attr_get_settings.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_get_settings.h"
@@ -22,8 +25,6 @@
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_get_settings_t private_ita_attr_get_settings_t;
/**
@@ -166,7 +167,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
status = SUCCESS;
end:
- reader->destroy(reader);
+ reader->destroy(reader);
return status;
}
@@ -182,7 +183,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
if (ref_put(&this->ref))
{
- this->list->destroy_function(this->list, free);
+ this->list->destroy_function(this->list, free);
free(this->value.ptr);
free(this);
}
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index 9ce253d28..0d2967e66 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "ita_attr.h"
#include "ita_attr_settings.h"
@@ -22,8 +25,6 @@
#include <pen/pen.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_ita_attr_settings_t private_ita_attr_settings_t;
typedef struct entry_t entry_t;
@@ -211,7 +212,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
status = SUCCESS;
end:
- reader->destroy(reader);
+ reader->destroy(reader);
return status;
}
@@ -227,7 +228,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
if (ref_put(&this->ref))
{
- this->list->destroy_function(this->list, (void*)free_entry);
+ this->list->destroy_function(this->list, (void*)free_entry);
free(this->value.ptr);
free(this);
}
diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c
index 17000cd27..06427575c 100644
--- a/src/libimcv/os_info/os_info.c
+++ b/src/libimcv/os_info/os_info.c
@@ -560,9 +560,9 @@ os_info_t *os_info_create(void)
/* As an option OS name and OS version can be configured manually */
name.ptr = lib->settings->get_str(lib->settings,
- "libimcv.os_info.name", NULL);
+ "%s.imcv.os_info.name", NULL, lib->ns);
version.ptr = lib->settings->get_str(lib->settings,
- "libimcv.os_info.version", NULL);
+ "%s.imcv.os_info.version", NULL, lib->ns);
if (name.ptr && version.ptr)
{
name.len = strlen(name.ptr);
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index a44721b04..bfb3f0022 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -213,8 +213,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index 2558be9f8..647a44957 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -387,7 +387,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
if (lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-os.push_info", TRUE))
+ "%s.plugins.imc-os.push_info", TRUE, lib->ns))
{
out_msg = imc_msg_create(imc_os, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 44b50e69b..3db0f2ba2 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index c87e827cd..2be6a87df 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -274,7 +274,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
if (lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-scanner.push_info", TRUE))
+ "%s.plugins.imc-scanner.push_info", TRUE, lib->ns))
{
out_msg = imc_msg_create(imc_scanner, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index afbd244c9..64e1c271c 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -213,8 +213,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c
index c97d41628..ee982d93b 100644
--- a/src/libimcv/plugins/imc_test/imc_test.c
+++ b/src/libimcv/plugins/imc_test/imc_test.c
@@ -91,11 +91,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
{
case TNC_CONNECTION_STATE_CREATE:
command = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-test.command", "none");
+ "%s.plugins.imc-test.command", "none", lib->ns);
dummy_size = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-test.dummy_size", 0);
+ "%s.plugins.imc-test.dummy_size", 0, lib->ns);
retry = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-test.retry", FALSE);
+ "%s.plugins.imc-test.retry", FALSE, lib->ns);
state = imc_test_state_create(connection_id, command, dummy_size,
retry);
@@ -107,7 +107,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
/* Optionally reserve additional IMC IDs */
additional_ids = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-test.additional_ids", 0);
+ "%s.plugins.imc-test.additional_ids", 0, lib->ns);
imc_test->reserve_additional_ids(imc_test, additional_ids -
imc_test->count_additional_ids(imc_test));
@@ -127,8 +127,8 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
if (!test_state->is_first_handshake(test_state))
{
command = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-test.retry_command",
- test_state->get_command(test_state));
+ "%s.plugins.imc-test.retry_command",
+ test_state->get_command(test_state), lib->ns);
test_state->set_command(test_state, command);
}
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index ed3fbb285..856ced897 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index d2a08b0fa..12cf207d8 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -13,12 +13,13 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_os_database.h"
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_imv_os_database_t private_imv_os_database_t;
/**
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index f6d904c3c..4f5a4b039 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -421,7 +421,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->count_update || this->count_blacklist)
{
@@ -494,7 +494,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
*string = this->remediation_string->get_encoding(this->remediation_string);
*uri = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-os.remediation_uri", NULL);
+ "%s.plugins.imv-os.remediation_uri", NULL, lib->ns);
return TRUE;
}
diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c
index 57cc62a08..019e2adb8 100644
--- a/src/libimcv/plugins/imv_os/pacman.c
+++ b/src/libimcv/plugins/imv_os/pacman.c
@@ -466,12 +466,12 @@ int main(int argc, char *argv[])
atexit(cleanup);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "pacman"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "attest.load", "sqlite")))
+ lib->settings->get_str(lib->settings, "pacman.load", "sqlite")))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh
index 621905edf..3dfea3905 100755
--- a/src/libimcv/plugins/imv_os/pacman.sh
+++ b/src/libimcv/plugins/imv_os/pacman.sh
@@ -13,6 +13,7 @@ DEBIAN_ARCH="binary-amd64 binary-i386"
PACMAN=/usr/libexec/ipsec/pacman
PACMAN_LOG="$DIR/$DATE-pacman.log"
+mkdir -p $DIR/dists
cd $DIR/dists
for v in $UBUNTU_VERSIONS
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 52ac0144f..748b9a72d 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 4c570c46a..90475d34d 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -281,7 +281,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION)
{
this->reason_string->add_reason(this->reason_string, reasons);
@@ -314,7 +314,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
this->violating_ports);
*string = this->remediation_string->get_encoding(this->remediation_string);
*uri = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-scanner.remediation_uri", NULL);
+ "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns);
return TRUE;
}
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index ec5bb8332..3c73e8f95 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c
index cdf0e18cd..42630003b 100644
--- a/src/libimcv/plugins/imv_test/imv_test_agent.c
+++ b/src/libimcv/plugins/imv_test/imv_test_agent.c
@@ -103,7 +103,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
/* add any new IMC and set its number of rounds */
rounds = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-test.rounds", 0);
+ "%s.plugins.imv-test.rounds", 0, lib->ns);
test_state = (imv_test_state_t*)state;
test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds);
@@ -178,7 +178,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
@@ -200,7 +200,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
out_msg->add_attribute(out_msg, attr);
/* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
return result;
@@ -214,11 +214,11 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
else
- {
+ {
return TNC_RESULT_SUCCESS;
}
}
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 0da09df67..f05db8027 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -228,7 +228,7 @@ METHOD(imv_state_t, get_reason_string, bool,
/* Instantiate a TNC Reason String object */
DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
this->reason_string->add_reason(this->reason_string, reasons);
*reason_string = this->reason_string->get_encoding(this->reason_string);
diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk
index 37f400fc3..c5d987977 100644
--- a/src/libipsec/Android.mk
+++ b/src/libipsec/Android.mk
@@ -20,7 +20,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libipsec_la_SOURCES))
# build libipsec ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index cf44fc6f8..737edad3f 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -255,8 +255,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -324,6 +322,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -412,12 +415,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -432,6 +439,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in
index a9b3f19ef..05c27d9cb 100644
--- a/src/libpts/Makefile.in
+++ b/src/libpts/Makefile.in
@@ -293,8 +293,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -362,6 +360,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -450,12 +453,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -470,6 +477,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in
index 2d9279119..7a539ef22 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ b/src/libpts/plugins/imc_attestation/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
index 92e2e3abe..fbe81ee48 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
@@ -109,8 +109,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
int nonce_len, min_nonce_len;
nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN);
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
@@ -165,8 +165,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN);
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
if (nonce_len != initiator_nonce.len)
{
DBG1(DBG_IMC, "initiator and responder DH nonces "
@@ -428,7 +428,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
}
use_quote2 = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-attestation.use_quote2", TRUE);
+ "%s.plugins.imc-attestation.use_quote2", TRUE,
+ lib->ns);
if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, &quote_sig))
{
DBG1(DBG_IMC, "error occurred during TPM quote operation");
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in
index f62c05a3e..e1c932e45 100644
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ b/src/libpts/plugins/imc_swid/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
index e1305805a..d4aaeff4d 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libpts/plugins/imc_swid/imc_swid.c
@@ -181,8 +181,8 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
swid_directory = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY);
+ "%s.plugins.imc-swid.swid_directory",
+ SWID_DIRECTORY, lib->ns);
swid_inventory = swid_inventory_create(full_tags);
if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
{
diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libpts/plugins/imv_attestation/Makefile.in
index 032d07a38..c1c14d476 100644
--- a/src/libpts/plugins/imv_attestation/Makefile.in
+++ b/src/libpts/plugins/imv_attestation/Makefile.in
@@ -227,8 +227,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -296,6 +294,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -384,12 +387,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -404,6 +411,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
index 4d25df3f4..b8a6854cb 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libpts/plugins/imv_attestation/attest.c
@@ -266,19 +266,20 @@ static void do_args(int argc, char *argv[])
continue;
case 'F':
{
- char *path = strdup(optarg);
- char *dir = dirname(path);
- char *file = basename(optarg);
+ char *dir = path_dirname(optarg);
+ char *file = path_basename(optarg);
if (*dir != '.')
{
if (!attest->set_directory(attest, dir, op == OP_ADD))
{
- free(path);
+ free(file);
+ free(dir);
exit(EXIT_FAILURE);
}
}
- free(path);
+ free(file);
+ free(dir);
if (!attest->set_file(attest, file, op == OP_ADD))
{
exit(EXIT_FAILURE);
@@ -439,7 +440,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "attest"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c
index d7654ab43..7a8a1135a 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libpts/plugins/imv_attestation/attest_db.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -1555,7 +1555,7 @@ METHOD(attest_db_t, list_sessions, void,
device_len = min(strlen(device), DEVICE_MAX_LEN);
identity = identity.len ? identity : chunk_from_str("-");
printf("%4d: %T %2d %-20s %.*s%*s%.*s - %N\n", session_id, &created,
- FALSE, conn_id, product, device_len, device,
+ this->utc, conn_id, product, device_len, device,
DEVICE_MAX_LEN - device_len + 1, " ", (int)identity.len,
identity.ptr, TNC_IMV_Action_Recommendation_names, rec);
}
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libpts/plugins/imv_attestation/attest_usage.c
index 324fcafc3..8f4afdbad 100644
--- a/src/libpts/plugins/imv_attestation/attest_usage.c
+++ b/src/libpts/plugins/imv_attestation/attest_usage.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@ void usage(void)
{
printf("\
Usage:\n\
- ipsec attest --components|--devices|--files|--hashes|--keys [options]\n\
+ ipsec attest --components|--devices|--sessions|--files|--hashes|--keys [options]\n\
\n\
ipsec attest --measurements|--packages|--products|--add|--del [options]\n\
\n\
@@ -35,6 +35,9 @@ Usage:\n\
ipsec attest --devices [--utc]\n\
Show a list of registered devices and associated collected information\n\
\n\
+ ipsec attest --sessions [--utc]\n\
+ Show a chronologically sorted list of all TNC sessions\n\
+ \n\
ipsec attest --files [--product <name>|--pid <id>]\n\
Show a list of files with a software product name or\n\
its primary key as an optional selector.\n\
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index 978c74001..e8c3c5e40 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -14,6 +14,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_attestation_agent.h"
#include "imv_attestation_state.h"
#include "imv_attestation_process.h"
@@ -33,8 +36,11 @@
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/pts_creds.h>
+#include <pts/components/ita/ita_comp_func_name.h>
#include <tcg/tcg_attr.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
@@ -289,10 +295,15 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
imv_state_t *state;
imv_session_t *session;
imv_attestation_state_t *attestation_state;
+ imv_attestation_handshake_state_t handshake_state;
+ imv_workitem_t *workitem;
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
TNC_IMVID imv_id;
TNC_Result result = TNC_RESULT_SUCCESS;
pts_t *pts;
char *platform_info;
+ enumerator_t *enumerator;
if (!this->agent->get_state(this->agent, id, &state))
{
@@ -300,6 +311,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
}
attestation_state = (imv_attestation_state_t*)state;
pts = attestation_state->get_pts(attestation_state);
+ handshake_state = attestation_state->get_handshake_state(attestation_state);
platform_info = pts->get_platform_info(pts);
session = state->get_session(state);
imv_id = this->agent->get_id(this->agent);
@@ -336,21 +348,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
state->set_action_flags(state, IMV_ATTESTATION_FLAG_ATTR_REQ);
}
+ if (handshake_state == IMV_ATTESTATION_STATE_INIT)
+ {
+ pa_tnc_attr_t *attr;
+ pts_proto_caps_flag_t flags;
+
+ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
+ msg_types[0]);
+
+ /* Send Request Protocol Capabilities attribute */
+ flags = pts->get_proto_caps(pts);
+ attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Measurement Algorithms attribute */
+ attr = tcg_pts_attr_meas_algo_create(this->supported_algorithms, FALSE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_DISCOVERY);
+
+ /* send these initial PTS attributes and exit */
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+ }
+
+ /* exit if we are not ready yet for PTS measurements */
+ if (!platform_info || !session ||
+ !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO))
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
/* create an empty out message - we might need it */
out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
msg_types[0]);
- if (platform_info && session &&
- (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO) &&
- !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS))
+ /* establish the PTS measurements to be taken */
+ if (!(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS))
{
- imv_workitem_t *workitem;
bool is_dir, no_workitems = TRUE;
u_int32_t delimiter = SOLIDUS_UTF;
u_int16_t request_id;
pa_tnc_attr_t *attr;
char *pathname;
- enumerator_t *enumerator;
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
enumerator = session->create_workitem_enumerator(session);
if (enumerator)
@@ -374,10 +422,75 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
case IMV_WORKITEM_DIR_META:
is_dir = TRUE;
break;
+ case IMV_WORKITEM_TPM_ATTEST:
+ {
+ pts_component_t *comp;
+ pts_comp_func_name_t *comp_name;
+ bool no_d_flag, no_t_flag;
+ char result_str[BUF_LEN];
+
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ no_d_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D);
+ no_t_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T);
+ if (no_d_flag || no_t_flag)
+ {
+ snprintf(result_str, BUF_LEN, "%s%s%s",
+ (no_t_flag) ? "no TPM available" : "",
+ (no_t_flag && no_d_flag) ? ", " : "",
+ (no_d_flag) ? "no DH nonce negotiation" : "");
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ continue;
+ }
+
+ /* do TPM BIOS measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'B'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ /* do TPM IMA measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'I'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_NONCE_REQ);
+ continue;
+ }
default:
continue;
}
+ /* initiate file and directory measurements */
pathname = this->pts_db->get_pathname(this->pts_db, is_dir,
workitem->get_arg_int(workitem));
if (!pathname)
@@ -440,22 +553,35 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
}
/* check the IMV state for the next PA-TNC attributes to send */
- if (!imv_attestation_build(out_msg, state, this->supported_algorithms,
- this->supported_dh_groups, this->pts_db))
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
{
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- state->set_action_flags(state, IMV_ATTESTATION_FLAG_REC);
-
- if (result != TNC_RESULT_SUCCESS)
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
{
- return result;
+ if (!imv_attestation_build(out_msg, state,
+ this->supported_dh_groups, this->pts_db))
+ {
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+ char *result_str;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(attestation_state,
+ reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ }
+ break;
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ enumerator->destroy(enumerator);
/* finalized all workitems? */
if (session && session->get_policy_started(session) &&
@@ -524,18 +650,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
case IMV_WORKITEM_FILE_MEAS:
case IMV_WORKITEM_DIR_REF_MEAS:
case IMV_WORKITEM_DIR_MEAS:
- session->remove_workitem(session, enumerator);
- result_str = "pending file measurements";
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
+ result_str = "Pending file measurements";
pending_file_meas++;
break;
- default:
+ case IMV_WORKITEM_TPM_ATTEST:
+ attestation_state->finalize_components(attestation_state);
+ result_str = "Pending component evidence";
break;
+ default:
+ continue;
}
+ session->remove_workitem(session, enumerator);
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
}
enumerator->destroy(enumerator);
@@ -585,11 +715,11 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
}
hash_alg = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.hash_algorithm", "sha256");
+ "%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns);
dh_group = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.dh_group", "ecp256");
+ "%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns);
cadir = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.cadir", NULL);
+ "%s.plugins.imv-attestation.cadir", NULL, lib->ns);
INIT(this,
.public = {
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
index 1fbde2c6d..84023c6c6 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,8 +17,6 @@
#include "imv_attestation_build.h"
#include "imv_attestation_state.h"
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
@@ -27,9 +26,7 @@
#include <utils/debug.h>
-bool imv_attestation_build(imv_msg_t *out_msg,
- imv_state_t *state,
- pts_meas_algorithms_t supported_algorithms,
+bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
pts_dh_group_t supported_dh_groups,
pts_database_t *pts_db)
{
@@ -42,67 +39,15 @@ bool imv_attestation_build(imv_msg_t *out_msg,
handshake_state = attestation_state->get_handshake_state(attestation_state);
pts = attestation_state->get_pts(attestation_state);
- /**
- * Received a response form the Attestation IMC so we can proceeed
- */
- if (handshake_state == IMV_ATTESTATION_STATE_DISCOVERY &&
- (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO))
- {
- handshake_state = IMV_ATTESTATION_STATE_NONCE_REQ;
- }
-
- /**
- * Skip DH Nonce Parameters Request attribute when
- * DH Nonce Exchange is not selected by PTS-IMC side
- */
- if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ &&
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- DBG2(DBG_IMV, "PTS-IMC does not support DH Nonce negotiation");
- handshake_state = IMV_ATTESTATION_STATE_TPM_INIT;
- }
-
- /**
- * Skip TPM Version Info and AIK attributes when
- * no TPM is available on the PTS-IMC side
- */
- if (handshake_state == IMV_ATTESTATION_STATE_TPM_INIT &&
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T))
- {
- DBG2(DBG_IMV, "PTS-IMC made no TPM available");
- handshake_state = IMV_ATTESTATION_STATE_END;
- }
-
switch (handshake_state)
{
- case IMV_ATTESTATION_STATE_INIT:
- {
- pts_proto_caps_flag_t flags;
-
- /* Send Request Protocol Capabilities attribute */
- flags = pts->get_proto_caps(pts);
- attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Measurement Algorithms attribute */
- attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_DISCOVERY);
- break;
- }
- case IMV_ATTESTATION_STATE_DISCOVERY:
- break;
case IMV_ATTESTATION_STATE_NONCE_REQ:
{
int min_nonce_len;
/* Send DH nonce parameters request attribute */
min_nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
supported_dh_groups);
attr->set_noskip_flag(attr, TRUE);
@@ -117,16 +62,13 @@ bool imv_attestation_build(imv_msg_t *out_msg,
pts_meas_algorithms_t selected_algorithm;
chunk_t initiator_value, initiator_nonce;
- if ((pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- /* Send DH nonce finish attribute */
- selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
- attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+ /* Send DH nonce finish attribute */
+ selected_algorithm = pts->get_meas_algorithm(pts);
+ pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+ attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
initiator_value, initiator_nonce);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
- }
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
/* Send Get TPM Version attribute */
attr = tcg_pts_attr_get_tpm_version_info_create();
@@ -146,73 +88,40 @@ bool imv_attestation_build(imv_msg_t *out_msg,
{
tcg_pts_attr_req_func_comp_evid_t *attr_cast;
enumerator_t *enumerator;
- pts_component_t *comp;
- pts_comp_func_name_t *comp_name;
+ pts_comp_func_name_t *name;
chunk_t keyid;
- int kid, vid, name, qualifier;
+ int kid;
u_int8_t flags;
u_int32_t depth;
- bool first = TRUE, first_component = TRUE;
+ bool first_component = TRUE;
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
- if (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) ||
- !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D))
- {
- DBG2(DBG_IMV, "PTS-IMC made no TPM available - "
- "skipping Component Measurements");
- break;
- }
- if (!pts->get_aik_keyid(pts, &keyid))
- {
- DBG1(DBG_IMV, "retrieval of AIK keyid failed");
- return FALSE;
- }
- if (!pts_db)
- {
- DBG1(DBG_IMV, "pts database not available");
- break;
- }
- if (pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS)
+ if (!pts->get_aik_keyid(pts, &keyid) ||
+ pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS)
{
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
return FALSE;
}
- enumerator = pts_db->create_comp_evid_enumerator(pts_db, kid);
- if (!enumerator)
- {
- break;
- }
- while (enumerator->enumerate(enumerator, &vid, &name,
- &qualifier, &depth))
- {
- if (first)
- {
- DBG2(DBG_IMV, "evidence request by");
- first = FALSE;
- }
- comp_name = pts_comp_func_name_create(vid, name, qualifier);
- comp_name->log(comp_name, " ");
- comp = attestation_state->create_component(attestation_state,
- comp_name, depth, pts_db);
- if (!comp)
- {
- DBG2(DBG_IMV, " not registered or duplicate"
- " - removed from request");
- comp_name->destroy(comp_name);
- continue;
- }
+ enumerator = attestation_state->create_component_enumerator(
+ attestation_state);
+ while (enumerator->enumerate(enumerator, &flags, &depth, &name))
+ {
if (first_component)
{
attr = tcg_pts_attr_req_func_comp_evid_create();
attr->set_noskip_flag(attr, TRUE);
first_component = FALSE;
+ DBG2(DBG_IMV, "evidence request by");
}
- flags = comp->get_evidence_flags(comp);
+ name->log(name, " ");
+
/* TODO check flags against negotiated_caps */
attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
- attr_cast->add_component(attr_cast, flags, depth, comp_name);
+ attr_cast->add_component(attr_cast, flags, depth, name);
}
enumerator->destroy(enumerator);
@@ -231,17 +140,9 @@ bool imv_attestation_build(imv_msg_t *out_msg,
}
break;
}
- case IMV_ATTESTATION_STATE_EVID_FINAL:
- if (attestation_state->components_finalized(attestation_state))
- {
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
- }
- break;
- case IMV_ATTESTATION_STATE_END:
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
+ default:
break;
}
+
return TRUE;
}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
index 0cee49b34..88538b198 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h
@@ -35,14 +35,11 @@
*
* @param out_msg outbound PA-TNC message to be built
* @param state state of a given connection
- * @param supported_algorithms supported PTS measurement algorithms
* @param supported_dh_groups supported DH groups
* @param pts_db PTS configuration database
* @return TRUE if successful
*/
-bool imv_attestation_build(imv_msg_t *out_msg,
- imv_state_t *state,
- pts_meas_algorithms_t supported_algorithms,
+bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
pts_dh_group_t supported_dh_groups,
pts_database_t *pts_db);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index 5137d64fe..e40c92a24 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011-2013 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,6 +14,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "imv_attestation_process.h"
#include <imcv.h>
@@ -92,7 +96,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
/* check compliance of responder nonce length */
min_nonce_len = lib->settings->get_int(lib->settings,
- "libimcv.plugins.imv-attestation.min_nonce_len", 0);
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
nonce_len = responder_nonce.len;
if (nonce_len < PTS_MIN_NONCE_LEN ||
(min_nonce_len > 0 && nonce_len < min_nonce_len))
@@ -162,7 +166,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
if (!aik)
{
DBG1(DBG_IMV, "AIK unavailable");
- return FALSE;
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
}
if (aik->get_type(aik) == CERT_X509)
{
@@ -186,7 +192,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
trusted ? "" : "not ");
if (!trusted)
{
- return FALSE;
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
}
}
pts->set_aik(pts, aik);
@@ -242,7 +250,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
}
type = found->get_type(found);
arg_int = found->get_arg_int(found);
-
+
switch (type)
{
default:
@@ -295,7 +303,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
e = measurements->create_enumerator(measurements);
while (e->enumerate(e, &filename, &measurement))
{
- if (pts_db->add_file_measurement(pts_db,
+ if (pts_db->add_file_measurement(pts_db,
platform_info, algo, measurement, filename,
is_dir, arg_int) != SUCCESS)
{
@@ -366,6 +374,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
pts_comp_evidence_t *evidence;
pts_component_t *comp;
u_int32_t depth;
+ status_t status;
attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
evidence = attr_cast->get_comp_evidence(attr_cast);
@@ -377,12 +386,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
DBG1(DBG_IMV, " no entry found for component evidence request");
break;
}
- if (comp->verify(comp, name->get_qualifier(name), pts,
- evidence) != SUCCESS)
+ status = comp->verify(comp, name->get_qualifier(name), pts, evidence);
+ if (status == VERIFY_ERROR || status == FAILED)
{
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
name->log(name, " measurement mismatch for ");
@@ -396,6 +402,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
pts_meas_algorithms_t comp_hash_algorithm;
chunk_t pcr_comp, tpm_quote_sig, evid_sig;
chunk_t pcr_composite, quote_info;
+ imv_session_t *session;
+ imv_workitem_t *workitem;
+ enumerator_t *enumerator;
bool use_quote2, use_ver_info;
attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
@@ -420,9 +429,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
{
DBG1(DBG_IMV, "received PCR Composite does not match "
"constructed one");
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -431,9 +437,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
{
- state->update_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
attestation_state->set_measurement_error(attestation_state,
IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
goto quote_error;
@@ -449,6 +452,52 @@ quote_error:
* if all expected component measurements were received
*/
attestation_state->finalize_components(attestation_state);
+
+ session = state->get_session(state);
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
+ {
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
+ char *result_str;
+ u_int32_t error;
+
+ error = attestation_state->get_measurement_error(
+ attestation_state);
+ if (error & (IMV_ATTESTATION_ERROR_COMP_EVID_FAIL |
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
+ {
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(
+ attestation_state, reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+ eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ else
+ {
+ result_str = strdup("attestation successful");
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ }
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ free(result_str);
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
}
if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
index 47011751d..9304b9a13 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -127,7 +127,7 @@ struct private_imv_attestation_state_t {
*/
struct func_comp_t {
pts_component_t *comp;
- u_int8_t qualifier;
+ pts_comp_func_name_t* name;
};
/**
@@ -136,6 +136,7 @@ struct func_comp_t {
static void free_func_comp(func_comp_t *this)
{
this->comp->destroy(this->comp);
+ this->name->destroy(this->name);
free(this);
}
@@ -161,6 +162,12 @@ static imv_lang_string_t reason_file_meas_pend[] = {
{ NULL, NULL }
};
+static imv_lang_string_t reason_no_trusted_aik[] = {
+ { "en", "No trusted AIK available" },
+ { "de", "Kein vetrauenswürdiger AIK verfügbar" },
+ { NULL, NULL }
+};
+
static imv_lang_string_t reason_comp_evid_fail[] = {
{ "en", "Incorrect component evidence" },
{ "de", "Falsche Komponenten-Evidenz" },
@@ -290,42 +297,52 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
{
- *reason_language = imv_lang_string_select_lang(language_enumerator,
- languages, countof(languages));
-
- /* Instantiate a TNC Reason String object */
- DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language);
-
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_fail);
+ reason_string->add_reason(reason_string, reason_file_meas_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_file_meas_pend);
+ reason_string->add_reason(reason_string, reason_file_meas_pend);
+ }
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK)
+ {
+ reason_string->add_reason(reason_string, reason_no_trusted_aik);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_fail);
+ reason_string->add_reason(reason_string, reason_comp_evid_fail);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
{
- this->reason_string->add_reason(this->reason_string,
- reason_comp_evid_pend);
+ reason_string->add_reason(reason_string, reason_comp_evid_pend);
}
if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
{
- this->reason_string->add_reason(this->reason_string,
- reason_tpm_quote_fail);
+ reason_string->add_reason(reason_string, reason_tpm_quote_fail);
}
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+ private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *reason_string, char **reason_language)
+{
+ *reason_language = imv_lang_string_select_lang(language_enumerator,
+ languages, countof(languages));
+
+ /* Instantiate a TNC Reason String object */
+ DESTROY_IF(this->reason_string);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
+ add_file_meas_reasons(this, this->reason_string);
+ add_comp_evid_reasons(this, this->reason_string);
*reason_string = this->reason_string->get_encoding(this->reason_string);
return TRUE;
@@ -390,13 +407,13 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
if (found)
{
- if (name->get_qualifier(name) == entry->qualifier)
+ if (name->equals(name, entry->name))
{
/* duplicate entry */
return NULL;
}
new_entry = malloc_thing(func_comp_t);
- new_entry->qualifier = name->get_qualifier(name);
+ new_entry->name = name->clone(name);
new_entry->comp = entry->comp->get_ref(entry->comp);
this->components->insert_last(this->components, new_entry);
return entry->comp;
@@ -410,13 +427,41 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*,
return NULL;
}
new_entry = malloc_thing(func_comp_t);
- new_entry->qualifier = name->get_qualifier(name);
+ new_entry->name = name->clone(name);
new_entry->comp = component;
this->components->insert_last(this->components, new_entry);
return component;
}
}
+/**
+ * Enumerate file measurement entries
+ */
+static bool entry_filter(void *null, func_comp_t **entry, u_int8_t *flags,
+ void *i2, u_int32_t *depth,
+ void *i3, pts_comp_func_name_t **comp_name)
+{
+ pts_component_t *comp;
+ pts_comp_func_name_t *name;
+
+ comp = (*entry)->comp;
+ name = (*entry)->name;
+
+ *flags = comp->get_evidence_flags(comp);
+ *depth = comp->get_depth(comp);
+ *comp_name = name;
+
+ return TRUE;
+}
+
+METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
+ private_imv_attestation_state_t *this)
+{
+ return enumerator_create_filter(
+ this->components->create_enumerator(this->components),
+ (void*)entry_filter, NULL, NULL);
+}
+
METHOD(imv_attestation_state_t, get_component, pts_component_t*,
private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
{
@@ -427,8 +472,7 @@ METHOD(imv_attestation_state_t, get_component, pts_component_t*,
enumerator = this->components->create_enumerator(this->components);
while (enumerator->enumerate(enumerator, &entry))
{
- if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)) &&
- name->get_qualifier(name) == entry->qualifier)
+ if (name->equals(name, entry->name))
{
found = entry->comp;
break;
@@ -458,23 +502,15 @@ METHOD(imv_attestation_state_t, finalize_components, void,
while (this->components->remove_last(this->components,
(void**)&entry) == SUCCESS)
{
- if (!entry->comp->finalize(entry->comp, entry->qualifier))
+ if (!entry->comp->finalize(entry->comp,
+ entry->name->get_qualifier(entry->name)))
{
set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
- update_recommendation(this,
- TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
- TNC_IMV_EVALUATION_RESULT_ERROR);
}
free_func_comp(entry);
}
}
-METHOD(imv_attestation_state_t, components_finalized, bool,
- private_imv_attestation_state_t *this)
-{
- return this->components->get_count(this->components) == 0;
-}
-
/**
* Described in header.
*/
@@ -509,11 +545,13 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.set_handshake_state = _set_handshake_state,
.get_pts = _get_pts,
.create_component = _create_component,
+ .create_component_enumerator = _create_component_enumerator,
.get_component = _get_component,
.finalize_components = _finalize_components,
- .components_finalized = _components_finalized,
.get_measurement_error = _get_measurement_error,
.set_measurement_error = _set_measurement_error,
+ .add_file_meas_reasons = _add_file_meas_reasons,
+ .add_comp_evid_reasons = _add_comp_evid_reasons,
},
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
index 27d1ae8db..9369d30a2 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
@@ -25,6 +25,7 @@
#define IMV_ATTESTATION_STATE_H_
#include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
#include <pts/pts.h>
#include <pts/pts_database.h>
#include <pts/components/pts_component.h>
@@ -64,9 +65,10 @@ enum imv_attestation_handshake_state_t {
enum imv_meas_error_t {
IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL = 1,
IMV_ATTESTATION_ERROR_FILE_MEAS_PEND = 2,
- IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 4,
- IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 8,
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 16
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK = 4,
+ IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 8,
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 16,
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 32
};
/**
@@ -116,6 +118,13 @@ struct imv_attestation_state_t {
pts_database_t *pts_db);
/**
+ * Enumerate over all Functional Components
+ *
+ * @return Functional Component enumerator
+ */
+ enumerator_t* (*create_component_enumerator)(imv_attestation_state_t *this);
+
+ /**
* Get a Functional Component with a given name
*
* @param name Name of the requested Functional Component
@@ -131,11 +140,6 @@ struct imv_attestation_state_t {
void (*finalize_components)(imv_attestation_state_t *this);
/**
- * Have the Functional Component measurements been finalized?
- */
- bool (*components_finalized)(imv_attestation_state_t *this);
-
- /**
* Indicates the types of measurement errors that occurred
*
* @return Measurement error flags
@@ -150,6 +154,21 @@ struct imv_attestation_state_t {
void (*set_measurement_error)(imv_attestation_state_t *this,
u_int32_t error);
+ /**
+ * Returns a concatenation of File Measurement reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
+
+ /**
+ * Returns a concatenation of Component Evidence reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
};
/**
diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libpts/plugins/imv_swid/Makefile.in
index 852cd3d04..b92f7d4d0 100644
--- a/src/libpts/plugins/imv_swid/Makefile.in
+++ b/src/libpts/plugins/imv_swid/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libpts/pts/components/ita/ita_comp_ima.c
index 02470f5f5..c6b4131bf 100644
--- a/src/libpts/pts/components/ita/ita_comp_ima.c
+++ b/src/libpts/pts/components/ita/ita_comp_ima.c
@@ -683,7 +683,7 @@ METHOD(pts_component_t, verify, status_t,
status = this->pts_db->check_comp_measurement(this->pts_db,
measurement, this->bios_cid, this->kid,
++this->seq_no, pcr, algo);
- if (status != SUCCESS)
+ if (status == FAILED)
{
return status;
}
@@ -803,7 +803,7 @@ METHOD(pts_component_t, verify, status_t,
}
if (pcrs->set(pcrs, pcr, pcr_after))
{
- return SUCCESS;
+ return status;
}
}
else
@@ -811,7 +811,7 @@ METHOD(pts_component_t, verify, status_t,
pcr_after = pcrs->extend(pcrs, pcr, measurement);
if (pcr_after.ptr)
{
- return SUCCESS;
+ return status;
}
}
return FAILED;
@@ -951,7 +951,7 @@ pts_component_t *pts_ita_comp_ima_create(u_int32_t depth,
.bios_list = linked_list_create(),
.ima_list = linked_list_create(),
.pcr_info = lib->settings->get_bool(lib->settings,
- "libimcv.plugins.imc-attestation.pcr_info", TRUE),
+ "%s.plugins.imc-attestation.pcr_info", TRUE, lib->ns),
.ref = 1,
);
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c
index 8fb5abddf..f4859f801 100644
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ b/src/libpts/pts/components/ita/ita_comp_tboot.c
@@ -130,21 +130,21 @@ METHOD(pts_component_t, measure, status_t,
/* dummy data since currently the TBOOT log is not retrieved */
time(&this->measurement_time);
meas_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_meas", NULL);
+ "%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns);
pcr_before_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_before", NULL);
+ "%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns);
pcr_after_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr17_after", NULL);
+ "%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns);
extended_pcr = PCR_TBOOT_POLICY;
break;
case 1:
/* dummy data since currently the TBOOT log is not retrieved */
meas_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_meas", NULL);
+ "%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns);
pcr_before_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_before", NULL);
+ "%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns);
pcr_after_hex = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.pcr18_after", NULL);
+ "%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns);
extended_pcr = PCR_TBOOT_MLE;
break;
default:
diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index f646d67e1..8699282f0 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -377,7 +377,7 @@ static void load_aik_blob(private_pts_t *this)
u_int32_t aikBlobLen;
blob_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_blob", NULL);
+ "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns);
if (blob_path)
{
@@ -418,9 +418,9 @@ static void load_aik(private_pts_t *this)
char *cert_path, *key_path;
cert_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_cert", NULL);
+ "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns);
key_path = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imc-attestation.aik_key", NULL);
+ "%s.plugins.imc-attestation.aik_key", NULL, lib->ns);
if (cert_path)
{
@@ -627,7 +627,7 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*,
metadata->destroy(metadata);
return NULL;
}
- entry->filename = strdup(basename(pathname));
+ entry->filename = path_basename(pathname);
metadata->add(metadata, entry);
}
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c
index e5a06cc8d..07e8ae1da 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -15,6 +15,7 @@
#define _GNU_SOURCE
#include <stdio.h>
+#include <libgen.h>
#include "pts_database.h"
@@ -248,13 +249,62 @@ METHOD(pts_database_t, check_file_measurement, status_t,
enumerator_t *e;
chunk_t hash;
status_t status = NOT_FOUND;
+ char *dir, *file;
+
+ if (strlen(filename) < 1)
+ {
+ return INVALID_ARG;
+ }
+
+ /* separate filename into directory and basename components */
+ dir = path_dirname(filename);
+ file = path_basename(filename);
+
+ if (*dir == '.')
+ { /* relative pathname */
+ e = this->db->query(this->db,
+ "SELECT fh.hash FROM file_hashes AS fh "
+ "JOIN files AS f ON f.id = fh.file "
+ "JOIN products AS p ON p.id = fh.product "
+ "WHERE p.name = ? AND f.name = ? AND fh.algo = ?",
+ DB_TEXT, product, DB_TEXT, file, DB_INT, algo, DB_BLOB);
+ }
+ else
+ { /* absolute pathname */
+ bool dir_found;
+ int did;
+
+ /* find directory entry first */
+ e = this->db->query(this->db,
+ "SELECT id FROM directories WHERE path = ?",
+ DB_TEXT, dir, DB_INT);
+ if (!e)
+ {
+ free(file);
+ free(dir);
+ return FAILED;
+ }
+ dir_found = e->enumerate(e, &did);
+ e->destroy(e);
+
+ if (!dir_found)
+ {
+ free(file);
+ free(dir);
+ return NOT_FOUND;
+ }
+
+ e = this->db->query(this->db,
+ "SELECT fh.hash FROM file_hashes AS fh "
+ "JOIN files AS f ON f.id = fh.file "
+ "JOIN products AS p ON p.id = fh.product "
+ "WHERE p.name = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?",
+ DB_TEXT, product, DB_INT, did, DB_TEXT, file, DB_INT, algo,
+ DB_BLOB);
+ }
+ free(file);
+ free(dir);
- e = this->db->query(this->db,
- "SELECT fh.hash FROM file_hashes AS fh "
- "JOIN files AS f ON f.id = fh.file "
- "JOIN products AS p ON p.id = fh.product "
- "WHERE p.name = ? AND f.path = ? AND fh.algo = ?",
- DB_TEXT, product, DB_TEXT, filename, DB_INT, algo, DB_BLOB);
if (!e)
{
return FAILED;
diff --git a/src/libpts/pts/pts_file_meas.c b/src/libpts/pts/pts_file_meas.c
index f684087d7..77a0957bb 100644
--- a/src/libpts/pts/pts_file_meas.c
+++ b/src/libpts/pts/pts_file_meas.c
@@ -341,9 +341,10 @@ pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id,
success = FALSE;
goto end;
}
- filename = use_rel_name ? basename(pathname) : pathname;
+ filename = use_rel_name ? path_basename(pathname) : strdup(pathname);
DBG2(DBG_PTS, " %#B for '%s'", &measurement, filename);
add(this, filename, measurement);
+ free(filename);
}
end:
diff --git a/src/libpts/swid/swid_inventory.c b/src/libpts/swid/swid_inventory.c
index a689ccdaa..a71682f43 100644
--- a/src/libpts/swid/swid_inventory.c
+++ b/src/libpts/swid/swid_inventory.c
@@ -24,7 +24,6 @@
#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <libgen.h>
#include <errno.h>
@@ -178,40 +177,19 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
if (this->full_tags)
{
swid_tag_t *tag;
- chunk_t xml_tag;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *xml_tag;
- fd = open(abs_name, O_RDONLY);
- if (fd == -1)
+ xml_tag = chunk_map(abs_name, FALSE);
+ if (!xml_tag)
{
DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
strerror(errno));
goto end;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_IMC, " getting file size of '%s' failed: %s", abs_name,
- strerror(errno));
- close(fd);
- goto end;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_IMC, " mapping '%s' failed: %s", abs_name,
- strerror(errno));
- close(fd);
- goto end;
- }
- xml_tag = chunk_create(addr, sb.st_size);
- tag = swid_tag_create(xml_tag, unique_seq_id);
+ tag = swid_tag_create(*xml_tag, unique_seq_id);
this->list->insert_last(this->list, tag);
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(xml_tag);
}
else
{
@@ -290,5 +268,3 @@ swid_inventory_t *swid_inventory_create(bool full_tags)
return &this->public;
}
-
-
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
index f0bc7cf60..c5a2f4b8a 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_req_file_meas.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -20,8 +23,6 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_req_file_meas_t private_tcg_pts_attr_req_file_meas_t;
/**
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
index e475cd35b..8d703af65 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_req_file_meta.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -20,8 +23,6 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_req_file_meta_t private_tcg_pts_attr_req_file_meta_t;
/**
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
index 5249fa2ad..e10845bbb 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@@ -286,7 +286,7 @@ METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void,
entry = malloc_thing(entry_t);
entry->flags = flags;
entry->depth = depth;
- entry->name = name;
+ entry->name = name->clone(name);
this->list->insert_last(this->list, entry);
}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
index f96371b8b..eff64c229 100644
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
+++ b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
@@ -13,6 +13,9 @@
* for more details.
*/
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
#include "tcg_pts_attr_unix_file_meta.h"
#include <pa_tnc/pa_tnc_msg.h>
@@ -21,8 +24,6 @@
#include <collections/linked_list.h>
#include <utils/debug.h>
-#include <string.h>
-
typedef struct private_tcg_pts_attr_file_meta_t private_tcg_pts_attr_file_meta_t;
/**
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index c9d6c3935..c827cb598 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 8af48522c..d903de883 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index 8e6050291..ee824abdb 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index 1a13fdd71..440913071 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -36,7 +36,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/printf_hook/printf_hook_vstr.c utils/settings.c
+utils/printf_hook/printf_hook_builtin.c utils/settings.c utils/test.c \
+utils/utils/strerror.c
# adding the plugin source files
@@ -96,9 +97,6 @@ LOCAL_SRC_FILES += $(call add_plugin, xcbc)
# build libstrongswan ----------------------------------------------------------
-LOCAL_C_INCLUDES += \
- $(libvstr_PATH)
-
LOCAL_CFLAGS := $(strongswan_CFLAGS) \
-include $(LOCAL_PATH)/AndroidConfigLocal.h
@@ -110,6 +108,6 @@ LOCAL_ARM_MODE := arm
LOCAL_PRELINK_MODULE := false
-LOCAL_SHARED_LIBRARIES += libdl libvstr
+LOCAL_SHARED_LIBRARIES += libdl
include $(BUILD_SHARED_LIBRARY)
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 3804adb03..b3a4eda99 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -34,7 +34,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \
threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/settings.c
+utils/settings.c utils/test.c \
+utils/utils/strerror.c
if USE_DEV_HEADERS
strongswan_includedir = ${dev_headers}
@@ -82,7 +83,8 @@ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \
utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
utils/leak_detective.h utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
-utils/settings.h utils/integrity_checker.h
+utils/settings.h utils/test.h utils/integrity_checker.h \
+utils/utils/strerror.h
endif
library.lo : $(top_builddir)/config.status
@@ -481,6 +483,13 @@ if MONOLITHIC
endif
endif
+if USE_NTRU
+ SUBDIRS += plugins/ntru
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/ntru/libstrongswan-ntru.la
+endif
+endif
+
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC
@@ -488,9 +497,7 @@ if MONOLITHIC
endif
endif
-if UNITTESTS
if MONOLITHIC
SUBDIRS += .
endif
- SUBDIRS += tests
-endif
+SUBDIRS += tests
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index c9718e659..64396b51f 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -178,10 +178,10 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_97 = plugins/ccm/libstrongswan-ccm.la
@USE_GCM_TRUE@am__append_98 = plugins/gcm
@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_99 = plugins/gcm/libstrongswan-gcm.la
-@USE_TEST_VECTORS_TRUE@am__append_100 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_101 = plugins/test_vectors/libstrongswan-test-vectors.la
-@MONOLITHIC_TRUE@@UNITTESTS_TRUE@am__append_102 = .
-@UNITTESTS_TRUE@am__append_103 = tests
+@USE_NTRU_TRUE@am__append_100 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_101 = plugins/ntru/libstrongswan-ntru.la
+@USE_TEST_VECTORS_TRUE@am__append_102 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_103 = plugins/test_vectors/libstrongswan-test-vectors.la
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp \
@@ -254,7 +254,7 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_83) $(am__append_85) $(am__append_87) \
$(am__append_89) $(am__append_91) $(am__append_93) \
$(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101)
+ $(am__append_101) $(am__append_103)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -300,8 +300,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/settings.c \
- utils/leak_detective.c utils/integrity_checker.c \
- utils/printf_hook/printf_hook_vstr.c \
+ utils/test.c utils/utils/strerror.c utils/leak_detective.c \
+ utils/integrity_checker.c utils/printf_hook/printf_hook_vstr.c \
utils/printf_hook/printf_hook_builtin.c \
utils/printf_hook/printf_hook_glibc.c
am__dirstamp = $(am__leading_dot)dirstamp
@@ -355,9 +355,9 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
threading/spinlock.lo utils/utils.lo utils/chunk.lo \
utils/debug.lo utils/enum.lo utils/identification.lo \
utils/lexparser.lo utils/optionsfrom.lo utils/capabilities.lo \
- utils/backtrace.lo utils/settings.lo $(am__objects_1) \
- $(am__objects_2) $(am__objects_3) $(am__objects_4) \
- $(am__objects_5)
+ utils/backtrace.lo utils/settings.lo utils/test.lo \
+ utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3) $(am__objects_4) $(am__objects_5)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -468,7 +468,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h \
utils/printf_hook/printf_hook_builtin.h utils/settings.h \
- utils/integrity_checker.h
+ utils/test.h utils/integrity_checker.h utils/utils/strerror.h
HEADERS = $(nobase_strongswan_include_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -508,7 +508,8 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
plugins/soup plugins/ldap plugins/mysql plugins/sqlite \
plugins/padlock plugins/openssl plugins/gcrypt \
plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \
- plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors tests
+ plugins/ctr plugins/ccm plugins/gcm plugins/ntru \
+ plugins/test_vectors tests
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -549,8 +550,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -618,6 +617,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -706,12 +710,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -726,6 +734,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -781,8 +790,9 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/settings.c \
- $(am__append_2) $(am__append_5) $(am__append_6) \
- $(am__append_8) $(am__append_10)
+ utils/test.c utils/utils/strerror.c $(am__append_2) \
+ $(am__append_5) $(am__append_6) $(am__append_8) \
+ $(am__append_10)
@USE_DEV_HEADERS_TRUE@strongswan_includedir = ${dev_headers}
@USE_DEV_HEADERS_TRUE@nobase_strongswan_include_HEADERS = \
@USE_DEV_HEADERS_TRUE@library.h \
@@ -828,7 +838,8 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
@USE_DEV_HEADERS_TRUE@utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
@USE_DEV_HEADERS_TRUE@utils/leak_detective.h utils/printf_hook/printf_hook.h \
@USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
-@USE_DEV_HEADERS_TRUE@utils/settings.h utils/integrity_checker.h
+@USE_DEV_HEADERS_TRUE@utils/settings.h utils/test.h utils/integrity_checker.h \
+@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h
libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_7) \
@@ -847,7 +858,7 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(am__append_81) $(am__append_83) $(am__append_85) \
$(am__append_87) $(am__append_89) $(am__append_91) \
$(am__append_93) $(am__append_95) $(am__append_97) \
- $(am__append_99) $(am__append_101)
+ $(am__append_99) $(am__append_101) $(am__append_103)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -894,8 +905,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_FALSE@ $(am__append_88) $(am__append_90) \
@MONOLITHIC_FALSE@ $(am__append_92) $(am__append_94) \
@MONOLITHIC_FALSE@ $(am__append_96) $(am__append_98) \
-@MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) \
-@MONOLITHIC_FALSE@ $(am__append_103)
+@MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) tests
# build plugins with their own Makefile
#######################################
@@ -921,8 +931,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_TRUE@ $(am__append_88) $(am__append_90) \
@MONOLITHIC_TRUE@ $(am__append_92) $(am__append_94) \
@MONOLITHIC_TRUE@ $(am__append_96) $(am__append_98) \
-@MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) \
-@MONOLITHIC_TRUE@ $(am__append_103)
+@MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) . tests
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -1354,6 +1363,15 @@ utils/backtrace.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/settings.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
+utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/utils/$(am__dirstamp):
+ @$(MKDIR_P) utils/utils
+ @: > utils/utils/$(am__dirstamp)
+utils/utils/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) utils/utils/$(DEPDIR)
+ @: > utils/utils/$(DEPDIR)/$(am__dirstamp)
+utils/utils/strerror.lo: utils/utils/$(am__dirstamp) \
+ utils/utils/$(DEPDIR)/$(am__dirstamp)
utils/leak_detective.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/integrity_checker.lo: utils/$(am__dirstamp) \
@@ -1443,6 +1461,8 @@ mostlyclean-compile:
-rm -f utils/*.lo
-rm -f utils/printf_hook/*.$(OBJEXT)
-rm -f utils/printf_hook/*.lo
+ -rm -f utils/utils/*.$(OBJEXT)
+ -rm -f utils/utils/*.lo
distclean-compile:
-rm -f *.tab.c
@@ -1536,10 +1556,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/lexparser.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/optionsfrom.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/settings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/test.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/utils.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_builtin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_glibc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_vstr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/utils/$(DEPDIR)/strerror.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -1602,6 +1624,7 @@ clean-libtool:
-rm -rf threading/.libs threading/_libs
-rm -rf utils/.libs utils/_libs
-rm -rf utils/printf_hook/.libs utils/printf_hook/_libs
+ -rm -rf utils/utils/.libs utils/utils/_libs
install-nobase_strongswan_includeHEADERS: $(nobase_strongswan_include_HEADERS)
@$(NORMAL_INSTALL)
@list='$(nobase_strongswan_include_HEADERS)'; test -n "$(strongswan_includedir)" || list=; \
@@ -1881,6 +1904,8 @@ distclean-generic:
-rm -f utils/$(am__dirstamp)
-rm -f utils/printf_hook/$(DEPDIR)/$(am__dirstamp)
-rm -f utils/printf_hook/$(am__dirstamp)
+ -rm -f utils/utils/$(DEPDIR)/$(am__dirstamp)
+ -rm -f utils/utils/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -1893,7 +1918,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1940,7 +1965,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index d860ad9a2..38a6ad688 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -88,7 +88,7 @@ int asn1_known_oid(chunk_t object)
}
}
}
- return -1;
+ return OID_UNKNOWN;
}
/*
@@ -129,7 +129,8 @@ chunk_t asn1_build_known_oid(int n)
chunk_t asn1_oid_from_string(char *str)
{
enumerator_t *enumerator;
- u_char buf[64];
+ size_t buf_len = 64;
+ u_char buf[buf_len];
char *end;
int i = 0, pos = 0, shift;
u_int val, shifted_val, first = 0;
@@ -138,7 +139,7 @@ chunk_t asn1_oid_from_string(char *str)
while (enumerator->enumerate(enumerator, &str))
{
val = strtoul(str, &end, 10);
- if (end == str || pos > countof(buf))
+ if (end == str || pos > buf_len-4)
{
pos = 0;
break;
@@ -175,8 +176,9 @@ chunk_t asn1_oid_from_string(char *str)
*/
char *asn1_oid_to_string(chunk_t oid)
{
- char buf[64], *pos = buf;
- int len;
+ size_t len = 64;
+ char buf[len], *pos = buf;
+ int written;
u_int val;
if (!oid.len)
@@ -184,13 +186,14 @@ char *asn1_oid_to_string(chunk_t oid)
return NULL;
}
val = oid.ptr[0] / 40;
- len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40);
+ written = snprintf(buf, len, "%u.%u", val, oid.ptr[0] - val * 40);
oid = chunk_skip(oid, 1);
- if (len < 0 || len >= sizeof(buf))
+ if (written < 0 || written >= len)
{
return NULL;
}
- pos += len;
+ pos += written;
+ len -= written;
val = 0;
while (oid.len)
@@ -199,12 +202,13 @@ char *asn1_oid_to_string(chunk_t oid)
if (oid.ptr[0] < 128)
{
- len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val);
- if (len < 0 || len >= sizeof(buf) + buf - pos)
+ written = snprintf(pos, len, ".%u", val);
+ if (written < 0 || written >= len)
{
return NULL;
}
- pos += len;
+ pos += written;
+ len -= written;
val = 0;
}
oid = chunk_skip(oid, 1);
@@ -296,7 +300,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
else
{ /* composite length, determine number of length octets */
len &= 0x7f;
- if (len == 0 || len > sizeof(res.len))
+ if (len == 0 || len > blob->len || len > sizeof(res.len))
{
return ASN1_INVALID;
}
@@ -389,8 +393,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
tm_year += (tm_year < 50) ? 2000 : 1900;
}
- /* prevent large 32 bit integer overflows */
- if (sizeof(time_t) == 4 && tm_year > 2038)
+ /* prevent obvious 32 bit integer overflows */
+ if (sizeof(time_t) == 4 && (tm_year > 2038 || tm_year < 1901))
{
return TIME_32_BIT_SIGNED_MAX;
}
@@ -398,13 +402,24 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
/* representation of months as 0..11*/
if (tm_mon < 1 || tm_mon > 12)
{
- return 0; /* error in month format */
+ return 0;
}
tm_mon--;
/* representation of days as 0..30 */
+ if (tm_day < 1 || tm_day > 31)
+ { /* we don't actually validate the day in relation to tm_year/tm_mon */
+ return 0;
+ }
tm_day--;
+ if (tm_hour < 0 || tm_hour > 23 ||
+ tm_min < 0 || tm_min > 59 ||
+ tm_sec < 0 || tm_sec > 60 /* allow leap seconds */)
+ {
+ return 0;
+ }
+
/* number of leap years between last year and 1970? */
tm_leap_4 = (tm_year - 1) / 4;
tm_leap_100 = tm_leap_4 / 25;
@@ -420,8 +435,20 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
- /* has a 32 bit signed integer overflow occurred? */
- return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs;
+ if (sizeof(time_t) == 4)
+ { /* has a 32 bit signed integer overflow occurred? */
+ if (tm_year > 1970 && tm_secs < 0)
+ { /* depending on the time zone, the first days in 1970 may result in
+ * a negative value, but dates after 1970 never will */
+ return TIME_32_BIT_SIGNED_MAX;
+ }
+ if (tm_year < 1969 && tm_secs > 0)
+ { /* similarly, tm_secs is not positive for dates before 1970, except
+ * for the last days in 1969, depending on the time zone */
+ return TIME_32_BIT_SIGNED_MAX;
+ }
+ }
+ return tm_secs;
}
/**
@@ -537,7 +564,7 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
len = asn1_length(object);
- if (len == ASN1_INVALID_LENGTH || object->len < len)
+ if (len == ASN1_INVALID_LENGTH)
{
DBG2(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large",
level, name);
@@ -675,7 +702,9 @@ bool asn1_is_printablestring(chunk_t str)
for (i = 0; i < str.len; i++)
{
if (strchr(printablestring_charset, str.ptr[i]) == NULL)
+ {
return FALSE;
+ }
}
return TRUE;
}
@@ -781,10 +810,17 @@ chunk_t asn1_integer(const char *mode, chunk_t content)
chunk_t object;
size_t len;
u_char *pos;
+ bool move;
+
if (content.len == 0)
{ /* make sure 0 is encoded properly */
content = chunk_from_chars(0x00);
+ move = FALSE;
+ }
+ else
+ {
+ move = (*mode == 'm');
}
/* ASN.1 integers must be positive numbers in two's complement */
@@ -794,11 +830,9 @@ chunk_t asn1_integer(const char *mode, chunk_t content)
{
*pos++ = 0x00;
}
- if (len)
- {
- memcpy(pos, content.ptr, content.len);
- }
- if (*mode == 'm')
+ memcpy(pos, content.ptr, content.len);
+
+ if (move)
{
free(content.ptr);
}
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index a1d625380..7a48292af 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -191,6 +191,13 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private);
/**
* Converts an ASN.1 UTCTIME or GENERALIZEDTIME string to time_t
*
+ * On systems where sizeof(time_t) == 4 there will be an overflow
+ * for dates
+ * > Tue, 19 Jan 2038 03:14:07 UTC (0x7fffffff)
+ * and
+ * < Fri, 13 Dec 1901 20:45:52 UTC (0x80000000)
+ * in both cases TIME_32_BIT_SIGNED_MAX is returned.
+ *
* @param utctime body of an ASN.1 coded time object
* @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME
* @return time_t in UTC
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index c31fb75f0..e7b7a428d 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -160,6 +160,7 @@ METHOD(asn1_parser_t, iterate, bool,
DBG1(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
this->success = FALSE;
+ goto end;
}
blob1->ptr = blob->ptr;
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index a0e882b2c..6fa8f4e54 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -75,7 +75,7 @@ const oid_t oid_names[] = {
{ 0x36, 63, 0, 2, "inhibitAnyPolicy" }, /* 62 */
{ 0x37, 64, 0, 2, "targetInformation" }, /* 63 */
{ 0x38, 0, 0, 2, "noRevAvail" }, /* 64 */
- {0x2A, 188, 1, 0, "" }, /* 65 */
+ {0x2A, 189, 1, 0, "" }, /* 65 */
{ 0x83, 78, 1, 1, "" }, /* 66 */
{ 0x08, 0, 1, 2, "jp" }, /* 67 */
{ 0x8C, 0, 1, 3, "" }, /* 68 */
@@ -90,7 +90,7 @@ const oid_t oid_names[] = {
{ 0x04, 0, 0, 10, "camellia256-cbc" }, /* 77 */
{ 0x86, 0, 1, 1, "" }, /* 78 */
{ 0x48, 0, 1, 2, "us" }, /* 79 */
- { 0x86, 147, 1, 3, "" }, /* 80 */
+ { 0x86, 148, 1, 3, "" }, /* 80 */
{ 0xF6, 86, 1, 4, "" }, /* 81 */
{ 0x7D, 0, 1, 5, "NortelNetworks" }, /* 82 */
{ 0x07, 0, 1, 6, "Entrust" }, /* 83 */
@@ -98,320 +98,344 @@ const oid_t oid_names[] = {
{ 0x00, 0, 0, 8, "entrustVersInfo" }, /* 85 */
{ 0xF7, 0, 1, 4, "" }, /* 86 */
{ 0x0D, 0, 1, 5, "RSADSI" }, /* 87 */
- { 0x01, 142, 1, 6, "PKCS" }, /* 88 */
- { 0x01, 100, 1, 7, "PKCS-1" }, /* 89 */
+ { 0x01, 143, 1, 6, "PKCS" }, /* 88 */
+ { 0x01, 101, 1, 7, "PKCS-1" }, /* 89 */
{ 0x01, 91, 0, 8, "rsaEncryption" }, /* 90 */
{ 0x02, 92, 0, 8, "md2WithRSAEncryption" }, /* 91 */
{ 0x04, 93, 0, 8, "md5WithRSAEncryption" }, /* 92 */
{ 0x05, 94, 0, 8, "sha-1WithRSAEncryption" }, /* 93 */
{ 0x07, 95, 0, 8, "id-RSAES-OAEP" }, /* 94 */
- { 0x09, 96, 0, 8, "id-pSpecified" }, /* 95 */
- { 0x0B, 97, 0, 8, "sha256WithRSAEncryption" }, /* 96 */
- { 0x0C, 98, 0, 8, "sha384WithRSAEncryption" }, /* 97 */
- { 0x0D, 99, 0, 8, "sha512WithRSAEncryption" }, /* 98 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 99 */
- { 0x05, 105, 1, 7, "PKCS-5" }, /* 100 */
- { 0x03, 102, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 101 */
- { 0x0A, 103, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 102 */
- { 0x0C, 104, 0, 8, "id-PBKDF2" }, /* 103 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 104 */
- { 0x07, 112, 1, 7, "PKCS-7" }, /* 105 */
- { 0x01, 107, 0, 8, "data" }, /* 106 */
- { 0x02, 108, 0, 8, "signedData" }, /* 107 */
- { 0x03, 109, 0, 8, "envelopedData" }, /* 108 */
- { 0x04, 110, 0, 8, "signedAndEnvelopedData" }, /* 109 */
- { 0x05, 111, 0, 8, "digestedData" }, /* 110 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 111 */
- { 0x09, 126, 1, 7, "PKCS-9" }, /* 112 */
- { 0x01, 114, 0, 8, "E" }, /* 113 */
- { 0x02, 115, 0, 8, "unstructuredName" }, /* 114 */
- { 0x03, 116, 0, 8, "contentType" }, /* 115 */
- { 0x04, 117, 0, 8, "messageDigest" }, /* 116 */
- { 0x05, 118, 0, 8, "signingTime" }, /* 117 */
- { 0x06, 119, 0, 8, "counterSignature" }, /* 118 */
- { 0x07, 120, 0, 8, "challengePassword" }, /* 119 */
- { 0x08, 121, 0, 8, "unstructuredAddress" }, /* 120 */
- { 0x0E, 122, 0, 8, "extensionRequest" }, /* 121 */
- { 0x0F, 123, 0, 8, "S/MIME Capabilities" }, /* 122 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 123 */
- { 0x01, 125, 0, 9, "X.509" }, /* 124 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 125 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 126 */
- { 0x01, 134, 1, 8, "pbeIds" }, /* 127 */
- { 0x01, 129, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 128 */
- { 0x02, 130, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 129 */
- { 0x03, 131, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 130 */
- { 0x04, 132, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 131 */
- { 0x05, 133, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 132 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 133 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 134 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 135 */
- { 0x01, 137, 0, 10, "keyBag" }, /* 136 */
- { 0x02, 138, 0, 10, "pkcs8ShroudedKeyBag" }, /* 137 */
- { 0x03, 139, 0, 10, "certBag" }, /* 138 */
- { 0x04, 140, 0, 10, "crlBag" }, /* 139 */
- { 0x05, 141, 0, 10, "secretBag" }, /* 140 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 141 */
- { 0x02, 145, 1, 6, "digestAlgorithm" }, /* 142 */
- { 0x02, 144, 0, 7, "md2" }, /* 143 */
- { 0x05, 0, 0, 7, "md5" }, /* 144 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 145 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 146 */
- { 0xCE, 0, 1, 3, "" }, /* 147 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 148 */
- { 0x02, 151, 1, 5, "id-publicKeyType" }, /* 149 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 150 */
- { 0x03, 181, 1, 5, "ellipticCurve" }, /* 151 */
- { 0x00, 173, 1, 6, "c-TwoCurve" }, /* 152 */
- { 0x01, 154, 0, 7, "c2pnb163v1" }, /* 153 */
- { 0x02, 155, 0, 7, "c2pnb163v2" }, /* 154 */
- { 0x03, 156, 0, 7, "c2pnb163v3" }, /* 155 */
- { 0x04, 157, 0, 7, "c2pnb176w1" }, /* 156 */
- { 0x05, 158, 0, 7, "c2tnb191v1" }, /* 157 */
- { 0x06, 159, 0, 7, "c2tnb191v2" }, /* 158 */
- { 0x07, 160, 0, 7, "c2tnb191v3" }, /* 159 */
- { 0x08, 161, 0, 7, "c2onb191v4" }, /* 160 */
- { 0x09, 162, 0, 7, "c2onb191v5" }, /* 161 */
- { 0x0A, 163, 0, 7, "c2pnb208w1" }, /* 162 */
- { 0x0B, 164, 0, 7, "c2tnb239v1" }, /* 163 */
- { 0x0C, 165, 0, 7, "c2tnb239v2" }, /* 164 */
- { 0x0D, 166, 0, 7, "c2tnb239v3" }, /* 165 */
- { 0x0E, 167, 0, 7, "c2onb239v4" }, /* 166 */
- { 0x0F, 168, 0, 7, "c2onb239v5" }, /* 167 */
- { 0x10, 169, 0, 7, "c2pnb272w1" }, /* 168 */
- { 0x11, 170, 0, 7, "c2pnb304w1" }, /* 169 */
- { 0x12, 171, 0, 7, "c2tnb359v1" }, /* 170 */
- { 0x13, 172, 0, 7, "c2pnb368w1" }, /* 171 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 172 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 173 */
- { 0x01, 175, 0, 7, "prime192v1" }, /* 174 */
- { 0x02, 176, 0, 7, "prime192v2" }, /* 175 */
- { 0x03, 177, 0, 7, "prime192v3" }, /* 176 */
- { 0x04, 178, 0, 7, "prime239v1" }, /* 177 */
- { 0x05, 179, 0, 7, "prime239v2" }, /* 178 */
- { 0x06, 180, 0, 7, "prime239v3" }, /* 179 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 180 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 181 */
- { 0x01, 183, 0, 6, "ecdsa-with-SHA1" }, /* 182 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 183 */
- { 0x01, 185, 0, 7, "ecdsa-with-SHA224" }, /* 184 */
- { 0x02, 186, 0, 7, "ecdsa-with-SHA256" }, /* 185 */
- { 0x03, 187, 0, 7, "ecdsa-with-SHA384" }, /* 186 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 187 */
- {0x2B, 348, 1, 0, "" }, /* 188 */
- { 0x06, 262, 1, 1, "dod" }, /* 189 */
- { 0x01, 0, 1, 2, "internet" }, /* 190 */
- { 0x04, 213, 1, 3, "private" }, /* 191 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 192 */
- { 0x82, 206, 1, 5, "" }, /* 193 */
- { 0x37, 203, 1, 6, "Microsoft" }, /* 194 */
- { 0x0A, 199, 1, 7, "" }, /* 195 */
- { 0x03, 0, 1, 8, "" }, /* 196 */
- { 0x03, 198, 0, 9, "msSGC" }, /* 197 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 198 */
- { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 199 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 200 */
- { 0x02, 202, 0, 9, "msSmartcardLogon" }, /* 201 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 202 */
- { 0xA0, 0, 1, 6, "" }, /* 203 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 204 */
- { 0x01, 0, 0, 8, "strongSwan" }, /* 205 */
- { 0x89, 0, 1, 5, "" }, /* 206 */
- { 0x31, 0, 1, 6, "" }, /* 207 */
- { 0x01, 0, 1, 7, "" }, /* 208 */
- { 0x01, 0, 1, 8, "" }, /* 209 */
- { 0x02, 0, 1, 9, "" }, /* 210 */
- { 0x02, 0, 1, 10, "" }, /* 211 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 212 */
- { 0x05, 0, 1, 3, "security" }, /* 213 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 214 */
- { 0x07, 259, 1, 5, "id-pkix" }, /* 215 */
- { 0x01, 220, 1, 6, "id-pe" }, /* 216 */
- { 0x01, 218, 0, 7, "authorityInfoAccess" }, /* 217 */
- { 0x03, 219, 0, 7, "qcStatements" }, /* 218 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 219 */
- { 0x02, 223, 1, 6, "id-qt" }, /* 220 */
- { 0x01, 222, 0, 7, "cps" }, /* 221 */
- { 0x02, 0, 0, 7, "unotice" }, /* 222 */
- { 0x03, 233, 1, 6, "id-kp" }, /* 223 */
- { 0x01, 225, 0, 7, "serverAuth" }, /* 224 */
- { 0x02, 226, 0, 7, "clientAuth" }, /* 225 */
- { 0x03, 227, 0, 7, "codeSigning" }, /* 226 */
- { 0x04, 228, 0, 7, "emailProtection" }, /* 227 */
- { 0x05, 229, 0, 7, "ipsecEndSystem" }, /* 228 */
- { 0x06, 230, 0, 7, "ipsecTunnel" }, /* 229 */
- { 0x07, 231, 0, 7, "ipsecUser" }, /* 230 */
- { 0x08, 232, 0, 7, "timeStamping" }, /* 231 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 232 */
- { 0x08, 241, 1, 6, "id-otherNames" }, /* 233 */
- { 0x01, 235, 0, 7, "personalData" }, /* 234 */
- { 0x02, 236, 0, 7, "userGroup" }, /* 235 */
- { 0x03, 237, 0, 7, "id-on-permanentIdentifier" }, /* 236 */
- { 0x04, 238, 0, 7, "id-on-hardwareModuleName" }, /* 237 */
- { 0x05, 239, 0, 7, "xmppAddr" }, /* 238 */
- { 0x06, 240, 0, 7, "id-on-SIM" }, /* 239 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 240 */
- { 0x0A, 246, 1, 6, "id-aca" }, /* 241 */
- { 0x01, 243, 0, 7, "authenticationInfo" }, /* 242 */
- { 0x02, 244, 0, 7, "accessIdentity" }, /* 243 */
- { 0x03, 245, 0, 7, "chargingIdentity" }, /* 244 */
- { 0x04, 0, 0, 7, "group" }, /* 245 */
- { 0x0B, 247, 0, 6, "subjectInfoAccess" }, /* 246 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 247 */
- { 0x01, 256, 1, 7, "ocsp" }, /* 248 */
- { 0x01, 250, 0, 8, "basic" }, /* 249 */
- { 0x02, 251, 0, 8, "nonce" }, /* 250 */
- { 0x03, 252, 0, 8, "crl" }, /* 251 */
- { 0x04, 253, 0, 8, "response" }, /* 252 */
- { 0x05, 254, 0, 8, "noCheck" }, /* 253 */
- { 0x06, 255, 0, 8, "archiveCutoff" }, /* 254 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 255 */
- { 0x02, 257, 0, 7, "caIssuers" }, /* 256 */
- { 0x03, 258, 0, 7, "timeStamping" }, /* 257 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 258 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 259 */
- { 0x02, 0, 1, 6, "certificate" }, /* 260 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 261 */
- { 0x0E, 268, 1, 1, "oiw" }, /* 262 */
- { 0x03, 0, 1, 2, "secsig" }, /* 263 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 264 */
- { 0x07, 266, 0, 4, "des-cbc" }, /* 265 */
- { 0x1A, 267, 0, 4, "sha-1" }, /* 266 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 267 */
- { 0x24, 314, 1, 1, "TeleTrusT" }, /* 268 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 269 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 270 */
- { 0x01, 275, 1, 4, "rsaSignature" }, /* 271 */
- { 0x02, 273, 0, 5, "rsaSigWithripemd160" }, /* 272 */
- { 0x03, 274, 0, 5, "rsaSigWithripemd128" }, /* 273 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 274 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 275 */
- { 0x01, 277, 0, 5, "ecSignWithsha1" }, /* 276 */
- { 0x02, 278, 0, 5, "ecSignWithripemd160" }, /* 277 */
- { 0x03, 279, 0, 5, "ecSignWithmd2" }, /* 278 */
- { 0x04, 280, 0, 5, "ecSignWithmd5" }, /* 279 */
- { 0x05, 297, 1, 5, "ttt-ecg" }, /* 280 */
- { 0x01, 285, 1, 6, "fieldType" }, /* 281 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 282 */
- { 0x01, 0, 1, 8, "basisType" }, /* 283 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 284 */
- { 0x02, 287, 1, 6, "keyType" }, /* 285 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 286 */
- { 0x03, 288, 0, 6, "curve" }, /* 287 */
- { 0x04, 295, 1, 6, "signatures" }, /* 288 */
- { 0x01, 290, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 289 */
- { 0x02, 291, 0, 7, "ecgdsa-with-SHA1" }, /* 290 */
- { 0x03, 292, 0, 7, "ecgdsa-with-SHA224" }, /* 291 */
- { 0x04, 293, 0, 7, "ecgdsa-with-SHA256" }, /* 292 */
- { 0x05, 294, 0, 7, "ecgdsa-with-SHA384" }, /* 293 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 294 */
- { 0x05, 0, 1, 6, "module" }, /* 295 */
- { 0x01, 0, 0, 7, "1" }, /* 296 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 297 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 298 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 299 */
- { 0x01, 301, 0, 8, "brainpoolP160r1" }, /* 300 */
- { 0x02, 302, 0, 8, "brainpoolP160t1" }, /* 301 */
- { 0x03, 303, 0, 8, "brainpoolP192r1" }, /* 302 */
- { 0x04, 304, 0, 8, "brainpoolP192t1" }, /* 303 */
- { 0x05, 305, 0, 8, "brainpoolP224r1" }, /* 304 */
- { 0x06, 306, 0, 8, "brainpoolP224t1" }, /* 305 */
- { 0x07, 307, 0, 8, "brainpoolP256r1" }, /* 306 */
- { 0x08, 308, 0, 8, "brainpoolP256t1" }, /* 307 */
- { 0x09, 309, 0, 8, "brainpoolP320r1" }, /* 308 */
- { 0x0A, 310, 0, 8, "brainpoolP320t1" }, /* 309 */
- { 0x0B, 311, 0, 8, "brainpoolP384r1" }, /* 310 */
- { 0x0C, 312, 0, 8, "brainpoolP384t1" }, /* 311 */
- { 0x0D, 313, 0, 8, "brainpoolP512r1" }, /* 312 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 313 */
- { 0x81, 0, 1, 1, "" }, /* 314 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 315 */
- { 0x00, 0, 1, 3, "curve" }, /* 316 */
- { 0x01, 318, 0, 4, "sect163k1" }, /* 317 */
- { 0x02, 319, 0, 4, "sect163r1" }, /* 318 */
- { 0x03, 320, 0, 4, "sect239k1" }, /* 319 */
- { 0x04, 321, 0, 4, "sect113r1" }, /* 320 */
- { 0x05, 322, 0, 4, "sect113r2" }, /* 321 */
- { 0x06, 323, 0, 4, "secp112r1" }, /* 322 */
- { 0x07, 324, 0, 4, "secp112r2" }, /* 323 */
- { 0x08, 325, 0, 4, "secp160r1" }, /* 324 */
- { 0x09, 326, 0, 4, "secp160k1" }, /* 325 */
- { 0x0A, 327, 0, 4, "secp256k1" }, /* 326 */
- { 0x0F, 328, 0, 4, "sect163r2" }, /* 327 */
- { 0x10, 329, 0, 4, "sect283k1" }, /* 328 */
- { 0x11, 330, 0, 4, "sect283r1" }, /* 329 */
- { 0x16, 331, 0, 4, "sect131r1" }, /* 330 */
- { 0x17, 332, 0, 4, "sect131r2" }, /* 331 */
- { 0x18, 333, 0, 4, "sect193r1" }, /* 332 */
- { 0x19, 334, 0, 4, "sect193r2" }, /* 333 */
- { 0x1A, 335, 0, 4, "sect233k1" }, /* 334 */
- { 0x1B, 336, 0, 4, "sect233r1" }, /* 335 */
- { 0x1C, 337, 0, 4, "secp128r1" }, /* 336 */
- { 0x1D, 338, 0, 4, "secp128r2" }, /* 337 */
- { 0x1E, 339, 0, 4, "secp160r2" }, /* 338 */
- { 0x1F, 340, 0, 4, "secp192k1" }, /* 339 */
- { 0x20, 341, 0, 4, "secp224k1" }, /* 340 */
- { 0x21, 342, 0, 4, "secp224r1" }, /* 341 */
- { 0x22, 343, 0, 4, "secp384r1" }, /* 342 */
- { 0x23, 344, 0, 4, "secp521r1" }, /* 343 */
- { 0x24, 345, 0, 4, "sect409k1" }, /* 344 */
- { 0x25, 346, 0, 4, "sect409r1" }, /* 345 */
- { 0x26, 347, 0, 4, "sect571k1" }, /* 346 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 347 */
- {0x60, 396, 1, 0, "" }, /* 348 */
- { 0x86, 0, 1, 1, "" }, /* 349 */
- { 0x48, 0, 1, 2, "" }, /* 350 */
- { 0x01, 0, 1, 3, "organization" }, /* 351 */
- { 0x65, 372, 1, 4, "gov" }, /* 352 */
- { 0x03, 0, 1, 5, "csor" }, /* 353 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 354 */
- { 0x01, 365, 1, 7, "aes" }, /* 355 */
- { 0x02, 357, 0, 8, "id-aes128-CBC" }, /* 356 */
- { 0x06, 358, 0, 8, "id-aes128-GCM" }, /* 357 */
- { 0x07, 359, 0, 8, "id-aes128-CCM" }, /* 358 */
- { 0x16, 360, 0, 8, "id-aes192-CBC" }, /* 359 */
- { 0x1A, 361, 0, 8, "id-aes192-GCM" }, /* 360 */
- { 0x1B, 362, 0, 8, "id-aes192-CCM" }, /* 361 */
- { 0x2A, 363, 0, 8, "id-aes256-CBC" }, /* 362 */
- { 0x2E, 364, 0, 8, "id-aes256-GCM" }, /* 363 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 364 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 365 */
- { 0x01, 367, 0, 8, "id-SHA-256" }, /* 366 */
- { 0x02, 368, 0, 8, "id-SHA-384" }, /* 367 */
- { 0x03, 369, 0, 8, "id-SHA-512" }, /* 368 */
- { 0x04, 370, 0, 8, "id-SHA-224" }, /* 369 */
- { 0x05, 371, 0, 8, "id-SHA-512-224" }, /* 370 */
- { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 371 */
- { 0x86, 0, 1, 4, "" }, /* 372 */
- { 0xf8, 0, 1, 5, "" }, /* 373 */
- { 0x42, 386, 1, 6, "netscape" }, /* 374 */
- { 0x01, 381, 1, 7, "" }, /* 375 */
- { 0x01, 377, 0, 8, "nsCertType" }, /* 376 */
- { 0x03, 378, 0, 8, "nsRevocationUrl" }, /* 377 */
- { 0x04, 379, 0, 8, "nsCaRevocationUrl" }, /* 378 */
- { 0x08, 380, 0, 8, "nsCaPolicyUrl" }, /* 379 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 380 */
- { 0x03, 384, 1, 7, "directory" }, /* 381 */
- { 0x01, 0, 1, 8, "" }, /* 382 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 383 */
- { 0x04, 0, 1, 7, "policy" }, /* 384 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 385 */
- { 0x45, 0, 1, 6, "verisign" }, /* 386 */
- { 0x01, 0, 1, 7, "pki" }, /* 387 */
- { 0x09, 0, 1, 8, "attributes" }, /* 388 */
- { 0x02, 390, 0, 9, "messageType" }, /* 389 */
- { 0x03, 391, 0, 9, "pkiStatus" }, /* 390 */
- { 0x04, 392, 0, 9, "failInfo" }, /* 391 */
- { 0x05, 393, 0, 9, "senderNonce" }, /* 392 */
- { 0x06, 394, 0, 9, "recipientNonce" }, /* 393 */
- { 0x07, 395, 0, 9, "transID" }, /* 394 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 395 */
- {0x67, 0, 1, 0, "" }, /* 396 */
- { 0x81, 0, 1, 1, "" }, /* 397 */
- { 0x05, 0, 1, 2, "" }, /* 398 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 399 */
- { 0x01, 401, 0, 4, "tcg-at-tpmManufacturer" }, /* 400 */
- { 0x02, 402, 0, 4, "tcg-at-tpmModel" }, /* 401 */
- { 0x03, 403, 0, 4, "tcg-at-tpmVersion" }, /* 402 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 403 */
+ { 0x08, 96, 0, 8, "id-mgf1" }, /* 95 */
+ { 0x09, 97, 0, 8, "id-pSpecified" }, /* 96 */
+ { 0x0B, 98, 0, 8, "sha256WithRSAEncryption" }, /* 97 */
+ { 0x0C, 99, 0, 8, "sha384WithRSAEncryption" }, /* 98 */
+ { 0x0D, 100, 0, 8, "sha512WithRSAEncryption" }, /* 99 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 100 */
+ { 0x05, 106, 1, 7, "PKCS-5" }, /* 101 */
+ { 0x03, 103, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 102 */
+ { 0x0A, 104, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 103 */
+ { 0x0C, 105, 0, 8, "id-PBKDF2" }, /* 104 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 105 */
+ { 0x07, 113, 1, 7, "PKCS-7" }, /* 106 */
+ { 0x01, 108, 0, 8, "data" }, /* 107 */
+ { 0x02, 109, 0, 8, "signedData" }, /* 108 */
+ { 0x03, 110, 0, 8, "envelopedData" }, /* 109 */
+ { 0x04, 111, 0, 8, "signedAndEnvelopedData" }, /* 110 */
+ { 0x05, 112, 0, 8, "digestedData" }, /* 111 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 112 */
+ { 0x09, 127, 1, 7, "PKCS-9" }, /* 113 */
+ { 0x01, 115, 0, 8, "E" }, /* 114 */
+ { 0x02, 116, 0, 8, "unstructuredName" }, /* 115 */
+ { 0x03, 117, 0, 8, "contentType" }, /* 116 */
+ { 0x04, 118, 0, 8, "messageDigest" }, /* 117 */
+ { 0x05, 119, 0, 8, "signingTime" }, /* 118 */
+ { 0x06, 120, 0, 8, "counterSignature" }, /* 119 */
+ { 0x07, 121, 0, 8, "challengePassword" }, /* 120 */
+ { 0x08, 122, 0, 8, "unstructuredAddress" }, /* 121 */
+ { 0x0E, 123, 0, 8, "extensionRequest" }, /* 122 */
+ { 0x0F, 124, 0, 8, "S/MIME Capabilities" }, /* 123 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 124 */
+ { 0x01, 126, 0, 9, "X.509" }, /* 125 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 126 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 127 */
+ { 0x01, 135, 1, 8, "pbeIds" }, /* 128 */
+ { 0x01, 130, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 129 */
+ { 0x02, 131, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 130 */
+ { 0x03, 132, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 131 */
+ { 0x04, 133, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 132 */
+ { 0x05, 134, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 133 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 134 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 135 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 136 */
+ { 0x01, 138, 0, 10, "keyBag" }, /* 137 */
+ { 0x02, 139, 0, 10, "pkcs8ShroudedKeyBag" }, /* 138 */
+ { 0x03, 140, 0, 10, "certBag" }, /* 139 */
+ { 0x04, 141, 0, 10, "crlBag" }, /* 140 */
+ { 0x05, 142, 0, 10, "secretBag" }, /* 141 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 142 */
+ { 0x02, 146, 1, 6, "digestAlgorithm" }, /* 143 */
+ { 0x02, 145, 0, 7, "md2" }, /* 144 */
+ { 0x05, 0, 0, 7, "md5" }, /* 145 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 146 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 147 */
+ { 0xCE, 0, 1, 3, "" }, /* 148 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 149 */
+ { 0x02, 152, 1, 5, "id-publicKeyType" }, /* 150 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 151 */
+ { 0x03, 182, 1, 5, "ellipticCurve" }, /* 152 */
+ { 0x00, 174, 1, 6, "c-TwoCurve" }, /* 153 */
+ { 0x01, 155, 0, 7, "c2pnb163v1" }, /* 154 */
+ { 0x02, 156, 0, 7, "c2pnb163v2" }, /* 155 */
+ { 0x03, 157, 0, 7, "c2pnb163v3" }, /* 156 */
+ { 0x04, 158, 0, 7, "c2pnb176w1" }, /* 157 */
+ { 0x05, 159, 0, 7, "c2tnb191v1" }, /* 158 */
+ { 0x06, 160, 0, 7, "c2tnb191v2" }, /* 159 */
+ { 0x07, 161, 0, 7, "c2tnb191v3" }, /* 160 */
+ { 0x08, 162, 0, 7, "c2onb191v4" }, /* 161 */
+ { 0x09, 163, 0, 7, "c2onb191v5" }, /* 162 */
+ { 0x0A, 164, 0, 7, "c2pnb208w1" }, /* 163 */
+ { 0x0B, 165, 0, 7, "c2tnb239v1" }, /* 164 */
+ { 0x0C, 166, 0, 7, "c2tnb239v2" }, /* 165 */
+ { 0x0D, 167, 0, 7, "c2tnb239v3" }, /* 166 */
+ { 0x0E, 168, 0, 7, "c2onb239v4" }, /* 167 */
+ { 0x0F, 169, 0, 7, "c2onb239v5" }, /* 168 */
+ { 0x10, 170, 0, 7, "c2pnb272w1" }, /* 169 */
+ { 0x11, 171, 0, 7, "c2pnb304w1" }, /* 170 */
+ { 0x12, 172, 0, 7, "c2tnb359v1" }, /* 171 */
+ { 0x13, 173, 0, 7, "c2pnb368w1" }, /* 172 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 173 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 174 */
+ { 0x01, 176, 0, 7, "prime192v1" }, /* 175 */
+ { 0x02, 177, 0, 7, "prime192v2" }, /* 176 */
+ { 0x03, 178, 0, 7, "prime192v3" }, /* 177 */
+ { 0x04, 179, 0, 7, "prime239v1" }, /* 178 */
+ { 0x05, 180, 0, 7, "prime239v2" }, /* 179 */
+ { 0x06, 181, 0, 7, "prime239v3" }, /* 180 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 181 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 182 */
+ { 0x01, 184, 0, 6, "ecdsa-with-SHA1" }, /* 183 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 184 */
+ { 0x01, 186, 0, 7, "ecdsa-with-SHA224" }, /* 185 */
+ { 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */
+ { 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */
+ {0x2B, 372, 1, 0, "" }, /* 189 */
+ { 0x06, 286, 1, 1, "dod" }, /* 190 */
+ { 0x01, 0, 1, 2, "internet" }, /* 191 */
+ { 0x04, 237, 1, 3, "private" }, /* 192 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 193 */
+ { 0x82, 207, 1, 5, "" }, /* 194 */
+ { 0x37, 204, 1, 6, "Microsoft" }, /* 195 */
+ { 0x0A, 200, 1, 7, "" }, /* 196 */
+ { 0x03, 0, 1, 8, "" }, /* 197 */
+ { 0x03, 199, 0, 9, "msSGC" }, /* 198 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 199 */
+ { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 200 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 201 */
+ { 0x02, 203, 0, 9, "msSmartcardLogon" }, /* 202 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 203 */
+ { 0xA0, 0, 1, 6, "" }, /* 204 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 205 */
+ { 0x01, 0, 0, 8, "strongSwan" }, /* 206 */
+ { 0x89, 214, 1, 5, "" }, /* 207 */
+ { 0x31, 0, 1, 6, "" }, /* 208 */
+ { 0x01, 0, 1, 7, "" }, /* 209 */
+ { 0x01, 0, 1, 8, "" }, /* 210 */
+ { 0x02, 0, 1, 9, "" }, /* 211 */
+ { 0x02, 0, 1, 10, "" }, /* 212 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 213 */
+ { 0xc1, 0, 1, 5, "" }, /* 214 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 215 */
+ { 0x01, 0, 1, 7, "eess" }, /* 216 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 217 */
+ { 0x01, 222, 1, 9, "eess1-algs" }, /* 218 */
+ { 0x01, 220, 0, 10, "ntru-EESS1v1-SVES" }, /* 219 */
+ { 0x02, 221, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 220 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 221 */
+ { 0x02, 236, 1, 9, "eess1-params" }, /* 222 */
+ { 0x01, 224, 0, 10, "ees251ep1" }, /* 223 */
+ { 0x02, 225, 0, 10, "ees347ep1" }, /* 224 */
+ { 0x03, 226, 0, 10, "ees503ep1" }, /* 225 */
+ { 0x07, 227, 0, 10, "ees251sp2" }, /* 226 */
+ { 0x0C, 228, 0, 10, "ees251ep4" }, /* 227 */
+ { 0x0D, 229, 0, 10, "ees251ep5" }, /* 228 */
+ { 0x0E, 230, 0, 10, "ees251sp3" }, /* 229 */
+ { 0x0F, 231, 0, 10, "ees251sp4" }, /* 230 */
+ { 0x10, 232, 0, 10, "ees251sp5" }, /* 231 */
+ { 0x11, 233, 0, 10, "ees251sp6" }, /* 232 */
+ { 0x12, 234, 0, 10, "ees251sp7" }, /* 233 */
+ { 0x13, 235, 0, 10, "ees251sp8" }, /* 234 */
+ { 0x14, 0, 0, 10, "ees251sp9" }, /* 235 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 236 */
+ { 0x05, 0, 1, 3, "security" }, /* 237 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 238 */
+ { 0x07, 283, 1, 5, "id-pkix" }, /* 239 */
+ { 0x01, 244, 1, 6, "id-pe" }, /* 240 */
+ { 0x01, 242, 0, 7, "authorityInfoAccess" }, /* 241 */
+ { 0x03, 243, 0, 7, "qcStatements" }, /* 242 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 243 */
+ { 0x02, 247, 1, 6, "id-qt" }, /* 244 */
+ { 0x01, 246, 0, 7, "cps" }, /* 245 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 246 */
+ { 0x03, 257, 1, 6, "id-kp" }, /* 247 */
+ { 0x01, 249, 0, 7, "serverAuth" }, /* 248 */
+ { 0x02, 250, 0, 7, "clientAuth" }, /* 249 */
+ { 0x03, 251, 0, 7, "codeSigning" }, /* 250 */
+ { 0x04, 252, 0, 7, "emailProtection" }, /* 251 */
+ { 0x05, 253, 0, 7, "ipsecEndSystem" }, /* 252 */
+ { 0x06, 254, 0, 7, "ipsecTunnel" }, /* 253 */
+ { 0x07, 255, 0, 7, "ipsecUser" }, /* 254 */
+ { 0x08, 256, 0, 7, "timeStamping" }, /* 255 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 256 */
+ { 0x08, 265, 1, 6, "id-otherNames" }, /* 257 */
+ { 0x01, 259, 0, 7, "personalData" }, /* 258 */
+ { 0x02, 260, 0, 7, "userGroup" }, /* 259 */
+ { 0x03, 261, 0, 7, "id-on-permanentIdentifier" }, /* 260 */
+ { 0x04, 262, 0, 7, "id-on-hardwareModuleName" }, /* 261 */
+ { 0x05, 263, 0, 7, "xmppAddr" }, /* 262 */
+ { 0x06, 264, 0, 7, "id-on-SIM" }, /* 263 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 264 */
+ { 0x0A, 270, 1, 6, "id-aca" }, /* 265 */
+ { 0x01, 267, 0, 7, "authenticationInfo" }, /* 266 */
+ { 0x02, 268, 0, 7, "accessIdentity" }, /* 267 */
+ { 0x03, 269, 0, 7, "chargingIdentity" }, /* 268 */
+ { 0x04, 0, 0, 7, "group" }, /* 269 */
+ { 0x0B, 271, 0, 6, "subjectInfoAccess" }, /* 270 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 271 */
+ { 0x01, 280, 1, 7, "ocsp" }, /* 272 */
+ { 0x01, 274, 0, 8, "basic" }, /* 273 */
+ { 0x02, 275, 0, 8, "nonce" }, /* 274 */
+ { 0x03, 276, 0, 8, "crl" }, /* 275 */
+ { 0x04, 277, 0, 8, "response" }, /* 276 */
+ { 0x05, 278, 0, 8, "noCheck" }, /* 277 */
+ { 0x06, 279, 0, 8, "archiveCutoff" }, /* 278 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 279 */
+ { 0x02, 281, 0, 7, "caIssuers" }, /* 280 */
+ { 0x03, 282, 0, 7, "timeStamping" }, /* 281 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 282 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 283 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 284 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 285 */
+ { 0x0E, 292, 1, 1, "oiw" }, /* 286 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 287 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 288 */
+ { 0x07, 290, 0, 4, "des-cbc" }, /* 289 */
+ { 0x1A, 291, 0, 4, "sha-1" }, /* 290 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 291 */
+ { 0x24, 338, 1, 1, "TeleTrusT" }, /* 292 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 293 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 294 */
+ { 0x01, 299, 1, 4, "rsaSignature" }, /* 295 */
+ { 0x02, 297, 0, 5, "rsaSigWithripemd160" }, /* 296 */
+ { 0x03, 298, 0, 5, "rsaSigWithripemd128" }, /* 297 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 298 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 299 */
+ { 0x01, 301, 0, 5, "ecSignWithsha1" }, /* 300 */
+ { 0x02, 302, 0, 5, "ecSignWithripemd160" }, /* 301 */
+ { 0x03, 303, 0, 5, "ecSignWithmd2" }, /* 302 */
+ { 0x04, 304, 0, 5, "ecSignWithmd5" }, /* 303 */
+ { 0x05, 321, 1, 5, "ttt-ecg" }, /* 304 */
+ { 0x01, 309, 1, 6, "fieldType" }, /* 305 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 306 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 307 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 308 */
+ { 0x02, 311, 1, 6, "keyType" }, /* 309 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 310 */
+ { 0x03, 312, 0, 6, "curve" }, /* 311 */
+ { 0x04, 319, 1, 6, "signatures" }, /* 312 */
+ { 0x01, 314, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 313 */
+ { 0x02, 315, 0, 7, "ecgdsa-with-SHA1" }, /* 314 */
+ { 0x03, 316, 0, 7, "ecgdsa-with-SHA224" }, /* 315 */
+ { 0x04, 317, 0, 7, "ecgdsa-with-SHA256" }, /* 316 */
+ { 0x05, 318, 0, 7, "ecgdsa-with-SHA384" }, /* 317 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 318 */
+ { 0x05, 0, 1, 6, "module" }, /* 319 */
+ { 0x01, 0, 0, 7, "1" }, /* 320 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 321 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 322 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 323 */
+ { 0x01, 325, 0, 8, "brainpoolP160r1" }, /* 324 */
+ { 0x02, 326, 0, 8, "brainpoolP160t1" }, /* 325 */
+ { 0x03, 327, 0, 8, "brainpoolP192r1" }, /* 326 */
+ { 0x04, 328, 0, 8, "brainpoolP192t1" }, /* 327 */
+ { 0x05, 329, 0, 8, "brainpoolP224r1" }, /* 328 */
+ { 0x06, 330, 0, 8, "brainpoolP224t1" }, /* 329 */
+ { 0x07, 331, 0, 8, "brainpoolP256r1" }, /* 330 */
+ { 0x08, 332, 0, 8, "brainpoolP256t1" }, /* 331 */
+ { 0x09, 333, 0, 8, "brainpoolP320r1" }, /* 332 */
+ { 0x0A, 334, 0, 8, "brainpoolP320t1" }, /* 333 */
+ { 0x0B, 335, 0, 8, "brainpoolP384r1" }, /* 334 */
+ { 0x0C, 336, 0, 8, "brainpoolP384t1" }, /* 335 */
+ { 0x0D, 337, 0, 8, "brainpoolP512r1" }, /* 336 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 337 */
+ { 0x81, 0, 1, 1, "" }, /* 338 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 339 */
+ { 0x00, 0, 1, 3, "curve" }, /* 340 */
+ { 0x01, 342, 0, 4, "sect163k1" }, /* 341 */
+ { 0x02, 343, 0, 4, "sect163r1" }, /* 342 */
+ { 0x03, 344, 0, 4, "sect239k1" }, /* 343 */
+ { 0x04, 345, 0, 4, "sect113r1" }, /* 344 */
+ { 0x05, 346, 0, 4, "sect113r2" }, /* 345 */
+ { 0x06, 347, 0, 4, "secp112r1" }, /* 346 */
+ { 0x07, 348, 0, 4, "secp112r2" }, /* 347 */
+ { 0x08, 349, 0, 4, "secp160r1" }, /* 348 */
+ { 0x09, 350, 0, 4, "secp160k1" }, /* 349 */
+ { 0x0A, 351, 0, 4, "secp256k1" }, /* 350 */
+ { 0x0F, 352, 0, 4, "sect163r2" }, /* 351 */
+ { 0x10, 353, 0, 4, "sect283k1" }, /* 352 */
+ { 0x11, 354, 0, 4, "sect283r1" }, /* 353 */
+ { 0x16, 355, 0, 4, "sect131r1" }, /* 354 */
+ { 0x17, 356, 0, 4, "sect131r2" }, /* 355 */
+ { 0x18, 357, 0, 4, "sect193r1" }, /* 356 */
+ { 0x19, 358, 0, 4, "sect193r2" }, /* 357 */
+ { 0x1A, 359, 0, 4, "sect233k1" }, /* 358 */
+ { 0x1B, 360, 0, 4, "sect233r1" }, /* 359 */
+ { 0x1C, 361, 0, 4, "secp128r1" }, /* 360 */
+ { 0x1D, 362, 0, 4, "secp128r2" }, /* 361 */
+ { 0x1E, 363, 0, 4, "secp160r2" }, /* 362 */
+ { 0x1F, 364, 0, 4, "secp192k1" }, /* 363 */
+ { 0x20, 365, 0, 4, "secp224k1" }, /* 364 */
+ { 0x21, 366, 0, 4, "secp224r1" }, /* 365 */
+ { 0x22, 367, 0, 4, "secp384r1" }, /* 366 */
+ { 0x23, 368, 0, 4, "secp521r1" }, /* 367 */
+ { 0x24, 369, 0, 4, "sect409k1" }, /* 368 */
+ { 0x25, 370, 0, 4, "sect409r1" }, /* 369 */
+ { 0x26, 371, 0, 4, "sect571k1" }, /* 370 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 371 */
+ {0x60, 420, 1, 0, "" }, /* 372 */
+ { 0x86, 0, 1, 1, "" }, /* 373 */
+ { 0x48, 0, 1, 2, "" }, /* 374 */
+ { 0x01, 0, 1, 3, "organization" }, /* 375 */
+ { 0x65, 396, 1, 4, "gov" }, /* 376 */
+ { 0x03, 0, 1, 5, "csor" }, /* 377 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 378 */
+ { 0x01, 389, 1, 7, "aes" }, /* 379 */
+ { 0x02, 381, 0, 8, "id-aes128-CBC" }, /* 380 */
+ { 0x06, 382, 0, 8, "id-aes128-GCM" }, /* 381 */
+ { 0x07, 383, 0, 8, "id-aes128-CCM" }, /* 382 */
+ { 0x16, 384, 0, 8, "id-aes192-CBC" }, /* 383 */
+ { 0x1A, 385, 0, 8, "id-aes192-GCM" }, /* 384 */
+ { 0x1B, 386, 0, 8, "id-aes192-CCM" }, /* 385 */
+ { 0x2A, 387, 0, 8, "id-aes256-CBC" }, /* 386 */
+ { 0x2E, 388, 0, 8, "id-aes256-GCM" }, /* 387 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 388 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 389 */
+ { 0x01, 391, 0, 8, "id-SHA-256" }, /* 390 */
+ { 0x02, 392, 0, 8, "id-SHA-384" }, /* 391 */
+ { 0x03, 393, 0, 8, "id-SHA-512" }, /* 392 */
+ { 0x04, 394, 0, 8, "id-SHA-224" }, /* 393 */
+ { 0x05, 395, 0, 8, "id-SHA-512-224" }, /* 394 */
+ { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 395 */
+ { 0x86, 0, 1, 4, "" }, /* 396 */
+ { 0xf8, 0, 1, 5, "" }, /* 397 */
+ { 0x42, 410, 1, 6, "netscape" }, /* 398 */
+ { 0x01, 405, 1, 7, "" }, /* 399 */
+ { 0x01, 401, 0, 8, "nsCertType" }, /* 400 */
+ { 0x03, 402, 0, 8, "nsRevocationUrl" }, /* 401 */
+ { 0x04, 403, 0, 8, "nsCaRevocationUrl" }, /* 402 */
+ { 0x08, 404, 0, 8, "nsCaPolicyUrl" }, /* 403 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 404 */
+ { 0x03, 408, 1, 7, "directory" }, /* 405 */
+ { 0x01, 0, 1, 8, "" }, /* 406 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 407 */
+ { 0x04, 0, 1, 7, "policy" }, /* 408 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 409 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 410 */
+ { 0x01, 0, 1, 7, "pki" }, /* 411 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 412 */
+ { 0x02, 414, 0, 9, "messageType" }, /* 413 */
+ { 0x03, 415, 0, 9, "pkiStatus" }, /* 414 */
+ { 0x04, 416, 0, 9, "failInfo" }, /* 415 */
+ { 0x05, 417, 0, 9, "senderNonce" }, /* 416 */
+ { 0x06, 418, 0, 9, "recipientNonce" }, /* 417 */
+ { 0x07, 419, 0, 9, "transID" }, /* 418 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 419 */
+ {0x67, 0, 1, 0, "" }, /* 420 */
+ { 0x81, 0, 1, 1, "" }, /* 421 */
+ { 0x05, 0, 1, 2, "" }, /* 422 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 423 */
+ { 0x01, 425, 0, 4, "tcg-at-tpmManufacturer" }, /* 424 */
+ { 0x02, 426, 0, 4, "tcg-at-tpmModel" }, /* 425 */
+ { 0x03, 427, 0, 4, "tcg-at-tpmVersion" }, /* 426 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 427 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 236c86737..14f774adb 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -69,170 +69,170 @@ extern const oid_t oid_names[];
#define OID_MD5_WITH_RSA 92
#define OID_SHA1_WITH_RSA 93
#define OID_RSAES_OAEP 94
-#define OID_SHA256_WITH_RSA 96
-#define OID_SHA384_WITH_RSA 97
-#define OID_SHA512_WITH_RSA 98
-#define OID_SHA224_WITH_RSA 99
-#define OID_PBE_MD5_DES_CBC 101
-#define OID_PBE_SHA1_DES_CBC 102
-#define OID_PBKDF2 103
-#define OID_PBES2 104
-#define OID_PKCS7_DATA 106
-#define OID_PKCS7_SIGNED_DATA 107
-#define OID_PKCS7_ENVELOPED_DATA 108
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 109
-#define OID_PKCS7_DIGESTED_DATA 110
-#define OID_PKCS7_ENCRYPTED_DATA 111
-#define OID_EMAIL_ADDRESS 113
-#define OID_UNSTRUCTURED_NAME 114
-#define OID_PKCS9_CONTENT_TYPE 115
-#define OID_PKCS9_MESSAGE_DIGEST 116
-#define OID_PKCS9_SIGNING_TIME 117
-#define OID_CHALLENGE_PASSWORD 119
-#define OID_UNSTRUCTURED_ADDRESS 120
-#define OID_EXTENSION_REQUEST 121
-#define OID_X509_CERTIFICATE 124
-#define OID_PBE_SHA1_RC4_128 128
-#define OID_PBE_SHA1_RC4_40 129
-#define OID_PBE_SHA1_3DES_CBC 130
-#define OID_PBE_SHA1_3DES_2KEY_CBC 131
-#define OID_PBE_SHA1_RC2_CBC_128 132
-#define OID_PBE_SHA1_RC2_CBC_40 133
-#define OID_P12_KEY_BAG 136
-#define OID_P12_PKCS8_KEY_BAG 137
-#define OID_P12_CERT_BAG 138
-#define OID_P12_CRL_BAG 139
-#define OID_MD2 143
-#define OID_MD5 144
-#define OID_3DES_EDE_CBC 146
-#define OID_EC_PUBLICKEY 150
-#define OID_C2PNB163V1 153
-#define OID_C2PNB163V2 154
-#define OID_C2PNB163V3 155
-#define OID_C2PNB176W1 156
-#define OID_C2PNB191V1 157
-#define OID_C2PNB191V2 158
-#define OID_C2PNB191V3 159
-#define OID_C2PNB191V4 160
-#define OID_C2PNB191V5 161
-#define OID_C2PNB208W1 162
-#define OID_C2PNB239V1 163
-#define OID_C2PNB239V2 164
-#define OID_C2PNB239V3 165
-#define OID_C2PNB239V4 166
-#define OID_C2PNB239V5 167
-#define OID_C2PNB272W1 168
-#define OID_C2PNB304W1 169
-#define OID_C2PNB359V1 170
-#define OID_C2PNB368W1 171
-#define OID_C2PNB431R1 172
-#define OID_PRIME192V1 174
-#define OID_PRIME192V2 175
-#define OID_PRIME192V3 176
-#define OID_PRIME239V1 177
-#define OID_PRIME239V2 178
-#define OID_PRIME239V3 179
-#define OID_PRIME256V1 180
-#define OID_ECDSA_WITH_SHA1 182
-#define OID_ECDSA_WITH_SHA224 184
-#define OID_ECDSA_WITH_SHA256 185
-#define OID_ECDSA_WITH_SHA384 186
-#define OID_ECDSA_WITH_SHA512 187
-#define OID_USER_PRINCIPAL_NAME 202
-#define OID_STRONGSWAN 205
-#define OID_TCGID 212
-#define OID_AUTHORITY_INFO_ACCESS 217
-#define OID_IP_ADDR_BLOCKS 219
-#define OID_POLICY_QUALIFIER_CPS 221
-#define OID_POLICY_QUALIFIER_UNOTICE 222
-#define OID_SERVER_AUTH 224
-#define OID_CLIENT_AUTH 225
-#define OID_OCSP_SIGNING 232
-#define OID_XMPP_ADDR 238
-#define OID_AUTHENTICATION_INFO 242
-#define OID_ACCESS_IDENTITY 243
-#define OID_CHARGING_IDENTITY 244
-#define OID_GROUP 245
-#define OID_OCSP 248
-#define OID_BASIC 249
-#define OID_NONCE 250
-#define OID_CRL 251
-#define OID_RESPONSE 252
-#define OID_NO_CHECK 253
-#define OID_ARCHIVE_CUTOFF 254
-#define OID_SERVICE_LOCATOR 255
-#define OID_CA_ISSUERS 256
-#define OID_IKE_INTERMEDIATE 261
-#define OID_DES_CBC 265
-#define OID_SHA1 266
-#define OID_SHA1_WITH_RSA_OIW 267
-#define OID_ECGDSA_PUBKEY 286
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 289
-#define OID_ECGDSA_SIG_WITH_SHA1 290
-#define OID_ECGDSA_SIG_WITH_SHA224 291
-#define OID_ECGDSA_SIG_WITH_SHA256 292
-#define OID_ECGDSA_SIG_WITH_SHA384 293
-#define OID_ECGDSA_SIG_WITH_SHA512 294
-#define OID_SECT163K1 317
-#define OID_SECT163R1 318
-#define OID_SECT239K1 319
-#define OID_SECT113R1 320
-#define OID_SECT113R2 321
-#define OID_SECT112R1 322
-#define OID_SECT112R2 323
-#define OID_SECT160R1 324
-#define OID_SECT160K1 325
-#define OID_SECT256K1 326
-#define OID_SECT163R2 327
-#define OID_SECT283K1 328
-#define OID_SECT283R1 329
-#define OID_SECT131R1 330
-#define OID_SECT131R2 331
-#define OID_SECT193R1 332
-#define OID_SECT193R2 333
-#define OID_SECT233K1 334
-#define OID_SECT233R1 335
-#define OID_SECT128R1 336
-#define OID_SECT128R2 337
-#define OID_SECT160R2 338
-#define OID_SECT192K1 339
-#define OID_SECT224K1 340
-#define OID_SECT224R1 341
-#define OID_SECT384R1 342
-#define OID_SECT521R1 343
-#define OID_SECT409K1 344
-#define OID_SECT409R1 345
-#define OID_SECT571K1 346
-#define OID_SECT571R1 347
-#define OID_AES128_CBC 356
-#define OID_AES128_GCM 357
-#define OID_AES128_CCM 358
-#define OID_AES192_CBC 359
-#define OID_AES192_GCM 360
-#define OID_AES192_CCM 361
-#define OID_AES256_CBC 362
-#define OID_AES256_GCM 363
-#define OID_AES256_CCM 364
-#define OID_SHA256 366
-#define OID_SHA384 367
-#define OID_SHA512 368
-#define OID_SHA224 369
-#define OID_NS_REVOCATION_URL 377
-#define OID_NS_CA_REVOCATION_URL 378
-#define OID_NS_CA_POLICY_URL 379
-#define OID_NS_COMMENT 380
-#define OID_EMPLOYEE_NUMBER 383
-#define OID_PKI_MESSAGE_TYPE 389
-#define OID_PKI_STATUS 390
-#define OID_PKI_FAIL_INFO 391
-#define OID_PKI_SENDER_NONCE 392
-#define OID_PKI_RECIPIENT_NONCE 393
-#define OID_PKI_TRANS_ID 394
-#define OID_TPM_MANUFACTURER 400
-#define OID_TPM_MODEL 401
-#define OID_TPM_VERSION 402
-#define OID_TPM_ID_LABEL 403
+#define OID_SHA256_WITH_RSA 97
+#define OID_SHA384_WITH_RSA 98
+#define OID_SHA512_WITH_RSA 99
+#define OID_SHA224_WITH_RSA 100
+#define OID_PBE_MD5_DES_CBC 102
+#define OID_PBE_SHA1_DES_CBC 103
+#define OID_PBKDF2 104
+#define OID_PBES2 105
+#define OID_PKCS7_DATA 107
+#define OID_PKCS7_SIGNED_DATA 108
+#define OID_PKCS7_ENVELOPED_DATA 109
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 110
+#define OID_PKCS7_DIGESTED_DATA 111
+#define OID_PKCS7_ENCRYPTED_DATA 112
+#define OID_EMAIL_ADDRESS 114
+#define OID_UNSTRUCTURED_NAME 115
+#define OID_PKCS9_CONTENT_TYPE 116
+#define OID_PKCS9_MESSAGE_DIGEST 117
+#define OID_PKCS9_SIGNING_TIME 118
+#define OID_CHALLENGE_PASSWORD 120
+#define OID_UNSTRUCTURED_ADDRESS 121
+#define OID_EXTENSION_REQUEST 122
+#define OID_X509_CERTIFICATE 125
+#define OID_PBE_SHA1_RC4_128 129
+#define OID_PBE_SHA1_RC4_40 130
+#define OID_PBE_SHA1_3DES_CBC 131
+#define OID_PBE_SHA1_3DES_2KEY_CBC 132
+#define OID_PBE_SHA1_RC2_CBC_128 133
+#define OID_PBE_SHA1_RC2_CBC_40 134
+#define OID_P12_KEY_BAG 137
+#define OID_P12_PKCS8_KEY_BAG 138
+#define OID_P12_CERT_BAG 139
+#define OID_P12_CRL_BAG 140
+#define OID_MD2 144
+#define OID_MD5 145
+#define OID_3DES_EDE_CBC 147
+#define OID_EC_PUBLICKEY 151
+#define OID_C2PNB163V1 154
+#define OID_C2PNB163V2 155
+#define OID_C2PNB163V3 156
+#define OID_C2PNB176W1 157
+#define OID_C2PNB191V1 158
+#define OID_C2PNB191V2 159
+#define OID_C2PNB191V3 160
+#define OID_C2PNB191V4 161
+#define OID_C2PNB191V5 162
+#define OID_C2PNB208W1 163
+#define OID_C2PNB239V1 164
+#define OID_C2PNB239V2 165
+#define OID_C2PNB239V3 166
+#define OID_C2PNB239V4 167
+#define OID_C2PNB239V5 168
+#define OID_C2PNB272W1 169
+#define OID_C2PNB304W1 170
+#define OID_C2PNB359V1 171
+#define OID_C2PNB368W1 172
+#define OID_C2PNB431R1 173
+#define OID_PRIME192V1 175
+#define OID_PRIME192V2 176
+#define OID_PRIME192V3 177
+#define OID_PRIME239V1 178
+#define OID_PRIME239V2 179
+#define OID_PRIME239V3 180
+#define OID_PRIME256V1 181
+#define OID_ECDSA_WITH_SHA1 183
+#define OID_ECDSA_WITH_SHA224 185
+#define OID_ECDSA_WITH_SHA256 186
+#define OID_ECDSA_WITH_SHA384 187
+#define OID_ECDSA_WITH_SHA512 188
+#define OID_USER_PRINCIPAL_NAME 203
+#define OID_STRONGSWAN 206
+#define OID_TCGID 213
+#define OID_AUTHORITY_INFO_ACCESS 241
+#define OID_IP_ADDR_BLOCKS 243
+#define OID_POLICY_QUALIFIER_CPS 245
+#define OID_POLICY_QUALIFIER_UNOTICE 246
+#define OID_SERVER_AUTH 248
+#define OID_CLIENT_AUTH 249
+#define OID_OCSP_SIGNING 256
+#define OID_XMPP_ADDR 262
+#define OID_AUTHENTICATION_INFO 266
+#define OID_ACCESS_IDENTITY 267
+#define OID_CHARGING_IDENTITY 268
+#define OID_GROUP 269
+#define OID_OCSP 272
+#define OID_BASIC 273
+#define OID_NONCE 274
+#define OID_CRL 275
+#define OID_RESPONSE 276
+#define OID_NO_CHECK 277
+#define OID_ARCHIVE_CUTOFF 278
+#define OID_SERVICE_LOCATOR 279
+#define OID_CA_ISSUERS 280
+#define OID_IKE_INTERMEDIATE 285
+#define OID_DES_CBC 289
+#define OID_SHA1 290
+#define OID_SHA1_WITH_RSA_OIW 291
+#define OID_ECGDSA_PUBKEY 310
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 313
+#define OID_ECGDSA_SIG_WITH_SHA1 314
+#define OID_ECGDSA_SIG_WITH_SHA224 315
+#define OID_ECGDSA_SIG_WITH_SHA256 316
+#define OID_ECGDSA_SIG_WITH_SHA384 317
+#define OID_ECGDSA_SIG_WITH_SHA512 318
+#define OID_SECT163K1 341
+#define OID_SECT163R1 342
+#define OID_SECT239K1 343
+#define OID_SECT113R1 344
+#define OID_SECT113R2 345
+#define OID_SECT112R1 346
+#define OID_SECT112R2 347
+#define OID_SECT160R1 348
+#define OID_SECT160K1 349
+#define OID_SECT256K1 350
+#define OID_SECT163R2 351
+#define OID_SECT283K1 352
+#define OID_SECT283R1 353
+#define OID_SECT131R1 354
+#define OID_SECT131R2 355
+#define OID_SECT193R1 356
+#define OID_SECT193R2 357
+#define OID_SECT233K1 358
+#define OID_SECT233R1 359
+#define OID_SECT128R1 360
+#define OID_SECT128R2 361
+#define OID_SECT160R2 362
+#define OID_SECT192K1 363
+#define OID_SECT224K1 364
+#define OID_SECT224R1 365
+#define OID_SECT384R1 366
+#define OID_SECT521R1 367
+#define OID_SECT409K1 368
+#define OID_SECT409R1 369
+#define OID_SECT571K1 370
+#define OID_SECT571R1 371
+#define OID_AES128_CBC 380
+#define OID_AES128_GCM 381
+#define OID_AES128_CCM 382
+#define OID_AES192_CBC 383
+#define OID_AES192_GCM 384
+#define OID_AES192_CCM 385
+#define OID_AES256_CBC 386
+#define OID_AES256_GCM 387
+#define OID_AES256_CCM 388
+#define OID_SHA256 390
+#define OID_SHA384 391
+#define OID_SHA512 392
+#define OID_SHA224 393
+#define OID_NS_REVOCATION_URL 401
+#define OID_NS_CA_REVOCATION_URL 402
+#define OID_NS_CA_POLICY_URL 403
+#define OID_NS_COMMENT 404
+#define OID_EMPLOYEE_NUMBER 407
+#define OID_PKI_MESSAGE_TYPE 413
+#define OID_PKI_STATUS 414
+#define OID_PKI_FAIL_INFO 415
+#define OID_PKI_SENDER_NONCE 416
+#define OID_PKI_RECIPIENT_NONCE 417
+#define OID_PKI_TRANS_ID 418
+#define OID_TPM_MANUFACTURER 424
+#define OID_TPM_MODEL 425
+#define OID_TPM_VERSION 426
+#define OID_TPM_ID_LABEL 427
-#define OID_MAX 404
+#define OID_MAX 428
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 740dc5073..c15a1cc2a 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -93,6 +93,7 @@
0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA
0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA
0x07 "id-RSAES-OAEP" OID_RSAES_OAEP
+ 0x08 "id-mgf1"
0x09 "id-pSpecified"
0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA
0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA
@@ -211,6 +212,29 @@
0x02 ""
0x02 ""
0x4B "TCGID" OID_TCGID
+ 0xc1 ""
+ 0x16 "ntruCryptosystems"
+ 0x01 "eess"
+ 0x01 "eess1"
+ 0x01 "eess1-algs"
+ 0x01 "ntru-EESS1v1-SVES"
+ 0x02 "ntru-EESS1v1-SVSSA"
+ 0x03 "ntru-EESS1v1-NTRUSign"
+ 0x02 "eess1-params"
+ 0x01 "ees251ep1"
+ 0x02 "ees347ep1"
+ 0x03 "ees503ep1"
+ 0x07 "ees251sp2"
+ 0x0C "ees251ep4"
+ 0x0D "ees251ep5"
+ 0x0E "ees251sp3"
+ 0x0F "ees251sp4"
+ 0x10 "ees251sp5"
+ 0x11 "ees251sp6"
+ 0x12 "ees251sp7"
+ 0x13 "ees251sp8"
+ 0x14 "ees251sp9"
+ 0x03 "eess1-encodingMethods"
0x05 "security"
0x05 "mechanisms"
0x07 "id-pkix"
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index 387e2a57d..314e8e916 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -13,8 +16,15 @@
* for more details.
*/
+#define _GNU_SOURCE /* for qsort_r() */
+#include <stdlib.h>
+
#include "array.h"
+#ifndef HAVE_QSORT_R
+#include <threading/thread_value.h>
+#endif
+
/**
* Data is an allocated block, with potentially unused head and tail:
*
@@ -43,6 +53,11 @@ struct array_t {
void *data;
};
+#ifndef HAVE_QSORT_R
+ /* store data to replicate qsort_r in thread local storage */
+ static thread_value_t *sort_data;
+#endif
+
/** maximum number of unused head/tail elements before cleanup */
#define ARRAY_MAX_UNUSED 32
@@ -314,7 +329,7 @@ void array_insert(array_t *array, int idx, void *data)
}
}
-bool array_remove(array_t *array, int idx, void *data)
+bool array_get(array_t *array, int idx, void *data)
{
if (!array)
{
@@ -337,12 +352,25 @@ bool array_remove(array_t *array, int idx, void *data)
memcpy(data, array->data + get_size(array, array->head + idx),
get_size(array, 1));
}
+ return TRUE;
+}
+
+bool array_remove(array_t *array, int idx, void *data)
+{
+ if (!array_get(array, idx, data))
+ {
+ return FALSE;
+ }
if (idx > array_count(array) / 2)
{
remove_tail(array, idx);
}
else
{
+ if (idx < 0)
+ {
+ idx = array_count(array) - 1;
+ }
remove_head(array, idx);
}
if (array->head + array->tail > ARRAY_MAX_UNUSED)
@@ -352,6 +380,113 @@ bool array_remove(array_t *array, int idx, void *data)
return TRUE;
}
+typedef struct {
+ /** the array */
+ array_t *array;
+ /** comparison function */
+ int (*cmp)(const void*,const void*,void*);
+ /** optional user arg */
+ void *arg;
+} sort_data_t;
+
+#ifdef HAVE_QSORT_R_GNU
+static int compare_elements(const void *a, const void *b, void *arg)
+#elif defined(HAVE_QSORT_R_BSD)
+static int compare_elements(void *arg, const void *a, const void *b)
+#else /* !HAVE_QSORT_R */
+static int compare_elements(const void *a, const void *b)
+#endif
+{
+#ifdef HAVE_QSORT_R
+ sort_data_t *data = (sort_data_t*)arg;
+#else
+ sort_data_t *data = sort_data->get(sort_data);
+#endif
+
+ if (data->array->esize)
+ {
+ return data->cmp(a, b, data->arg);
+ }
+ return data->cmp(*(void**)a, *(void**)b, data->arg);
+}
+
+void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*),
+ void *user)
+{
+ if (array)
+ {
+ sort_data_t data = {
+ .array = array,
+ .cmp = cmp,
+ .arg = user,
+ };
+ void *start;
+
+ start = array->data + get_size(array, array->head);
+
+#ifdef HAVE_QSORT_R_GNU
+ qsort_r(start, array->count, get_size(array, 1), compare_elements,
+ &data);
+#elif defined(HAVE_QSORT_R_BSD)
+ qsort_r(start, array->count, get_size(array, 1), &data,
+ compare_elements);
+#else /* !HAVE_QSORT_R */
+ sort_data->set(sort_data, &data);
+ qsort(start, array->count, get_size(array, 1), compare_elements);
+#endif
+ }
+}
+
+typedef struct {
+ /** the array */
+ array_t *array;
+ /** the key */
+ const void *key;
+ /** comparison function */
+ int (*cmp)(const void*,const void*);
+} bsearch_data_t;
+
+static int search_elements(const void *a, const void *b)
+{
+ bsearch_data_t *data = (bsearch_data_t*)a;
+
+ if (data->array->esize)
+ {
+ return data->cmp(data->key, b);
+ }
+ return data->cmp(data->key, *(void**)b);
+}
+
+int array_bsearch(array_t *array, const void *key,
+ int (*cmp)(const void*,const void*), void *out)
+{
+ int idx = -1;
+
+ if (array)
+ {
+ bsearch_data_t data = {
+ .array = array,
+ .key = key,
+ .cmp = cmp,
+ };
+ void *start, *item;
+
+ start = array->data + get_size(array, array->head);
+
+ item = bsearch(&data, start, array->count, get_size(array, 1),
+ search_elements);
+ if (item)
+ {
+ if (out)
+ {
+ memcpy(out, item, get_size(array, 1));
+ }
+ idx = (item - start) / get_size(array, 1);
+ }
+ }
+ return idx;
+}
+
void array_invoke(array_t *array, array_callback_t cb, void *user)
{
if (array)
@@ -414,3 +549,17 @@ void array_destroy_offset(array_t *array, size_t offset)
array_invoke_offset(array, offset);
array_destroy(array);
}
+
+void arrays_init()
+{
+#ifndef HAVE_QSORT_R
+ sort_data = thread_value_create(NULL);
+#endif
+}
+
+void arrays_deinit()
+{
+#ifndef HAVE_QSORT_R
+ sort_data->destroy(sort_data);
+#endif
+}
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index 0dc7b2250..ce702ebfa 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -87,7 +90,7 @@ void array_compress(array_t *array);
* The enumerater enumerates directly over the array element (pass a pointer to
* element types), unless the array is pointer based. If zero is passed as
* element size during construction, the enumerator enumerates over the
- * deferenced pointer values.
+ * dereferenced pointer values.
*
* @param array array to create enumerator for, or NULL
* @return enumerator, over elements or pointers
@@ -140,6 +143,18 @@ void array_insert_create(array_t **array, int idx, void *ptr);
void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator);
/**
+ * Get an element from the array.
+ *
+ * If data is given, the element is copied to that position.
+ *
+ * @param array array to get element from, or NULL
+ * @param idx index of the item to get
+ * @param data data to copy element to, or NULL
+ * @return TRUE if idx valid and item returned
+ */
+bool array_get(array_t *array, int idx, void *data);
+
+/**
* Remove an element from the array.
*
* If data is given, the element is copied to that position.
@@ -152,6 +167,50 @@ void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator);
bool array_remove(array_t *array, int idx, void *data);
/**
+ * Sort the array.
+ *
+ * The comparison function must return an integer less than, equal to, or
+ * greater than zero if the first argument is considered to be respectively less
+ * than, equal to, or greater than the second. If two elements compare as
+ * equal, their order in the sorted array is undefined.
+ *
+ * The comparison function receives pointers to the array elements (esize != 0)
+ * or the actual pointers (esize = 0). The third argument is the user data
+ * supplied to this function.
+ *
+ * @param array array to sort, or NULL
+ * @param cmp comparison function
+ * @param user user data to pass to comparison function
+ */
+void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*),
+ void *user);
+
+/**
+ * Binary search of a sorted array.
+ *
+ * The array should be sorted in ascending order according to the given
+ * comparison function.
+ *
+ * The comparison function must return an integer less than, equal to, or
+ * greater than zero if the first argument (the key) is considered to be
+ * respectively less than, equal to, or greater than the second.
+ *
+ * If there are multiple elements that match the key it is not specified which
+ * element is returned.
+ *
+ * The comparison function receives the key object and a pointer to an array
+ * element (esize != 0) or an actual pointer (esize = 0).
+ *
+ * @param array array to search, or NULL
+ * @param key key to search for
+ * @param cmp comparison function
+ * @param data data to copy element to, or NULL
+ * @return index of the element if found, -1 if not
+ */
+int array_bsearch(array_t *array, const void *key,
+ int (*cmp)(const void*,const void*), void *data);
+
+/**
* Invoke a callback for all array members.
*
* @param array array to traverse, or NULL
@@ -192,4 +251,16 @@ void array_destroy_function(array_t *array, array_callback_t cb, void *user);
*/
void array_destroy_offset(array_t *array, size_t offset);
+
+/**
+ * Required on some platforms to initialize thread local value to implement
+ * array_sort().
+ */
+void arrays_init();
+
+/**
+ * Destroys the thread local value if required.
+ */
+void arrays_deinit();
+
#endif /** ARRAY_H_ @}*/
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index de19c8d96..3ec0714b6 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1349,7 +1349,7 @@ credential_manager_t *credential_manager_create()
this->local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
this->exclusive_local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
- if (lib->settings->get_bool(lib->settings, "libstrongswan.cert_cache", TRUE))
+ if (lib->settings->get_bool(lib->settings, "%s.cert_cache", TRUE, lib->ns))
{
this->cache = cert_cache_create();
this->sets->insert_first(this->sets, this->cache);
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index edcabfe58..dba3f6f6d 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -967,11 +967,11 @@ crypto_factory_t *crypto_factory_create()
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.tester = crypto_tester_create(),
.test_on_add = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_add", FALSE),
+ "%s.crypto_test.on_add", FALSE, lib->ns),
.test_on_create = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_create", FALSE),
+ "%s.crypto_test.on_create", FALSE, lib->ns),
.bench = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.bench", FALSE),
+ "%s.crypto_test.bench", FALSE, lib->ns),
);
return &this->public;
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 5a0dccced..30724b16d 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1207,13 +1207,13 @@ crypto_tester_t *crypto_tester_create()
.rng = linked_list_create(),
.required = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.required", FALSE),
+ "%s.crypto_test.required", FALSE, lib->ns),
.rng_true = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.rng_true", FALSE),
+ "%s.crypto_test.rng_true", FALSE, lib->ns),
.bench_time = lib->settings->get_int(lib->settings,
- "libstrongswan.crypto_test.bench_time", 50),
+ "%s.crypto_test.bench_time", 50, lib->ns),
.bench_size = lib->settings->get_int(lib->settings,
- "libstrongswan.crypto_test.bench_size", 1024),
+ "%s.crypto_test.bench_size", 1024, lib->ns),
);
/* enforce a block size of 16, should be fine for all algorithms */
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 3d319d2d4..5c1d08de2 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -45,7 +45,12 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
"MODP_NULL",
"MODP_CUSTOM");
-ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
+ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM,
+ "NTRU_112",
+ "NTRU_128",
+ "NTRU_192",
+ "NTRU_256");
+ENUM_END(diffie_hellman_group_names, NTRU_256_BIT);
/**
@@ -439,7 +444,7 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
{
if (!dh_params[i].public.subgroup.len &&
lib->settings->get_int(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
{
dh_params[i].public.exp_len = dh_params[i].public.prime.len;
}
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index edf6bbd6d..00d700314 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -64,6 +64,11 @@ enum diffie_hellman_group_t {
MODP_NULL = 1024,
/** MODP group with custom generator/prime */
MODP_CUSTOM = 1025,
+ /** Parameters defined by IEEE 1363.1, in PRIVATE USE */
+ NTRU_112_BIT = 1030,
+ NTRU_128_BIT = 1031,
+ NTRU_192_BIT = 1032,
+ NTRU_256_BIT = 1033
};
/**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 4db504eb0..bbb97d088 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -56,6 +56,11 @@ struct private_proposal_keywords_t {
linked_list_t * tokens;
/**
+ * registered algname parsers, as proposal_algname_parser_t
+ */
+ linked_list_t *parsers;
+
+ /**
* rwlock to lock access to modules
*/
rwlock_t *lock;
@@ -85,11 +90,46 @@ static const proposal_token_t* find_token(private_proposal_keywords_t *this,
return found;
}
+/**
+ * Parse the given algorithm into a token with user defined parser functions.
+ */
+static const proposal_token_t* parse_token(private_proposal_keywords_t *this,
+ const char *str)
+{
+ proposal_algname_parser_t parser;
+ enumerator_t *enumerator;
+ proposal_token_t *found = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->parsers->create_enumerator(this->parsers);
+ while (enumerator->enumerate(enumerator, &parser))
+ {
+ found = parser(str);
+ if (found)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return found;
+}
+
METHOD(proposal_keywords_t, get_token, const proposal_token_t*,
private_proposal_keywords_t *this, const char *str)
{
- const proposal_token_t *token = proposal_get_token_static(str, strlen(str));
- return token ?: find_token(this, str);
+ const proposal_token_t *token;
+
+ token = proposal_get_token_static(str, strlen(str));
+ if (!token)
+ {
+ token = find_token(this, str);
+ }
+ if (!token)
+ {
+ token = parse_token(this, str);
+ }
+ return token;
}
METHOD(proposal_keywords_t, register_token, void,
@@ -110,6 +150,14 @@ METHOD(proposal_keywords_t, register_token, void,
this->lock->unlock(this->lock);
}
+METHOD(proposal_keywords_t, register_algname_parser, void,
+ private_proposal_keywords_t *this, proposal_algname_parser_t parser)
+{
+ this->lock->write_lock(this->lock);
+ this->tokens->insert_first(this->parsers, parser);
+ this->lock->unlock(this->lock);
+}
+
METHOD(proposal_keywords_t, destroy, void,
private_proposal_keywords_t *this)
{
@@ -121,6 +169,7 @@ METHOD(proposal_keywords_t, destroy, void,
free(token);
}
this->tokens->destroy(this->tokens);
+ this->parsers->destroy(this->parsers);
this->lock->destroy(this->lock);
free(this);
}
@@ -136,9 +185,11 @@ proposal_keywords_t *proposal_keywords_create()
.public = {
.get_token = _get_token,
.register_token = _register_token,
+ .register_algname_parser = _register_algname_parser,
.destroy = _destroy,
},
.tokens = linked_list_create(),
+ .parsers = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index d6107abc0..5cdbafc51 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -46,6 +46,8 @@
typedef struct proposal_token_t proposal_token_t;
typedef struct proposal_keywords_t proposal_keywords_t;
+typedef proposal_token_t*(*proposal_algname_parser_t)(const char *algname);
+
#include <library.h>
#include <crypto/transform.h>
@@ -102,6 +104,17 @@ struct proposal_keywords_t {
u_int16_t keysize);
/**
+ * Register an algorithm name parser.
+ *
+ * It is meant to parse an algorithm name into a proposal token in a
+ * generic, user defined way.
+ *
+ * @param parser a pointer to the parser function
+ */
+ void (*register_algname_parser)(proposal_keywords_t *this,
+ proposal_algname_parser_t parser);
+
+ /**
* Destroy a proposal_keywords_t instance.
*/
void (*destroy)(proposal_keywords_t *this);
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index a238f640e..1da1421f4 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -1,6 +1,6 @@
/* C code produced by gperf version 3.0.4 */
/* Command-line: /usr/bin/gperf -N proposal_get_token_static -m 10 -C -G -c -t -D */
-/* Computed positions: -k'1,5,7,10,15,$' */
+/* Computed positions: -k'1,5-7,10,15,$' */
#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
&& ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
@@ -31,8 +31,8 @@ error "gperf generated tables don't work with this execution character set. Plea
/*
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * Copyright (C) 2009-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 134
+#define TOTAL_KEYWORDS 138
#define MIN_WORD_LENGTH 3
#define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 4
-#define MAX_HASH_VALUE 215
-/* maximum key range = 212, duplicates = 0 */
+#define MIN_HASH_VALUE 20
+#define MAX_HASH_VALUE 295
+/* maximum key range = 276, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -78,34 +78,34 @@ hash (str, len)
register const char *str;
register unsigned int len;
{
- static const unsigned char asso_values[] =
+ static const unsigned short asso_values[] =
{
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 0, 4,
- 1, 21, 15, 13, 9, 16, 2, 0, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 76, 216, 2, 28, 16,
- 0, 39, 112, 42, 31, 0, 216, 216, 0, 9,
- 100, 0, 7, 20, 95, 12, 44, 55, 216, 216,
- 1, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
- 216, 216, 216, 216, 216, 216, 216
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 47, 6,
+ 15, 8, 64, 24, 12, 14, 7, 5, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 120, 296, 9, 5, 22,
+ 48, 114, 28, 76, 6, 5, 296, 296, 5, 20,
+ 7, 14, 82, 7, 81, 98, 10, 86, 296, 296,
+ 5, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296, 296, 296, 296,
+ 296, 296, 296, 296, 296, 296, 296
};
register int hval = len;
@@ -127,6 +127,8 @@ hash (str, len)
hval += asso_values[(unsigned char)str[6]];
/*FALLTHROUGH*/
case 6:
+ hval += asso_values[(unsigned char)str[5]];
+ /*FALLTHROUGH*/
case 5:
hval += asso_values[(unsigned char)str[4]];
/*FALLTHROUGH*/
@@ -142,166 +144,178 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
- {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
- {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
- {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
- {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
- {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
- {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
- {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
- {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
- {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
- {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
- {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
{"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0},
+ {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
{"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0},
+ {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
{"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
- {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0},
+ {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0},
+ {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
{"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0},
{"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
{"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
{"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
{"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
- {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
{"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
- {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
- {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
- {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
{"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
{"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
- {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
- {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
- {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
- {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
{"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
{"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
- {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
- {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0},
- {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0},
- {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
- {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0},
+ {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
{"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0},
- {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
- {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}
+ {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0},
+ {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0},
+ {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}
};
static const short lookup[] =
{
- -1, -1, -1, -1, 0, -1, -1, -1, -1, -1,
- 1, -1, 2, -1, 3, 4, -1, -1, -1, 5,
- 6, 7, 8, 9, 10, 11, 12, -1, -1, 13,
- 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
- 24, 25, 26, 27, 28, -1, -1, -1, -1, 29,
- -1, -1, 30, 31, 32, 33, 34, -1, 35, 36,
- 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
- 47, 48, 49, 50, 51, 52, 53, 54, -1, 55,
- 56, 57, -1, 58, 59, 60, 61, 62, 63, 64,
- 65, 66, 67, -1, 68, 69, 70, 71, 72, 73,
- 74, 75, 76, 77, -1, 78, 79, 80, 81, 82,
- 83, 84, 85, 86, 87, 88, 89, 90, 91, 92,
- -1, 93, 94, 95, 96, 97, 98, 99, 100, -1,
- -1, -1, 101, 102, 103, 104, -1, 105, 106, 107,
- 108, 109, 110, -1, 111, 112, 113, 114, 115, 116,
- 117, 118, 119, 120, 121, 122, 123, 124, -1, 125,
- -1, 126, -1, -1, -1, -1, -1, -1, 127, -1,
- -1, -1, -1, 128, -1, -1, -1, -1, 129, 130,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 131, -1, -1, 132, -1,
- -1, -1, -1, -1, -1, 133
+ 0, -1, 1, 2, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 3, 4, -1, -1, -1, 5, -1,
+ 6, 7, -1, -1, -1, -1, 8, -1, 9, 10,
+ -1, -1, 11, -1, 12, -1, 13, -1, 14, 15,
+ -1, 16, 17, 18, 19, 20, -1, -1, -1, 21,
+ 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+ 32, 33, 34, 35, 36, 37, -1, 38, 39, -1,
+ 40, 41, 42, -1, 43, 44, 45, 46, 47, 48,
+ -1, 49, 50, 51, -1, 52, 53, 54, 55, 56,
+ 57, 58, 59, -1, -1, 60, 61, 62, 63, 64,
+ 65, 66, -1, -1, 67, 68, 69, 70, 71, 72,
+ 73, 74, 75, 76, 77, 78, 79, 80, -1, 81,
+ 82, 83, 84, 85, 86, 87, 88, 89, 90, 91,
+ 92, 93, -1, 94, -1, 95, -1, 96, 97, 98,
+ 99, 100, -1, 101, -1, 102, 103, 104, -1, 105,
+ 106, 107, 108, 109, -1, 110, -1, 111, -1, 112,
+ -1, 113, 114, 115, 116, -1, 117, 118, 119, 120,
+ 121, -1, -1, -1, 122, -1, -1, 123, -1, -1,
+ 124, -1, 125, 126, 127, -1, -1, -1, 128, -1,
+ -1, -1, -1, -1, 129, 130, -1, 131, -1, 132,
+ -1, -1, -1, -1, 133, -1, -1, -1, -1, 134,
+ -1, -1, -1, -1, -1, 135, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 136, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 137
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index c484320ca..70e79157a 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -1,7 +1,7 @@
%{
/*
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * Copyright (C) 2009-2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -161,5 +161,9 @@ ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0
ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0
ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0
ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0
+ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0
+ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0
+ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0
+ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0
noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0
esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index 21cd1aff4..2fad486e0 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -43,7 +43,7 @@ struct private_fetcher_manager_t {
};
typedef struct {
- /** assocaited fetcher construction function */
+ /** associated fetcher construction function */
fetcher_constructor_t create;
/** URL this fetcher support */
char *url;
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index f2fa3e0aa..8472c30a5 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -22,6 +22,7 @@
#include <threading/thread.h>
#include <utils/identification.h>
#include <networking/host.h>
+#include <collections/array.h>
#include <collections/hashtable.h>
#include <utils/backtrace.h>
#include <selectors/traffic_selector.h>
@@ -61,6 +62,39 @@ struct private_library_t {
*/
library_t *lib = NULL;
+#ifdef LEAK_DETECTIVE
+/**
+ * Default leak report callback
+ */
+static void report_leaks(void *user, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
+ bytes, count, bytes / count);
+ bt->log(bt, stderr, detailed);
+}
+
+/**
+ * Default leak report summary callback
+ */
+static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
+{
+ switch (count)
+ {
+ case 0:
+ fprintf(stderr, "No leaks detected");
+ break;
+ case 1:
+ fprintf(stderr, "One leak detected");
+ break;
+ default:
+ fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
+ break;
+ }
+ fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
+}
+#endif /* LEAK_DETECTIVE */
+
/**
* Deinitialize library
*/
@@ -75,7 +109,7 @@ void library_deinit()
}
detailed = lib->settings->get_bool(lib->settings,
- "libstrongswan.leak_detective.detailed", TRUE);
+ "%s.leak_detective.detailed", TRUE, lib->ns);
/* make sure the cache is clear before unloading plugins */
lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
@@ -109,9 +143,11 @@ void library_deinit()
lib->leak_detective->destroy(lib->leak_detective);
}
+ arrays_deinit();
threads_deinit();
backtrace_deinit();
+ free((void*)this->public.ns);
free(this);
lib = NULL;
}
@@ -201,7 +237,7 @@ static bool check_memwipe()
/*
* see header file
*/
-bool library_init(char *settings)
+bool library_init(char *settings, const char *namespace)
{
private_library_t *this;
printf_hook_t *pfh;
@@ -217,6 +253,7 @@ bool library_init(char *settings)
.public = {
.get = _get,
.set = _set,
+ .ns = strdup(namespace ?: "libstrongswan"),
},
.ref = 1,
);
@@ -224,9 +261,12 @@ bool library_init(char *settings)
backtrace_init();
threads_init();
+ arrays_init();
#ifdef LEAK_DETECTIVE
lib->leak_detective = leak_detective_create();
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ report_leaks, sum_leaks, NULL);
#endif /* LEAK_DETECTIVE */
pfh = printf_hook_create();
@@ -256,6 +296,9 @@ bool library_init(char *settings)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
this->public.settings = settings_create(settings);
+ /* all namespace settings may fall back to libstrongswan */
+ lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
+
this->public.hosts = host_resolver_create();
this->public.proposal = proposal_keywords_create();
this->public.caps = capabilities_create();
@@ -278,7 +321,7 @@ bool library_init(char *settings)
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.integrity_test", FALSE))
+ "%s.integrity_test", FALSE, lib->ns))
{
#ifdef INTEGRITY_TEST
this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index e53cf09e2..4125328b7 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -140,6 +141,12 @@ struct library_t {
bool (*set)(library_t *this, char *name, void *object);
/**
+ * Namespace used for settings etc. (i.e. the name of the binary that uses
+ * the library)
+ */
+ const char *ns;
+
+ /**
* Printf hook registering facility
*/
printf_hook_t *printf_hook;
@@ -239,12 +246,17 @@ struct library_t {
* Initialize library, creates "lib" instance.
*
* library_init() may be called multiple times in a single process, but each
- * caller should call library_deinit() for each call to library_init().
+ * caller must call library_deinit() for each call to library_init().
+ *
+ * The settings and namespace arguments are only used on the first call.
*
* @param settings file to read settings from, may be NULL for default
+ * @param namespace name of the binary that uses the library, determines
+ * the first section name when reading config options.
+ * Defaults to libstrongswan if NULL.
* @return FALSE if integrity check failed
*/
-bool library_init(char *settings);
+bool library_init(char *settings, const char *namespace);
/**
* Deinitialize library, destroys "lib" instance.
diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c
index 99a17d17c..10af11a7f 100644
--- a/src/libstrongswan/networking/host_resolver.c
+++ b/src/libstrongswan/networking/host_resolver.c
@@ -355,11 +355,11 @@ host_resolver_t *host_resolver_create()
);
this->min_threads = max(0, lib->settings->get_int(lib->settings,
- "libstrongswan.host_resolver.min_threads",
- MIN_THREADS_DEFAULT));
+ "%s.host_resolver.min_threads",
+ MIN_THREADS_DEFAULT, lib->ns));
this->max_threads = max(this->min_threads ?: 1,
lib->settings->get_int(lib->settings,
- "libstrongswan.host_resolver.max_threads",
- MAX_THREADS_DEFAULT));
+ "%s.host_resolver.max_threads",
+ MAX_THREADS_DEFAULT, lib->ns));
return &this->public;
}
diff --git a/src/libstrongswan/networking/streams/stream.c b/src/libstrongswan/networking/streams/stream.c
index 8ecb89fc9..f6fec0b4a 100644
--- a/src/libstrongswan/networking/streams/stream.c
+++ b/src/libstrongswan/networking/streams/stream.c
@@ -159,17 +159,6 @@ METHOD(stream_t, write_all, bool,
}
/**
- * Remove a registered watcher
- */
-static void remove_watcher(private_stream_t *this)
-{
- if (this->read_cb || this->write_cb)
- {
- lib->watcher->remove(lib->watcher, this->fd);
- }
-}
-
-/**
* Watcher callback
*/
static bool watch(private_stream_t *this, int fd, watcher_event_t event)
@@ -228,7 +217,7 @@ static void add_watcher(private_stream_t *this)
METHOD(stream_t, on_read, void,
private_stream_t *this, stream_cb_t cb, void *data)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
this->read_cb = cb;
this->read_data = data;
@@ -239,7 +228,7 @@ METHOD(stream_t, on_read, void,
METHOD(stream_t, on_write, void,
private_stream_t *this, stream_cb_t cb, void *data)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
this->write_cb = cb;
this->write_data = data;
@@ -270,7 +259,7 @@ METHOD(stream_t, get_file, FILE*,
METHOD(stream_t, destroy, void,
private_stream_t *this)
{
- remove_watcher(this);
+ lib->watcher->remove(lib->watcher, this->fd);
close(this->fd);
free(this);
}
diff --git a/src/libstrongswan/networking/streams/stream.h b/src/libstrongswan/networking/streams/stream.h
index 810514da9..3516d9186 100644
--- a/src/libstrongswan/networking/streams/stream.h
+++ b/src/libstrongswan/networking/streams/stream.h
@@ -39,9 +39,8 @@ typedef stream_t*(*stream_constructor_t)(char *uri);
/**
* Callback function prototype, called when stream is ready.
*
- * It is allowed to destroy the stream during the callback, but only if it has
- * no other active on_read()/on_write() callback and returns FALSE. It is not
- * allowed to to call on_read()/on_write/() during the callback.
+ * It is not allowed to destroy the stream nor to call on_read()/on_write/()
+ * during the callback.
*
* As select() may return even if a read()/write() would actually block, it is
* recommended to use the non-blocking calls and handle return values
diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c
index 65268d242..ecefdc233 100644
--- a/src/libstrongswan/networking/tun_device.c
+++ b/src/libstrongswan/networking/tun_device.c
@@ -27,9 +27,11 @@
#include <unistd.h>
#include <net/if.h>
+#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H)
+
#include "tun_device.h"
-#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H)
+#include <utils/debug.h>
#warning TUN devices are not supported!
@@ -46,12 +48,14 @@ tun_device_t *tun_device_create(const char *name_tmpl)
#include <netinet/in_var.h>
#include <sys/kern_control.h>
#elif defined(__linux__)
+#include <linux/types.h>
#include <linux/if_tun.h>
#else
#include <net/if_tun.h>
#endif
-#include <library.h>
+#include "tun_device.h"
+
#include <utils/debug.h>
#include <threading/thread.h>
diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h
index 1d330f133..543125beb 100644
--- a/src/libstrongswan/networking/tun_device.h
+++ b/src/libstrongswan/networking/tun_device.h
@@ -23,7 +23,6 @@
#ifndef TUN_DEVICE_H_
#define TUN_DEVICE_H_
-#include <library.h>
#include <networking/host.h>
typedef struct tun_device_t tun_device_t;
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 5ae5537ad..9e91e8671 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index cdecc5b06..4ea1e8f36 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index b840d0e03..150e8d4d4 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 322ded48c..dc6adc457 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -63,6 +63,13 @@ plugin_t *agent_plugin_create()
{
private_agent_plugin_t *this;
+ /* required to connect to ssh-agent socket */
+ if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE))
+ {
+ DBG1(DBG_DMN, "agent plugin requires CAP_DAC_OVERRIDE capability");
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
@@ -75,4 +82,3 @@ plugin_t *agent_plugin_create()
return &this->public.plugin;
}
-
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 8a3fb150a..c2e82a9f1 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -442,4 +442,3 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
}
return &this->public;
}
-
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 8b2f7431f..f13a96421 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 486af34ed..ed3f05681 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index b8fe6de06..620d8359f 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 1f791208e..060287d1c 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 3d4f71176..ff34435a2 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index f6625dd48..a756a0a7e 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index a8cca98da..644f27709 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -80,7 +80,7 @@ static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data)
METHOD(fetcher_t, fetch, status_t,
private_curl_fetcher_t *this, char *uri, void *userdata)
{
- char error[CURL_ERROR_SIZE];
+ char error[CURL_ERROR_SIZE], *enc_uri;
status_t status;
cb_data_t data = {
.cb = this->cb,
@@ -92,9 +92,14 @@ METHOD(fetcher_t, fetch, status_t,
*(chunk_t*)userdata = chunk_empty;
}
- if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK)
+ /* the URI has to be URL-encoded, we only replace spaces as replacing other
+ * characters (e.g. '/' or ':') would render the URI invalid */
+ enc_uri = strreplace(uri, " ", "%20");
+
+ if (curl_easy_setopt(this->curl, CURLOPT_URL, enc_uri) != CURLE_OK)
{ /* URL type not supported by curl */
- return NOT_SUPPORTED;
+ status = NOT_SUPPORTED;
+ goto out;
}
curl_easy_setopt(this->curl, CURLOPT_ERRORBUFFER, error);
curl_easy_setopt(this->curl, CURLOPT_FAILONERROR, TRUE);
@@ -125,6 +130,12 @@ METHOD(fetcher_t, fetch, status_t,
status = FAILED;
break;
}
+
+out:
+ if (enc_uri != uri)
+ {
+ free(enc_uri);
+ }
return status;
}
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 81e91bca0..ca79430c9 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index a012700c0..b94b644c0 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 06d9129c7..3bb540d90 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index e499ae1a0..7bce3c983 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 766340548..4ce3cf919 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 160db042b..44f3f84b1 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -194,8 +194,8 @@ plugin_t *gcrypt_plugin_create()
/* we currently do not use secure memory */
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.gcrypt.quick_random", FALSE))
+ if (lib->settings->get_bool(lib->settings, "%s.plugins.gcrypt.quick_random",
+ FALSE, lib->ns))
{
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
}
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index f12827fd5..73e0645b0 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index f1956a9d2..f5e38fa90 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 5f7291ca4..42093e413 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 35af7034a..7f14fbf8e 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 812d98628..bdd446cd3 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 082aebc51..32aac7bfa 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 2daf01c1d..a35f8051b 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 408848366..25437bdb8 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am
new file mode 100644
index 000000000..b33cbc8c9
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/Makefile.am
@@ -0,0 +1,33 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ -rdynamic @COVERAGE_CFLAGS@
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ntru.la
+else
+plugin_LTLIBRARIES = libstrongswan-ntru.la
+endif
+
+libstrongswan_ntru_la_SOURCES = \
+ ntru_plugin.h ntru_plugin.c \
+ ntru_drbg.h ntru_drbg.c \
+ ntru_ke.h ntru_ke.c \
+ ntru_mgf1.h ntru_mgf1.c \
+ ntru_poly.h ntru_poly.c \
+ ntru_trits.h ntru_trits.c \
+ ntru_crypto/ntru_crypto.h \
+ ntru_crypto/ntru_crypto_ntru_convert.h \
+ ntru_crypto/ntru_crypto_ntru_convert.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \
+ ntru_crypto/ntru_crypto_ntru_poly.h \
+ ntru_crypto/ntru_crypto_ntru_poly.c
+
+libstrongswan_ntru_la_LDFLAGS = -module -avoid-version
+
+
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
new file mode 100644
index 000000000..af192d203
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -0,0 +1,812 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ntru
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ntru_la_LIBADD =
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libstrongswan_ntru_la_OBJECTS = ntru_plugin.lo ntru_drbg.lo \
+ ntru_ke.lo ntru_mgf1.lo ntru_poly.lo ntru_trits.lo \
+ ntru_crypto/ntru_crypto_ntru_convert.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.lo \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo \
+ ntru_crypto/ntru_crypto_ntru_poly.lo
+libstrongswan_ntru_la_OBJECTS = $(am_libstrongswan_ntru_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_ntru_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ntru_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ntru_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ntru_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_ntru_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ntru_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ -rdynamic @COVERAGE_CFLAGS@
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ntru.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ntru.la
+libstrongswan_ntru_la_SOURCES = \
+ ntru_plugin.h ntru_plugin.c \
+ ntru_drbg.h ntru_drbg.c \
+ ntru_ke.h ntru_ke.c \
+ ntru_mgf1.h ntru_mgf1.c \
+ ntru_poly.h ntru_poly.c \
+ ntru_trits.h ntru_trits.c \
+ ntru_crypto/ntru_crypto.h \
+ ntru_crypto/ntru_crypto_ntru_convert.h \
+ ntru_crypto/ntru_crypto_ntru_convert.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_key.c \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \
+ ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \
+ ntru_crypto/ntru_crypto_ntru_poly.h \
+ ntru_crypto/ntru_crypto_ntru_poly.c
+
+libstrongswan_ntru_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+ntru_crypto/$(am__dirstamp):
+ @$(MKDIR_P) ntru_crypto
+ @: > ntru_crypto/$(am__dirstamp)
+ntru_crypto/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) ntru_crypto/$(DEPDIR)
+ @: > ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_convert.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt_key.lo: \
+ ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo: \
+ ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ntru_crypto/ntru_crypto_ntru_poly.lo: ntru_crypto/$(am__dirstamp) \
+ ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+
+libstrongswan-ntru.la: $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_DEPENDENCIES) $(EXTRA_libstrongswan_ntru_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_ntru_la_LINK) $(am_libstrongswan_ntru_la_rpath) $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f ntru_crypto/*.$(OBJEXT)
+ -rm -f ntru_crypto/*.lo
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_drbg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_ke.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_mgf1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_poly.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_trits.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_convert.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_param_sets.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_poly.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+ -rm -rf ntru_crypto/.libs ntru_crypto/_libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f ntru_crypto/$(DEPDIR)/$(am__dirstamp)
+ -rm -f ntru_crypto/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h
new file mode 100644
index 000000000..72f47035e
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h
@@ -0,0 +1,235 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+
+/******************************************************************************
+ *
+ * File: ntru_crypto.h
+ *
+ * Contents: Public header file for NTRUEncrypt.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_H
+#define NTRU_CRYPTO_H
+
+#include <library.h>
+
+#include "ntru_drbg.h"
+
+#if !defined( NTRUCALL )
+ #if !defined(WIN32) || defined (NTRUCRYPTO_STATIC)
+ // Linux, or a Win32 static library
+ #define NTRUCALL extern uint32_t
+ #elif defined (NTRUCRYPTO_EXPORTS)
+ // Win32 DLL build
+ #define NTRUCALL extern __declspec(dllexport) uint32_t
+ #else
+ // Win32 DLL import
+ #define NTRUCALL extern __declspec(dllimport) uint32_t
+ #endif
+#endif /* NTRUCALL */
+
+/* parameter set ID list */
+
+typedef enum _NTRU_ENCRYPT_PARAM_SET_ID {
+ NTRU_EES401EP1,
+ NTRU_EES449EP1,
+ NTRU_EES677EP1,
+ NTRU_EES1087EP2,
+ NTRU_EES541EP1,
+ NTRU_EES613EP1,
+ NTRU_EES887EP1,
+ NTRU_EES1171EP1,
+ NTRU_EES659EP1,
+ NTRU_EES761EP1,
+ NTRU_EES1087EP1,
+ NTRU_EES1499EP1,
+ NTRU_EES401EP2,
+ NTRU_EES439EP1,
+ NTRU_EES593EP1,
+ NTRU_EES743EP1,
+} NTRU_ENCRYPT_PARAM_SET_ID;
+
+
+/* error codes */
+
+#define NTRU_OK 0
+#define NTRU_FAIL 1
+#define NTRU_BAD_PARAMETER 2
+#define NTRU_BAD_LENGTH 3
+#define NTRU_BUFFER_TOO_SMALL 4
+#define NTRU_INVALID_PARAMETER_SET 5
+#define NTRU_BAD_PUBLIC_KEY 6
+#define NTRU_BAD_PRIVATE_KEY 7
+#define NTRU_OUT_OF_MEMORY 8
+#define NTRU_BAD_ENCODING 9
+#define NTRU_OID_NOT_RECOGNIZED 10
+#define NTRU_DRBG_FAIL 11
+#define NTRU_MGF1_FAIL 12
+
+/* function declarations */
+
+/* ntru_crypto_ntru_encrypt
+ *
+ * Implements NTRU encryption (SVES) for the parameter set specified in
+ * the public key blob.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH.
+ *
+ * The required minimum size of the output ciphertext buffer (ct) may be
+ * queried by invoking this function with ct = NULL. In this case, no
+ * encryption is performed, NTRU_OK is returned, and the required minimum
+ * size for ct is returned in ct_len.
+ *
+ * When ct != NULL, at invocation *ct_len must be the size of the ct buffer.
+ * Upon return it is the actual size of the ciphertext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is
+ * zero, or if pt_len exceeds the maximum plaintext length for the parameter set.
+ * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_encrypt(
+ ntru_drbg_t *drbg , /* in - handle for DRBG */
+ uint16_t pubkey_blob_len, /* in - no. of octets in public key
+ blob */
+ uint8_t const *pubkey_blob, /* in - pointer to public key */
+ uint16_t pt_len, /* in - no. of octets in plaintext */
+ uint8_t const *pt, /* in - pointer to plaintext */
+ uint16_t *ct_len, /* in/out - no. of octets in ct, addr for
+ no. of octets in ciphertext */
+ uint8_t *ct); /* out - address for ciphertext */
+
+
+/* ntru_crypto_ntru_decrypt
+ *
+ * Implements NTRU decryption (SVES) for the parameter set specified in
+ * the private key blob.
+ *
+ * The maximum size of the output plaintext may be queried by invoking
+ * this function with pt = NULL. In this case, no decryption is performed,
+ * NTRU_OK is returned, and the maximum size the plaintext could be is
+ * returned in pt_len.
+ * Note that until the decryption is performed successfully, the actual size
+ * of the resulting plaintext cannot be known.
+ *
+ * When pt != NULL, at invocation *pt_len must be the size of the pt buffer.
+ * Upon return it is the actual size of the plaintext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if
+ * ct_len is invalid for the parameter set.
+ * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if a decryption error occurs.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_decrypt(
+ uint16_t privkey_blob_len, /* in - no. of octets in private key
+ blob */
+ uint8_t const *privkey_blob, /* in - pointer to private key */
+ uint16_t ct_len, /* in - no. of octets in ciphertext */
+ uint8_t const *ct, /* in - pointer to ciphertext */
+ uint16_t *pt_len, /* in/out - no. of octets in pt, addr for
+ no. of octets in plaintext */
+ uint8_t *pt); /* out - address for plaintext */
+
+
+/* ntru_crypto_ntru_encrypt_keygen
+ *
+ * Implements key generation for NTRUEncrypt for the parameter set specified.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning NTRU_DRBG_FAIL.
+ *
+ * The required minimum size of the output public-key buffer (pubkey_blob)
+ * may be queried by invoking this function with pubkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for pubkey_blob is returned in pubkey_blob_len.
+ *
+ * The required minimum size of the output private-key buffer (privkey_blob)
+ * may be queried by invoking this function with privkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for privkey_blob is returned in privkey_blob_len.
+ *
+ * The required minimum sizes of both pubkey_blob and privkey_blob may be
+ * queried as described above, in a single invocation of this function.
+ *
+ * When pubkey_blob != NULL and privkey_blob != NULL, at invocation
+ * *pubkey_blob_len must be the size of the pubkey_blob buffer and
+ * *privkey_blob_len must be the size of the privkey_blob buffer.
+ * Upon return, *pubkey_blob_len is the actual size of the public-key blob
+ * and *privkey_blob_len is the actual size of the private-key blob.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob
+ * or privkey_blob) is NULL.
+ * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid.
+ * Returns NTRU_BAD_LENGTH if a length argument is invalid.
+ * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the
+ * privkey_blob buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if the polynomial generated for f is not invertible in
+ * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely.
+ * Should this occur, this function should simply be invoked again.
+ */
+
+NTRUCALL
+ntru_crypto_ntru_encrypt_keygen(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */
+ uint16_t *pubkey_blob_len, /* in/out - no. of octets in
+ pubkey_blob, addr
+ for no. of octets
+ in pubkey_blob */
+ uint8_t *pubkey_blob, /* out - address for
+ public key blob */
+ uint16_t *privkey_blob_len, /* in/out - no. of octets in
+ privkey_blob, addr
+ for no. of octets
+ in privkey_blob */
+ uint8_t *privkey_blob); /* out - address for
+ private key blob */
+#endif /* NTRU_CRYPTO_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c
new file mode 100644
index 000000000..3d6dfde41
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c
@@ -0,0 +1,581 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_convert.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_convert.c
+ *
+ * Contents: Conversion routines for NTRUEncrypt, including packing, unpacking,
+ * and others.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto_ntru_convert.h"
+
+
+/* 3-bit to 2-trit conversion tables: 2 represents -1 */
+
+static uint8_t const bits_2_trit1[] = {0, 0, 0, 1, 1, 1, 2, 2};
+static uint8_t const bits_2_trit2[] = {0, 1, 2, 0, 1, 2, 0, 1};
+
+
+/* ntru_bits_2_trits
+ *
+ * Each 3 bits in an array of octets is converted to 2 trits in an array
+ * of trits.
+ *
+ * The octet array may overlap the end of the trit array.
+ */
+
+void
+ntru_bits_2_trits(
+ uint8_t const *octets, /* in - pointer to array of octets */
+ uint16_t num_trits, /* in - number of trits to produce */
+ uint8_t *trits) /* out - address for array of trits */
+{
+ uint32_t bits24;
+ uint32_t bits3;
+ uint32_t shift;
+
+ assert(octets);
+ assert(trits);
+
+ while (num_trits >= 16) {
+
+ /* get next three octets */
+
+ bits24 = ((uint32_t)(*octets++)) << 16;
+ bits24 |= ((uint32_t)(*octets++)) << 8;
+ bits24 |= (uint32_t)(*octets++);
+
+ /* for each 3 bits in the three octets, output 2 trits */
+
+ bits3 = (bits24 >> 21) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 18) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 15) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 12) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 9) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 6) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = (bits24 >> 3) & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ bits3 = bits24 & 0x7;
+ *trits++ = bits_2_trit1[bits3];
+ *trits++ = bits_2_trit2[bits3];
+
+ num_trits -= 16;
+ }
+ if (num_trits == 0)
+ return;
+
+ /* get three octets */
+
+ bits24 = ((uint32_t)(*octets++)) << 16;
+ bits24 |= ((uint32_t)(*octets++)) << 8;
+ bits24 |= (uint32_t)(*octets++);
+
+ shift = 21;
+ while (num_trits) {
+
+ /* for each 3 bits in the three octets, output up to 2 trits
+ * until all trits needed are produced
+ */
+
+ bits3 = (bits24 >> shift) & 0x7;
+ shift -= 3;
+ *trits++ = bits_2_trit1[bits3];
+ if (--num_trits) {
+ *trits++ = bits_2_trit2[bits3];
+ --num_trits;
+ }
+ }
+}
+
+
+/* ntru_trits_2_bits
+ *
+ * Each 2 trits in an array of trits is converted to 3 bits, and the bits
+ * are packed in an array of octets. A multiple of 3 octets is output.
+ * Any bits in the final octets not derived from trits are zero.
+ *
+ * Returns TRUE if all trits were valid.
+ * Returns FALSE if invalid trits were found.
+ */
+
+bool
+ntru_trits_2_bits(
+ uint8_t const *trits, /* in - pointer to array of trits */
+ uint32_t num_trits, /* in - number of trits to convert */
+ uint8_t *octets) /* out - address for array of octets */
+{
+ bool all_trits_valid = TRUE;
+ uint32_t bits24;
+ uint32_t bits3;
+ uint32_t shift;
+
+ assert(octets);
+ assert(trits);
+
+ while (num_trits >= 16) {
+
+ /* convert each 2 trits to 3 bits and pack */
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 = (bits3 << 21);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 18);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 15);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 12);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 9);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 6);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << 3);
+
+ bits3 = *trits++ * 3;
+ bits3 += *trits++;
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= bits3;
+
+ num_trits -= 16;
+
+ /* output three octets */
+
+ *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
+ *octets++ = (uint8_t)((bits24 >> 8) & 0xff);
+ *octets++ = (uint8_t)(bits24 & 0xff);
+ }
+
+ bits24 = 0;
+ shift = 21;
+ while (num_trits) {
+
+ /* convert each 2 trits to 3 bits and pack */
+
+ bits3 = *trits++ * 3;
+ if (--num_trits) {
+ bits3 += *trits++;
+ --num_trits;
+ }
+ if (bits3 > 7) {
+ bits3 = 7;
+ all_trits_valid = FALSE;
+ }
+ bits24 |= (bits3 << shift);
+ shift -= 3;
+ }
+
+ /* output three octets */
+
+ *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
+ *octets++ = (uint8_t)((bits24 >> 8) & 0xff);
+ *octets++ = (uint8_t)(bits24 & 0xff);
+
+ return all_trits_valid;
+}
+
+
+/* ntru_coeffs_mod4_2_octets
+ *
+ * Takes an array of ring element coefficients mod 4 and packs the
+ * results into an octet string.
+ */
+
+void
+ntru_coeffs_mod4_2_octets(
+ uint16_t num_coeffs, /* in - number of coefficients */
+ uint16_t const *coeffs, /* in - pointer to coefficients */
+ uint8_t *octets) /* out - address for octets */
+{
+ uint8_t bits2;
+ int shift;
+ uint16_t i;
+
+ assert(coeffs);
+ assert(octets);
+
+ *octets = 0;
+ shift = 6;
+ for (i = 0; i < num_coeffs; i++) {
+ bits2 = (uint8_t)(coeffs[i] & 0x3);
+ *octets |= bits2 << shift;
+ shift -= 2;
+ if (shift < 0) {
+ ++octets;
+ *octets = 0;
+ shift = 6;
+ }
+ }
+}
+
+
+/* ntru_trits_2_octet
+ *
+ * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1).
+ */
+
+void
+ntru_trits_2_octet(
+ uint8_t const *trits, /* in - pointer to trits */
+ uint8_t *octet) /* out - address for octet */
+{
+ int i;
+
+ assert(trits);
+ assert(octet);
+
+ *octet = 0;
+ for (i = 4; i >= 0; i--) {
+ *octet = (*octet * 3) + trits[i];
+ }
+}
+
+
+/* ntru_octet_2_trits
+ *
+ * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1).
+ */
+
+void
+ntru_octet_2_trits(
+ uint8_t octet, /* in - octet to be unpacked */
+ uint8_t *trits) /* out - address for trits */
+{
+ int i;
+
+ assert(trits);
+
+ for (i = 0; i < 5; i++) {
+ trits[i] = octet % 3;
+ octet = (octet - trits[i]) / 3;
+ }
+}
+
+
+/* ntru_indices_2_trits
+ *
+ * Converts a list of the nonzero indices of a polynomial into an array of
+ * trits.
+ */
+
+void
+ntru_indices_2_trits(
+ uint16_t in_len, /* in - no. of indices */
+ uint16_t const *in, /* in - pointer to list of indices */
+ bool plus1, /* in - if list is +1 cofficients */
+ uint8_t *out) /* out - address of output polynomial */
+{
+ uint8_t trit = plus1 ? 1 : 2;
+ uint16_t i;
+
+ assert(in);
+ assert(out);
+
+ for (i = 0; i < in_len; i++) {
+ out[in[i]] = trit;
+ }
+}
+
+
+/* ntru_packed_trits_2_indices
+ *
+ * Unpacks an array of N trits and creates a list of array indices
+ * corresponding to trits = +1, and list of array indices corresponding to
+ * trits = -1.
+ */
+
+void
+ntru_packed_trits_2_indices(
+ uint8_t const *in, /* in - pointer to packed-trit octets */
+ uint16_t num_trits, /* in - no. of packed trits */
+ uint16_t *indices_plus1, /* out - address for indices of +1 trits */
+ uint16_t *indices_minus1) /* out - address for indices of -1 trits */
+{
+ uint8_t trits[5];
+ uint16_t i = 0;
+ int j;
+
+ assert(in);
+ assert(indices_plus1);
+ assert(indices_minus1);
+
+ while (num_trits >= 5) {
+ ntru_octet_2_trits(*in++, trits);
+ num_trits -= 5;
+ for (j = 0; j < 5; j++, i++) {
+ if (trits[j] == 1) {
+ *indices_plus1 = i;
+ ++indices_plus1;
+ } else if (trits[j] == 2) {
+ *indices_minus1 = i;
+ ++indices_minus1;
+ }
+ }
+ }
+ if (num_trits) {
+ ntru_octet_2_trits(*in, trits);
+ for (j = 0; num_trits && (j < 5); j++, i++) {
+ if (trits[j] == 1) {
+ *indices_plus1 = i;
+ ++indices_plus1;
+ } else if (trits[j] == 2) {
+ *indices_minus1 = i;
+ ++indices_minus1;
+ }
+ --num_trits;
+ }
+ }
+}
+
+
+/* ntru_indices_2_packed_trits
+ *
+ * Takes a list of array indices corresponding to elements whose values
+ * are +1 or -1, and packs the N-element array of trits described by these
+ * lists into octets, 5 trits per octet.
+ */
+
+void
+ntru_indices_2_packed_trits(
+ uint16_t const *indices, /* in - pointer to indices */
+ uint16_t num_plus1, /* in - no. of indices for +1 trits */
+ uint16_t num_minus1, /* in - no. of indices for -1 trits */
+ uint16_t num_trits, /* in - N, no. of trits in array */
+ uint8_t *buf, /* in - temp buf, N octets */
+ uint8_t *out) /* out - address for packed octets */
+{
+ assert(indices);
+ assert(buf);
+ assert(out);
+
+ /* convert indices to an array of trits */
+
+ memset(buf, 0, num_trits);
+ ntru_indices_2_trits(num_plus1, indices, TRUE, buf);
+ ntru_indices_2_trits(num_minus1, indices + num_plus1, FALSE, buf);
+
+ /* pack the array of trits */
+
+ while (num_trits >= 5) {
+ ntru_trits_2_octet(buf, out);
+ num_trits -= 5;
+ buf += 5;
+ ++out;
+ }
+ if (num_trits) {
+ uint8_t trits[5];
+
+ memcpy(trits, buf, num_trits);
+ memset(trits + num_trits, 0, sizeof(trits) - num_trits);
+ ntru_trits_2_octet(trits, out);
+ }
+}
+
+
+/* ntru_elements_2_octets
+ *
+ * Packs an array of n-bit elements into an array of
+ * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16.
+ */
+
+void
+ntru_elements_2_octets(
+ uint16_t in_len, /* in - no. of elements to be packed */
+ uint16_t const *in, /* in - ptr to elements to be packed */
+ uint8_t n_bits, /* in - no. of bits in input element */
+ uint8_t *out) /* out - addr for output octets */
+{
+ uint16_t temp;
+ int shift;
+ uint16_t i;
+
+ assert(in_len);
+ assert(in);
+ assert((n_bits > 8) && (n_bits < 16));
+ assert(out);
+
+ /* pack */
+
+ temp = 0;
+ shift = n_bits - 8;
+ i = 0;
+ while (i < in_len) {
+
+ /* add bits to temp to fill an octet and output the octet */
+
+ temp |= in[i] >> shift;
+ *out++ = (uint8_t)(temp & 0xff);
+ shift = 8 - shift;
+ if (shift < 1) {
+
+ /* next full octet is in current input word */
+
+ shift += n_bits;
+ temp = 0;
+
+ } else {
+
+ /* put remaining bits of input word in temp as partial octet,
+ * and increment index to next input word
+ */
+ temp = in[i] << (uint16_t)shift;
+
+ ++i;
+ }
+ shift = n_bits - shift;
+ }
+
+ /* output any bits remaining in last input word */
+
+ if (shift != n_bits - 8) {
+ *out++ = (uint8_t)(temp & 0xff);
+ }
+}
+
+
+/* ntru_octets_2_elements
+ *
+ * Unpacks an octet string into an array of ((in_len * 8) / n_bits)
+ * n-bit elements, 8 < n_bits < 16. Any extra bits are discarded.
+ */
+
+void
+ntru_octets_2_elements(
+ uint16_t in_len, /* in - no. of octets to be unpacked */
+ uint8_t const *in, /* in - ptr to octets to be unpacked */
+ uint8_t n_bits, /* in - no. of bits in output element */
+ uint16_t *out) /* out - addr for output elements */
+{
+ uint16_t temp;
+ uint16_t mask = (1 << n_bits) - 1;
+ int shift;
+ uint16_t i;
+
+ assert(in_len > 1);
+ assert(in);
+ assert((n_bits > 8) && (n_bits < 16));
+ assert(out);
+
+ /* unpack */
+
+ temp = 0;
+ shift = n_bits;
+ i = 0;
+ while (i < in_len) {
+ shift = 8 - shift;
+ if (shift < 0) {
+
+ /* the current octet will not fill the current element */
+
+ shift += n_bits;
+
+ } else {
+
+ /* add bits from the current octet to fill the current element and
+ * output the element
+ */
+
+ temp |= ((uint16_t)in[i]) >> shift;
+ *out++ = temp & mask;
+ temp = 0;
+ }
+
+ /* add the remaining bits of the current octet to start an element */
+
+ shift = n_bits - shift;
+ temp |= ((uint16_t)in[i]) << shift;
+ ++i;
+ }
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h
new file mode 100644
index 000000000..1c4b35b24
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h
@@ -0,0 +1,183 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_convert.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_convert.h
+ *
+ * Contents: Definitions and declarations for conversion routines
+ * for NTRUEncrypt, including packing, unpacking and others.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_NTRU_CONVERT_H
+#define NTRU_CRYPTO_NTRU_CONVERT_H
+
+#include "ntru_crypto.h"
+
+
+/* function declarations */
+
+/* ntru_bits_2_trits
+ *
+ * Each 3 bits in an array of octets is converted to 2 trits in an array
+ * of trits.
+ */
+
+extern void
+ntru_bits_2_trits(
+ uint8_t const *octets, /* in - pointer to array of octets */
+ uint16_t num_trits, /* in - number of trits to produce */
+ uint8_t *trits); /* out - address for array of trits */
+
+
+/* ntru_trits_2_bits
+ *
+ * Each 2 trits in an array of trits is converted to 3 bits, and the bits
+ * are packed in an array of octets. A multiple of 3 octets is output.
+ * Any bits in the final octets not derived from trits are zero.
+ *
+ * Returns TRUE if all trits were valid.
+ * Returns FALSE if invalid trits were found.
+ */
+
+extern bool
+ntru_trits_2_bits(
+ uint8_t const *trits, /* in - pointer to array of trits */
+ uint32_t num_trits, /* in - number of trits to convert */
+ uint8_t *octets); /* out - address for array of octets */
+
+
+/* ntru_coeffs_mod4_2_octets
+ *
+ * Takes an array of coefficients mod 4 and packs the results into an
+ * octet string.
+ */
+
+extern void
+ntru_coeffs_mod4_2_octets(
+ uint16_t num_coeffs, /* in - number of coefficients */
+ uint16_t const *coeffs, /* in - pointer to coefficients */
+ uint8_t *octets); /* out - address for octets */
+
+
+/* ntru_trits_2_octet
+ *
+ * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1).
+ */
+
+extern void
+ntru_trits_2_octet(
+ uint8_t const *trits, /* in - pointer to trits */
+ uint8_t *octet); /* out - address for octet */
+
+
+/* ntru_octet_2_trits
+ *
+ * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1).
+ */
+
+extern void
+ntru_octet_2_trits(
+ uint8_t octet, /* in - octet to be unpacked */
+ uint8_t *trits); /* out - address for trits */
+
+
+/* ntru_indices_2_trits
+ *
+ * Converts a list of the nonzero indices of a polynomial into an array of
+ * trits.
+ */
+
+extern void
+ntru_indices_2_trits(
+ uint16_t in_len, /* in - no. of indices */
+ uint16_t const *in, /* in - pointer to list of indices */
+ bool plus1, /* in - if list is +1 coefficients */
+ uint8_t *out); /* out - address of output polynomial */
+
+
+/* ntru_packed_trits_2_indices
+ *
+ * Unpacks an array of N trits and creates a list of array indices
+ * corresponding to trits = +1, and list of array indices corresponding to
+ * trits = -1.
+ */
+
+extern void
+ntru_packed_trits_2_indices(
+ uint8_t const *in, /* in - pointer to packed-trit octets */
+ uint16_t num_trits, /* in - no. of packed trits */
+ uint16_t *indices_plus1, /* out - address for indices of +1 trits */
+ uint16_t *indices_minus1); /* out - address for indices of -1 trits */
+
+
+/* ntru_indices_2_packed_trits
+ *
+ * Takes a list of array indices corresponding to elements whose values
+ * are +1 or -1, and packs the N-element array of trits described by these
+ * lists into octets, 5 trits per octet.
+ */
+
+extern void
+ntru_indices_2_packed_trits(
+ uint16_t const *indices, /* in - pointer to indices */
+ uint16_t num_plus1, /* in - no. of indices for +1 trits */
+ uint16_t num_minus1, /* in - no. of indices for -1 trits */
+ uint16_t num_trits, /* in - N, no. of trits in array */
+ uint8_t *buf, /* in - temp buf, N octets */
+ uint8_t *out); /* out - address for packed octets */
+
+
+/* ntru_elements_2_octets
+ *
+ * Packs an array of n-bit elements into an array of
+ * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16.
+ */
+
+extern void
+ntru_elements_2_octets(
+ uint16_t in_len, /* in - no. of elements to be packed */
+ uint16_t const *in, /* in - ptr to elements to be packed */
+ uint8_t n_bits, /* in - no. of bits in input element */
+ uint8_t *out); /* out - addr for output octets */
+
+
+/* ntru_octets_2_elements
+ *
+ * Unpacks an octet string into an array of ((in_len * 8) / n_bits)
+ * n-bit elements, 8 < n < 16. Any extra bits are discarded.
+ */
+
+extern void
+ntru_octets_2_elements(
+ uint16_t in_len, /* in - no. of octets to be unpacked */
+ uint8_t const *in, /* in - ptr to octets to be unpacked */
+ uint8_t n_bits, /* in - no. of bits in output element */
+ uint16_t *out); /* out - addr for output elements */
+
+
+#endif /* NTRU_CRYPTO_NTRU_CONVERT_H */
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
new file mode 100644
index 000000000..dba81915a
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
@@ -0,0 +1,1034 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt.c
+ *
+ * Contents: Routines implementing NTRUEncrypt encryption and decryption and
+ * key generation.
+ *
+ *****************************************************************************/
+
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto.h"
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+#include "ntru_crypto_ntru_encrypt_key.h"
+#include "ntru_crypto_ntru_convert.h"
+#include "ntru_crypto_ntru_poly.h"
+#
+#include "ntru_trits.h"
+#include "ntru_poly.h"
+
+/* ntru_crypto_ntru_encrypt
+ *
+ * Implements NTRU encryption (SVES) for the parameter set specified in
+ * the public key blob.
+ *
+ * Before invoking this function, a DRBG must be instantiated using
+ * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that
+ * instantiation the requested security strength must be at least as large
+ * as the security strength of the NTRU parameter set being used.
+ * Failure to instantiate the DRBG with the proper security strength will
+ * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH.
+ *
+ * The required minimum size of the output ciphertext buffer (ct) may be
+ * queried by invoking this function with ct = NULL. In this case, no
+ * encryption is performed, NTRU_OK is returned, and the required minimum
+ * size for ct is returned in ct_len.
+ *
+ * When ct != NULL, at invocation *ct_len must be the size of the ct buffer.
+ * Upon return it is the actual size of the ciphertext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is
+ * zero, or if pt_len exceeds the maximum plaintext length for the parameter set.
+ * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ */
+
+uint32_t
+ntru_crypto_ntru_encrypt(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ uint16_t pubkey_blob_len, /* in - no. of octets in public key
+ blob */
+ uint8_t const *pubkey_blob, /* in - pointer to public key */
+ uint16_t pt_len, /* in - no. of octets in plaintext */
+ uint8_t const *pt, /* in - pointer to plaintext */
+ uint16_t *ct_len, /* in/out - no. of octets in ct, addr for
+ no. of octets in ciphertext */
+ uint8_t *ct) /* out - address for ciphertext */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint8_t const *pubkey_packed = NULL;
+ uint8_t pubkey_pack_type = 0x00;
+ uint16_t packed_ct_len;
+ size_t scratch_buf_len;
+ uint32_t dr;
+ uint32_t dr1 = 0;
+ uint32_t dr2 = 0;
+ uint32_t dr3 = 0;
+ uint16_t ring_mult_tmp_len;
+ int16_t m1 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf = NULL;
+ uint8_t *b_buf = NULL;
+ uint8_t *tmp_buf = NULL;
+ bool msg_rep_good = FALSE;
+ hash_algorithm_t hash_algid;
+ uint16_t mprime_len = 0;
+ uint16_t mod_q_mask;
+ uint32_t result = NTRU_OK;
+ ntru_trits_t *mask;
+ uint8_t *mask_trits;
+ chunk_t seed;
+ ntru_poly_t *r_poly;
+
+ /* check for bad parameters */
+
+ if (!pubkey_blob || !pt || !ct_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+ if ((pubkey_blob_len == 0) || (pt_len == 0))
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* get a pointer to the parameter-set parameters, the packing type for
+ * the public key, and a pointer to the packed public key
+ */
+
+ if (!ntru_crypto_ntru_encrypt_key_parse(TRUE /* pubkey */, pubkey_blob_len,
+ pubkey_blob, &pubkey_pack_type,
+ NULL, &params, &pubkey_packed,
+ NULL))
+ {
+ return NTRU_BAD_PUBLIC_KEY;
+ }
+
+ /* return the ciphertext size if requested */
+
+ packed_ct_len = (params->N * params->q_bits + 7) >> 3;
+ if (!ct)
+ {
+ *ct_len = packed_ct_len;
+ return NTRU_OK;
+ }
+
+ /* check the ciphertext buffer size */
+
+ if (*ct_len < packed_ct_len)
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+
+ /* check the plaintext length */
+
+ if (pt_len > params->m_len_max)
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* allocate memory for all operations */
+
+ if (params->is_product_form)
+ {
+ ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */
+ dr1 = params->dF_r & 0xff;
+ dr2 = (params->dF_r >> 8) & 0xff;
+ dr3 = (params->dF_r >> 16) & 0xff;
+ dr = dr1 + dr2 + dr3;
+ }
+ else
+ {
+ ring_mult_tmp_len = params->N; /* N 16-bit word buffer */
+ dr = params->dF_r;
+ }
+ scratch_buf_len = (ring_mult_tmp_len << 1) +
+ /* X-byte temp buf for ring mult and
+ other intermediate results */
+ (params->N << 1) + /* 2N-byte buffer for ring elements
+ and overflow from temp buffer */
+ (dr << 2) + /* buffer for r indices */
+ params->sec_strength_len;
+ /* buffer for b */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf = scratch_buf + ring_mult_tmp_len;
+ b_buf = (uint8_t *)(ringel_buf + params->N);
+ tmp_buf = (uint8_t *)scratch_buf;
+
+ /* set hash algorithm based on security strength */
+ hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256;
+
+ /* set constants */
+ mod_q_mask = params->q - 1;
+
+ /* loop until a message representative with proper weight is achieved */
+
+ do {
+ uint8_t *ptr = tmp_buf;
+
+ /* get b */
+ if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ params->sec_strength_len, b_buf))
+ {
+ result = NTRU_OK;
+ }
+ else
+ {
+ result = NTRU_FAIL;
+ }
+
+ if (result == NTRU_OK)
+ {
+
+ /* form sData (OID || m || b || hTrunc) */
+ memcpy(ptr, params->OID, 3);
+ ptr += 3;
+ memcpy(ptr, pt, pt_len);
+ ptr += pt_len;
+ memcpy(ptr, b_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ memcpy(ptr, pubkey_packed, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+
+ DBG2(DBG_LIB, "generate polynomial r");
+
+ seed = chunk_create(tmp_buf, ptr - tmp_buf);
+ r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!r_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint16_t pubkey_packed_len;
+
+ /* unpack the public key */
+ assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS);
+ pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+ ntru_octets_2_elements(pubkey_packed_len, pubkey_packed,
+ params->q_bits, ringel_buf);
+
+ /* form R = h * r */
+ r_poly->ring_mult(r_poly, ringel_buf, ringel_buf);
+ r_poly->destroy(r_poly);
+
+ /* form R mod 4 */
+ ntru_coeffs_mod4_2_octets(params->N, ringel_buf, tmp_buf);
+
+ /* form mask */
+ seed = chunk_create(tmp_buf, (params->N + 3)/4);
+ mask = ntru_trits_create(params->N, hash_algid, seed);
+ if (!mask)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint8_t *Mtrin_buf = tmp_buf + params->N;
+ uint8_t *M_buf = Mtrin_buf + params->N -
+ (params->sec_strength_len + params->m_len_len +
+ params->m_len_max + 2);
+ uint16_t i;
+
+ /* form the padded message M */
+ ptr = M_buf;
+ memcpy(ptr, b_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ if (params->m_len_len == 2)
+ *ptr++ = (uint8_t)((pt_len >> 8) & 0xff);
+ *ptr++ = (uint8_t)(pt_len & 0xff);
+ memcpy(ptr, pt, pt_len);
+ ptr += pt_len;
+
+ /* add an extra zero byte in case without it the bit string
+ * is not a multiple of 3 bits and therefore might not be
+ * able to produce enough trits
+ */
+
+ memset(ptr, 0, params->m_len_max - pt_len + 2);
+
+ /* convert M to trits (Mbin to Mtrin) */
+ mprime_len = params->N;
+ if (params->is_product_form)
+ {
+ --mprime_len;
+ }
+
+ ntru_bits_2_trits(M_buf, mprime_len, Mtrin_buf);
+ mask_trits = mask->get_trits(mask);
+
+ /* form the msg representative m' by adding Mtrin to mask, mod p */
+ if (params->is_product_form)
+ {
+ for (i = 0; i < mprime_len; i++)
+ {
+ tmp_buf[i] = mask_trits[i] + Mtrin_buf[i];
+ if (tmp_buf[i] >= 3)
+ {
+ tmp_buf[i] -= 3;
+ }
+ if (tmp_buf[i] == 1)
+ {
+ ++m1;
+ }
+ else if (tmp_buf[i] == 2)
+ {
+ --m1;
+ }
+ }
+ }
+ else
+ {
+ for (i = 0; i < mprime_len; i++)
+ {
+ tmp_buf[i] = mask_trits[i] + Mtrin_buf[i];
+ if (tmp_buf[i] >= 3)
+ {
+ tmp_buf[i] -= 3;
+ }
+ }
+ }
+ mask->destroy(mask);
+
+ /* check that message representative meets minimum weight
+ * requirements
+ */
+
+ if (params->is_product_form)
+ msg_rep_good = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) :
+ (bool)( m1 <= params->min_msg_rep_wt);
+ else
+ msg_rep_good = ntru_poly_check_min_weight(mprime_len, tmp_buf,
+ params->min_msg_rep_wt);
+ msg_rep_good = TRUE;
+ }
+ } while ((result == NTRU_OK) && !msg_rep_good);
+
+ if (result == NTRU_OK)
+ {
+ uint16_t i;
+
+ /* form ciphertext e by adding m' to R mod q */
+
+ for (i = 0; i < mprime_len; i++) {
+ if (tmp_buf[i] == 1)
+ ringel_buf[i] = (ringel_buf[i] + 1) & mod_q_mask;
+ else if (tmp_buf[i] == 2)
+ ringel_buf[i] = (ringel_buf[i] - 1) & mod_q_mask;
+ }
+ if (params->is_product_form)
+ ringel_buf[i] = (ringel_buf[i] - m1) & mod_q_mask;
+
+ /* pack ciphertext */
+ ntru_elements_2_octets(params->N, ringel_buf, params->q_bits, ct);
+ *ct_len = packed_ct_len;
+ }
+
+ /* cleanup */
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ return result;
+}
+
+
+/* ntru_crypto_ntru_decrypt
+ *
+ * Implements NTRU decryption (SVES) for the parameter set specified in
+ * the private key blob.
+ *
+ * The maximum size of the output plaintext may be queried by invoking
+ * this function with pt = NULL. In this case, no decryption is performed,
+ * NTRU_OK is returned, and the maximum size the plaintext could be is
+ * returned in pt_len.
+ * Note that until the decryption is performed successfully, the actual size
+ * of the resulting plaintext cannot be known.
+ *
+ * When pt != NULL, at invocation *pt_len must be the size of the pt buffer.
+ * Upon return it is the actual size of the plaintext.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL.
+ * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if
+ * ct_len is invalid for the parameter set.
+ * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid
+ * (unknown format, corrupt, bad length).
+ * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if a decryption error occurs.
+ */
+
+uint32_t
+ntru_crypto_ntru_decrypt(
+ uint16_t privkey_blob_len, /* in - no. of octets in private key
+ blob */
+ uint8_t const *privkey_blob, /* in - pointer to private key */
+ uint16_t ct_len, /* in - no. of octets in ciphertext */
+ uint8_t const *ct, /* in - pointer to ciphertext */
+ uint16_t *pt_len, /* in/out - no. of octets in pt, addr for
+ no. of octets in plaintext */
+ uint8_t *pt) /* out - address for plaintext */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint8_t const *privkey_packed = NULL;
+ uint8_t const *pubkey_packed = NULL;
+ uint8_t privkey_pack_type = 0x00;
+ uint8_t pubkey_pack_type = 0x00;
+ size_t scratch_buf_len;
+ uint32_t dF_r;
+ uint32_t dF_r1 = 0;
+ uint32_t dF_r2 = 0;
+ uint32_t dF_r3 = 0;
+ uint16_t ring_mult_tmp_len;
+ int16_t m1 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf1 = NULL;
+ uint16_t *ringel_buf2 = NULL;
+ uint16_t *i_buf = NULL;
+ uint8_t *m_buf = NULL;
+ uint8_t *tmp_buf = NULL;
+ uint8_t *Mtrin_buf = NULL;
+ uint8_t *M_buf = NULL;
+ uint8_t *ptr = NULL;
+ hash_algorithm_t hash_algid;
+ uint16_t cmprime_len;
+ uint16_t mod_q_mask;
+ uint16_t q_mod_p;
+ uint16_t cm_len = 0;
+ uint16_t num_zeros;
+ uint16_t i;
+ bool decryption_ok = TRUE;
+ uint32_t result = NTRU_OK;
+ ntru_trits_t *mask;
+ uint8_t *mask_trits;
+ chunk_t seed;
+ ntru_poly_t *F_poly, *r_poly;
+
+ /* check for bad parameters */
+ if (!privkey_blob || !ct || !pt_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+ if ((privkey_blob_len == 0) || (ct_len == 0))
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* get a pointer to the parameter-set parameters, the packing types for
+ * the public and private keys, and pointers to the packed public and
+ * private keys
+ */
+
+ if (!ntru_crypto_ntru_encrypt_key_parse(FALSE /* privkey */,
+ privkey_blob_len,
+ privkey_blob, &pubkey_pack_type,
+ &privkey_pack_type, &params,
+ &pubkey_packed, &privkey_packed))
+ {
+ return NTRU_BAD_PRIVATE_KEY;
+ }
+
+ /* return the max plaintext size if requested */
+
+ if (!pt)
+ {
+ *pt_len = params->m_len_max;
+ return NTRU_OK;
+ }
+
+ /* cannot check the plaintext buffer size until after the plaintext
+ * is derived, if we allow plaintext buffers only as large as the
+ * actual plaintext
+ */
+
+ /* check the ciphertext length */
+
+ if (ct_len != (params->N * params->q_bits + 7) >> 3)
+ {
+ return NTRU_BAD_LENGTH;
+ }
+
+ /* allocate memory for all operations */
+
+ if (params->is_product_form)
+ {
+ ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */
+ dF_r1 = params->dF_r & 0xff;
+ dF_r2 = (params->dF_r >> 8) & 0xff;
+ dF_r3 = (params->dF_r >> 16) & 0xff;
+ dF_r = dF_r1 + dF_r2 + dF_r3;
+ } else {
+ ring_mult_tmp_len = params->N; /* N 16-bit word buffer */
+ dF_r = params->dF_r;
+ }
+ scratch_buf_len = (ring_mult_tmp_len << 1) +
+ /* X-byte temp buf for ring mult and
+ other intermediate results */
+ (params->N << 2) + /* 2 2N-byte bufs for ring elements
+ and overflow from temp buffer */
+ (dF_r << 2) + /* buffer for F, r indices */
+ params->m_len_max; /* buffer for plaintext */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf1 = scratch_buf + ring_mult_tmp_len;
+ ringel_buf2 = ringel_buf1 + params->N;
+ i_buf = ringel_buf2 + params->N;
+ m_buf = (uint8_t *)(i_buf + (dF_r << 1));
+ tmp_buf = (uint8_t *)scratch_buf;
+ Mtrin_buf = (uint8_t *)ringel_buf1;
+ M_buf = Mtrin_buf + params->N;
+
+ /* set hash algorithm based on security strength */
+ hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256;
+
+ /* set constants */
+ mod_q_mask = params->q - 1;
+ q_mod_p = params->q % 3;
+
+ /* unpack the ciphertext */
+ ntru_octets_2_elements(ct_len, ct, params->q_bits, ringel_buf2);
+
+ /* unpack the private key */
+ if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS)
+ {
+ ntru_packed_trits_2_indices(privkey_packed, params->N, i_buf,
+ i_buf + dF_r);
+
+ }
+ else if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_INDICES)
+ {
+ ntru_octets_2_elements(
+ (((uint16_t)dF_r << 1) * params->N_bits + 7) >> 3,
+ privkey_packed, params->N_bits, i_buf);
+
+ }
+ else
+ {
+ assert(FALSE);
+ }
+
+ /* form cm':
+ * F * e
+ * A = e * (1 + pF) mod q = e + pFe mod q
+ * a = A in the range [-q/2, q/2)
+ * cm' = a mod p
+ */
+ F_poly = ntru_poly_create_from_data(i_buf, params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ F_poly->ring_mult(F_poly, ringel_buf2, ringel_buf1);
+ F_poly->destroy(F_poly);
+
+ cmprime_len = params->N;
+ if (params->is_product_form)
+ {
+ --cmprime_len;
+ for (i = 0; i < cmprime_len; i++)
+ {
+ ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask;
+ if (ringel_buf1[i] >= (params->q >> 1))
+ {
+ ringel_buf1[i] = ringel_buf1[i] - q_mod_p;
+ }
+ Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3);
+ if (Mtrin_buf[i] == 1)
+ {
+ ++m1;
+ }
+ else if (Mtrin_buf[i] == 2)
+ {
+ --m1;
+ }
+ }
+ }
+ else
+ {
+ for (i = 0; i < cmprime_len; i++)
+ {
+ ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask;
+ if (ringel_buf1[i] >= (params->q >> 1))
+ {
+ ringel_buf1[i] = ringel_buf1[i] - q_mod_p;
+ }
+ Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3);
+ }
+ }
+
+ /* check that the candidate message representative meets minimum weight
+ * requirements
+ */
+
+ if (params->is_product_form)
+ {
+ decryption_ok = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) :
+ (bool)( m1 <= params->min_msg_rep_wt);
+ }
+ else
+ {
+ decryption_ok = ntru_poly_check_min_weight(cmprime_len, Mtrin_buf,
+ params->min_msg_rep_wt);
+ }
+
+ /* form cR = e - cm' mod q */
+ for (i = 0; i < cmprime_len; i++)
+ {
+ if (Mtrin_buf[i] == 1)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] - 1) & mod_q_mask;
+ }
+ else if (Mtrin_buf[i] == 2)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] + 1) & mod_q_mask;
+ }
+ }
+ if (params->is_product_form)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] + m1) & mod_q_mask;
+ }
+
+ /* form cR mod 4 */
+ ntru_coeffs_mod4_2_octets(params->N, ringel_buf2, tmp_buf);
+
+ /* form mask */
+ seed = chunk_create(tmp_buf, (params->N + 3)/4);
+ mask = ntru_trits_create(params->N, hash_algid, seed);
+ if (!mask)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ else
+ {
+ mask_trits = mask->get_trits(mask);
+
+ /* form cMtrin by subtracting mask from cm', mod p */
+ for (i = 0; i < cmprime_len; i++)
+ {
+ Mtrin_buf[i] = Mtrin_buf[i] - mask_trits[i];
+ if (Mtrin_buf[i] >= 3)
+ {
+ Mtrin_buf[i] += 3;
+ }
+ }
+ mask->destroy(mask);
+
+ if (params->is_product_form)
+
+ /* set the last trit to zero since that's what it was, and
+ * because it can't be calculated from (cm' - mask) since
+ * we don't have the correct value for the last cm' trit
+ */
+
+ Mtrin_buf[i] = 0;
+
+ /* convert cMtrin to cM (Mtrin to Mbin) */
+
+ if (!ntru_trits_2_bits(Mtrin_buf, params->N, M_buf))
+ decryption_ok = FALSE;
+
+ /* validate the padded message cM and copy cm to m_buf */
+
+ ptr = M_buf + params->sec_strength_len;
+ if (params->m_len_len == 2)
+ cm_len = (uint16_t)(*ptr++) << 16;
+ cm_len |= (uint16_t)(*ptr++);
+ if (cm_len > params->m_len_max) {
+ cm_len = params->m_len_max;
+ decryption_ok = FALSE;
+ }
+ memcpy(m_buf, ptr, cm_len);
+ ptr += cm_len;
+ num_zeros = params->m_len_max - cm_len + 1;
+ for (i = 0; i < num_zeros; i++) {
+ if (ptr[i] != 0)
+ decryption_ok = FALSE;
+ }
+
+ /* form sData (OID || m || b || hTrunc) */
+
+ ptr = tmp_buf;
+ memcpy(ptr, params->OID, 3);
+ ptr += 3;
+ memcpy(ptr, m_buf, cm_len);
+ ptr += cm_len;
+ memcpy(ptr, M_buf, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+ memcpy(ptr, pubkey_packed, params->sec_strength_len);
+ ptr += params->sec_strength_len;
+
+ /* generate cr */
+ DBG2(DBG_LIB, "generate polynomial r");
+
+ seed = chunk_create(tmp_buf, ptr - tmp_buf);
+ r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!r_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ /* unpack the public key */
+ {
+ uint16_t pubkey_packed_len;
+
+ assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS);
+ pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+ ntru_octets_2_elements(pubkey_packed_len, pubkey_packed,
+ params->q_bits, ringel_buf1);
+ }
+
+ /* form cR' = h * cr */
+ r_poly->ring_mult(r_poly, ringel_buf1, ringel_buf1);
+ r_poly->destroy(r_poly);
+
+ /* compare cR' to cR */
+ for (i = 0; i < params->N; i++)
+ {
+ if (ringel_buf1[i] != ringel_buf2[i])
+ {
+ decryption_ok = FALSE;
+ }
+ }
+
+ /* output plaintext and plaintext length */
+ if (decryption_ok)
+ {
+ if (*pt_len < cm_len)
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+ memcpy(pt, m_buf, cm_len);
+ *pt_len = cm_len;
+ }
+ }
+
+ /* cleanup */
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ if (!decryption_ok)
+ {
+ return NTRU_FAIL;
+ }
+
+ return result;
+}
+
+
+/* ntru_crypto_ntru_encrypt_keygen
+ *
+ * Implements key generation for NTRUEncrypt for the parameter set specified.
+ *
+ * The required minimum size of the output public-key buffer (pubkey_blob)
+ * may be queried by invoking this function with pubkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for pubkey_blob is returned in pubkey_blob_len.
+ *
+ * The required minimum size of the output private-key buffer (privkey_blob)
+ * may be queried by invoking this function with privkey_blob = NULL.
+ * In this case, no key generation is performed, NTRU_OK is returned, and
+ * the required minimum size for privkey_blob is returned in privkey_blob_len.
+ *
+ * The required minimum sizes of both pubkey_blob and privkey_blob may be
+ * queried as described above, in a single invocation of this function.
+ *
+ * When pubkey_blob != NULL and privkey_blob != NULL, at invocation
+ * *pubkey_blob_len must be the size of the pubkey_blob buffer and
+ * *privkey_blob_len must be the size of the privkey_blob buffer.
+ * Upon return, *pubkey_blob_len is the actual size of the public-key blob
+ * and *privkey_blob_len is the actual size of the private-key blob.
+ *
+ * Returns NTRU_OK if successful.
+ * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob or
+ * privkey_blob) is NULL.
+ * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid.
+ * Returns NTRU_BAD_LENGTH if a length argument is invalid.
+ * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the
+ * privkey_blob buffer is too small.
+ * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap.
+ * Returns NTRU_FAIL if the polynomial generated for f is not invertible in
+ * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely.
+ * Should this occur, this function should simply be invoked again.
+ */
+
+uint32_t
+ntru_crypto_ntru_encrypt_keygen(
+ ntru_drbg_t *drbg, /* in - handle of DRBG */
+ NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */
+ uint16_t *pubkey_blob_len, /* in/out - no. of octets in
+ pubkey_blob, addr
+ for no. of octets
+ in pubkey_blob */
+ uint8_t *pubkey_blob, /* out - address for
+ public key blob */
+ uint16_t *privkey_blob_len, /* in/out - no. of octets in
+ privkey_blob, addr
+ for no. of octets
+ in privkey_blob */
+ uint8_t *privkey_blob) /* out - address for
+ private key blob */
+{
+ NTRU_ENCRYPT_PARAM_SET *params = NULL;
+ uint16_t public_key_blob_len;
+ uint16_t private_key_blob_len;
+ uint8_t pubkey_pack_type;
+ uint8_t privkey_pack_type;
+ size_t scratch_buf_len;
+ uint32_t dF;
+ uint32_t dF1 = 0;
+ uint32_t dF2 = 0;
+ uint32_t dF3 = 0;
+ uint16_t *scratch_buf = NULL;
+ uint16_t *ringel_buf1 = NULL;
+ uint16_t *ringel_buf2 = NULL;
+ uint8_t *tmp_buf = NULL;
+ uint16_t mod_q_mask;
+ hash_algorithm_t hash_algid;
+ uint16_t seed_len;
+ chunk_t seed;
+ uint32_t result = NTRU_OK;
+ ntru_poly_t *F_poly = NULL;
+ ntru_poly_t *g_poly = NULL;
+ uint16_t *F_indices;
+
+ /* get a pointer to the parameter-set parameters */
+
+ if ((params = ntru_encrypt_get_params_with_id(param_set_id)) == NULL)
+ {
+ return NTRU_INVALID_PARAMETER_SET;
+ }
+
+ /* check for bad parameters */
+
+ if (!pubkey_blob_len || !privkey_blob_len)
+ {
+ return NTRU_BAD_PARAMETER;
+ }
+
+ /* get public and private key packing types and blob lengths */
+
+ ntru_crypto_ntru_encrypt_key_get_blob_params(params, &pubkey_pack_type,
+ &public_key_blob_len,
+ &privkey_pack_type,
+ &private_key_blob_len);
+
+ /* return the pubkey_blob size and/or privkey_blob size if requested */
+
+ if (!pubkey_blob || !privkey_blob)
+ {
+ if (!pubkey_blob)
+ *pubkey_blob_len = public_key_blob_len;
+ if (!privkey_blob)
+ *privkey_blob_len = private_key_blob_len;
+ return NTRU_OK;
+ }
+
+ /* check size of output buffers */
+
+ if ((*pubkey_blob_len < public_key_blob_len) ||
+ (*privkey_blob_len < private_key_blob_len))
+ {
+ return NTRU_BUFFER_TOO_SMALL;
+ }
+
+ /* allocate memory for all operations */
+ if (params->is_product_form) {
+ dF1 = params->dF_r & 0xff;
+ dF2 = (params->dF_r >> 8) & 0xff;
+ dF3 = (params->dF_r >> 16) & 0xff;
+ dF = dF1 + dF2 + dF3;
+ } else {
+ dF = params->dF_r;
+ }
+
+ scratch_buf_len = (params->N * 8) + /* 4N-byte temp buffer for ring inv
+ and other intermediate results,
+ 2N-byte buffer for f, g indices
+ and overflow from temp buffer,
+ 2N-byte buffer for f^-1 */
+ (dF << 2); /* buffer for F indices */
+ scratch_buf = malloc(scratch_buf_len);
+ if (!scratch_buf)
+ {
+ return NTRU_OUT_OF_MEMORY;
+ }
+ ringel_buf1 = scratch_buf + (params->N << 1);
+ ringel_buf2 = ringel_buf1 + params->N;
+ tmp_buf = (uint8_t *)scratch_buf;
+
+ /* set hash algorithm and seed length based on security strength */
+ if (params->sec_strength_len <= 20)
+ {
+ hash_algid = HASH_SHA1;
+ }
+ else
+ {
+ hash_algid = HASH_SHA256;
+ }
+ seed_len = params->sec_strength_len + 8;
+
+ /* set constants */
+
+ mod_q_mask = params->q - 1;
+
+ /* get random bytes for seed for generating trinary F
+ * as a list of indices
+ */
+
+ if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ seed_len, tmp_buf))
+ {
+ result = NTRU_OK;
+ }
+ else
+ {
+ result = NTRU_DRBG_FAIL;
+ }
+
+ if (result == NTRU_OK)
+ {
+ DBG2(DBG_LIB, "generate polynomial F");
+
+ seed = chunk_create(tmp_buf, seed_len);
+ F_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dF_r, params->dF_r,
+ params->is_product_form);
+ if (!F_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ int i;
+
+ F_poly->get_array(F_poly, ringel_buf1);
+
+ /* form f = 1 + pF */
+ for (i = 0; i < params->N; i++)
+ {
+ ringel_buf1[i] = (ringel_buf1[i] * 3) & mod_q_mask;
+ }
+ ringel_buf1[0] = (ringel_buf1[0] + 1) & mod_q_mask;
+
+ /* find f^-1 in (Z/qZ)[X]/(X^N - 1) */
+ if (!ntru_ring_inv(ringel_buf1, params->N, params->q,
+ scratch_buf, ringel_buf2))
+ {
+ result = NTRU_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+
+ /* get random bytes for seed for generating trinary polynomial g
+ * as a list of indices
+ */
+ if (!drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE,
+ seed_len, tmp_buf))
+ {
+ result = NTRU_DRBG_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ DBG2(DBG_LIB, "generate polynomial g");
+
+ seed = chunk_create(tmp_buf, seed_len);
+ g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ params->N, params->q,
+ params->dg + 1, params->dg, FALSE);
+ if (!g_poly)
+ {
+ result = NTRU_MGF1_FAIL;
+ }
+ }
+
+ if (result == NTRU_OK)
+ {
+ uint16_t i;
+
+ /* compute h = p * (f^-1 * g) mod q */
+ g_poly->ring_mult(g_poly, ringel_buf2, ringel_buf2);
+ g_poly->destroy(g_poly);
+
+ for (i = 0; i < params->N; i++)
+ {
+ ringel_buf2[i] = (ringel_buf2[i] * 3) & mod_q_mask;
+ }
+
+ /* create public key blob */
+ ntru_crypto_ntru_encrypt_key_create_pubkey_blob(params, ringel_buf2,
+ pubkey_pack_type,
+ pubkey_blob);
+ *pubkey_blob_len = public_key_blob_len;
+
+ /* create private key blob */
+ F_indices = F_poly->get_indices(F_poly);
+ ntru_crypto_ntru_encrypt_key_create_privkey_blob(params, ringel_buf2,
+ F_indices,
+ privkey_pack_type,
+ tmp_buf, privkey_blob);
+ *privkey_blob_len = private_key_blob_len;
+ }
+
+ /* cleanup */
+ DESTROY_IF(F_poly);
+ memset(scratch_buf, 0, scratch_buf_len);
+ free(scratch_buf);
+
+ return result;
+}
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c
new file mode 100644
index 000000000..90baaadf3
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c
@@ -0,0 +1,360 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt_key.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_key.c
+ *
+ * Contents: Routines for exporting and importing public and private keys
+ * for NTRUEncrypt.
+ *
+ *****************************************************************************/
+
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "ntru_crypto_ntru_encrypt_key.h"
+
+
+/* ntru_crypto_ntru_encrypt_key_parse
+ *
+ * Parses an NTRUEncrypt key blob.
+ * If the blob is not corrupt, returns packing types for public and private
+ * keys, a pointer to the parameter set, a pointer to the public key, and
+ * a pointer to the private key if it exists.
+ *
+ * Returns TRUE if successful.
+ * Returns FALSE if the blob is invalid.
+ */
+
+bool
+ntru_crypto_ntru_encrypt_key_parse(
+ bool pubkey_parse, /* in - if parsing pubkey
+ blob */
+ uint16_t key_blob_len, /* in - no. octets in key
+ blob */
+ uint8_t const *key_blob, /* in - pointer to key blob */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to
+ parameter set */
+ uint8_t const **pubkey, /* out - addr for ptr to
+ packed pubkey */
+ uint8_t const **privkey) /* out - addr for ptr to
+ packed privkey */
+{
+ uint8_t tag;
+
+ assert(key_blob_len);
+ assert(key_blob);
+ assert(pubkey_pack_type);
+ assert(params);
+ assert(pubkey);
+
+ /* parse key blob based on tag */
+
+ tag = key_blob[0];
+ switch (tag) {
+ case NTRU_ENCRYPT_PUBKEY_TAG:
+ if (!pubkey_parse)
+ return FALSE;
+ break;
+ case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG:
+ assert(privkey_pack_type);
+ assert(privkey);
+ if (pubkey_parse)
+ return FALSE;
+ break;
+ default:
+ return FALSE;
+ }
+
+ switch (tag) {
+ case NTRU_ENCRYPT_PUBKEY_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG:
+ case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG:
+
+ /* Version 0:
+ * byte 0: tag
+ * byte 1: no. of octets in OID
+ * bytes 2-4: OID
+ * bytes 5- : packed pubkey
+ * [packed privkey]
+ */
+
+ {
+ NTRU_ENCRYPT_PARAM_SET *p = NULL;
+ uint16_t pubkey_packed_len;
+
+ /* check OID length and minimum blob length for tag and OID */
+
+ if ((key_blob_len < 5) || (key_blob[1] != 3))
+ return FALSE;
+
+ /* get a pointer to the parameter set corresponding to the OID */
+
+ if ((p = ntru_encrypt_get_params_with_OID(key_blob + 2)) == NULL)
+ return FALSE;
+
+ /* check blob length and assign pointers to blob fields */
+
+ pubkey_packed_len = (p->N * p->q_bits + 7) / 8;
+ if (pubkey_parse) { /* public-key parsing */
+ if (key_blob_len != 5 + pubkey_packed_len)
+ return FALSE;
+
+ *pubkey = key_blob + 5;
+
+ } else { /* private-key parsing */
+ uint16_t privkey_packed_len;
+ uint16_t privkey_packed_trits_len = (p->N + 4) / 5;
+ uint16_t privkey_packed_indices_len;
+ uint16_t dF;
+
+ /* check packing type for product-form private keys */
+
+ if (p->is_product_form &&
+ (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG))
+ return FALSE;
+
+ /* set packed-key length for packed indices */
+
+ if (p->is_product_form)
+ dF = (uint16_t)( (p->dF_r & 0xff) + /* df1 */
+ ((p->dF_r >> 8) & 0xff) + /* df2 */
+ ((p->dF_r >> 16) & 0xff)); /* df3 */
+ else
+ dF = (uint16_t)p->dF_r;
+ privkey_packed_indices_len = ((dF << 1) * p->N_bits + 7) >> 3;
+
+ /* set private-key packing type if defaulted */
+
+ if (tag == NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG) {
+ if (p->is_product_form ||
+ (privkey_packed_indices_len <=
+ privkey_packed_trits_len))
+ tag = NTRU_ENCRYPT_PRIVKEY_INDICES_TAG;
+ else
+ tag = NTRU_ENCRYPT_PRIVKEY_TRITS_TAG;
+ }
+
+ if (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG)
+ privkey_packed_len = privkey_packed_trits_len;
+ else
+ privkey_packed_len = privkey_packed_indices_len;
+
+ if (key_blob_len != 5 + pubkey_packed_len + privkey_packed_len)
+ return FALSE;
+
+ *pubkey = key_blob + 5;
+ *privkey = *pubkey + pubkey_packed_len;
+ *privkey_pack_type = (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG) ?
+ NTRU_ENCRYPT_KEY_PACKED_TRITS :
+ NTRU_ENCRYPT_KEY_PACKED_INDICES;
+ }
+
+ /* return parameter set pointer */
+
+ *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS;
+ *params = p;
+ }
+ default:
+ break; /* can't get here */
+ }
+ return TRUE;
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_get_blob_params
+ *
+ * Returns public and private key packing types and blob lengths given
+ * a packing format. For now, only a default packing format exists.
+ *
+ * Only public-key params may be returned by setting privkey_pack_type
+ * and privkey_blob_len to NULL.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_get_blob_params(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint16_t *pubkey_blob_len, /* out - addr for no. of
+ bytes in
+ pubkey blob */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ uint16_t *privkey_blob_len) /* out - addr for no. of
+ bytes in
+ privkey blob */
+{
+ uint16_t pubkey_packed_len = (params->N * params->q_bits + 7) >> 3;
+
+ assert(params);
+ assert(pubkey_pack_type);
+ assert(pubkey_blob_len);
+
+ *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS;
+ *pubkey_blob_len = 5 + pubkey_packed_len;
+
+ if (privkey_pack_type && privkey_blob_len) {
+ uint16_t privkey_packed_trits_len = (params->N + 4) / 5;
+ uint16_t privkey_packed_indices_len;
+ uint16_t dF;
+
+ if (params->is_product_form)
+ dF = (uint16_t)( (params->dF_r & 0xff) + /* df1 */
+ ((params->dF_r >> 8) & 0xff) + /* df2 */
+ ((params->dF_r >> 16) & 0xff)); /* df3 */
+ else
+ dF = (uint16_t)params->dF_r;
+ privkey_packed_indices_len = ((dF << 1) * params->N_bits + 7) >> 3;
+
+ if (params->is_product_form ||
+ (privkey_packed_indices_len <= privkey_packed_trits_len)) {
+ *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_INDICES;
+ *privkey_blob_len =
+ 5 + pubkey_packed_len + privkey_packed_indices_len;
+ } else {
+ *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_TRITS;
+ *privkey_blob_len =
+ 5 + pubkey_packed_len + privkey_packed_trits_len;
+ }
+ }
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob
+ *
+ * Returns a public key blob, packed according to the packing type provided.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_create_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint8_t pubkey_pack_type, /* out - pubkey packing
+ type */
+ uint8_t *pubkey_blob) /* out - addr for the
+ pubkey blob */
+{
+ assert(params);
+ assert(pubkey);
+ assert(pubkey_blob);
+
+ switch (pubkey_pack_type) {
+ case NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS:
+ *pubkey_blob++ = NTRU_ENCRYPT_PUBKEY_TAG;
+ *pubkey_blob++ = (uint8_t)sizeof(params->OID);
+ memcpy(pubkey_blob, params->OID, sizeof(params->OID));
+ pubkey_blob += sizeof(params->OID);
+ ntru_elements_2_octets(params->N, pubkey, params->q_bits,
+ pubkey_blob);
+ break;
+ default:
+ assert(FALSE);
+ }
+}
+
+
+/* ntru_crypto_ntru_encrypt_key_create_privkey_blob
+ *
+ * Returns a private key blob, packed according to the packing type provided.
+ */
+
+void
+ntru_crypto_ntru_encrypt_key_create_privkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint16_t const *privkey, /* in - pointer to the
+ indices of the
+ privkey */
+ uint8_t privkey_pack_type, /* in - privkey packing
+ type */
+ uint8_t *buf, /* in - temp, N bytes */
+ uint8_t *privkey_blob) /* out - addr for the
+ privkey blob */
+{
+ assert(params);
+ assert(pubkey);
+ assert(privkey);
+ assert(privkey_blob);
+
+ switch (privkey_pack_type) {
+ case NTRU_ENCRYPT_KEY_PACKED_TRITS:
+ case NTRU_ENCRYPT_KEY_PACKED_INDICES:
+
+ /* format header and packed public key */
+
+ *privkey_blob++ = NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG;
+ *privkey_blob++ = (uint8_t)sizeof(params->OID);
+ memcpy(privkey_blob, params->OID, sizeof(params->OID));
+ privkey_blob += sizeof(params->OID);
+ ntru_elements_2_octets(params->N, pubkey, params->q_bits,
+ privkey_blob);
+ privkey_blob += (params->N * params->q_bits + 7) >> 3;
+
+ /* add packed private key */
+
+ if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS) {
+ ntru_indices_2_packed_trits(privkey, (uint16_t)params->dF_r,
+ (uint16_t)params->dF_r,
+ params->N, buf, privkey_blob);
+ } else {
+ uint32_t dF;
+
+ if (params->is_product_form) {
+ dF = (params->dF_r & 0xff) +
+ ((params->dF_r >> 8) & 0xff) +
+ ((params->dF_r >> 16) & 0xff);
+ } else {
+ dF = params->dF_r;
+ }
+ ntru_elements_2_octets((uint16_t)dF << 1, privkey,
+ params->N_bits, privkey_blob);
+ }
+ break;
+ default:
+ assert(FALSE);
+ break;
+ }
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h
new file mode 100644
index 000000000..6734f2a4c
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h
@@ -0,0 +1,167 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_cencrypt_key.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+
+#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H
+#define NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H
+
+#include "ntru_crypto_ntru_convert.h"
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+
+
+/* key-blob definitions */
+
+#define NTRU_ENCRYPT_PUBKEY_TAG 0x01
+#define NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG 0x02
+#define NTRU_ENCRYPT_PRIVKEY_TRITS_TAG 0xfe
+#define NTRU_ENCRYPT_PRIVKEY_INDICES_TAG 0xff
+
+/* packing types */
+
+#define NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS 0x01
+#define NTRU_ENCRYPT_KEY_PACKED_INDICES 0x02
+#define NTRU_ENCRYPT_KEY_PACKED_TRITS 0x03
+
+/* function declarations */
+
+
+/* ntru_crypto_ntru_encrypt_key_parse
+ *
+ * Parses an NTRUEncrypt key blob.
+ * If the blob is not corrupt, returns packing types for public and private
+ * keys, a pointer to the parameter set, a pointer to the public key, and
+ * a pointer to the private key if it exists.
+ *
+ * Returns TRUE if successful.
+ * Returns FALSE if the blob is invalid.
+ */
+
+extern bool
+ntru_crypto_ntru_encrypt_key_parse(
+ bool pubkey_parse, /* in - if parsing pubkey
+ blob */
+ uint16_t key_blob_len, /* in - no. octets in key
+ blob */
+ uint8_t const *key_blob, /* in - pointer to key blob */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to
+ parameter set */
+ uint8_t const **pubkey, /* out - addr for ptr to
+ packed pubkey */
+ uint8_t const **privkey); /* out - addr for ptr to
+ packed privkey */
+
+
+/* ntru_crypto_ntru_encrypt_key_get_blob_params
+ *
+ * Returns public and private key packing types and blob lengths given
+ * a packing format. For now, only a default packing format exists.
+ *
+ * Only public-key params may be returned by setting privkey_pack_type
+ * and privkey_blob_len to NULL.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_get_blob_params(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint8_t *pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint16_t *pubkey_blob_len, /* out - addr for no. of
+ bytes in
+ pubkey blob */
+ uint8_t *privkey_pack_type, /* out - addr for privkey
+ packing type */
+ uint16_t *privkey_blob_len); /* out - addr for no. of
+ bytes in
+ privkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob
+ *
+ * Returns a public key blob, packed according to the packing type provided.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_create_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint8_t pubkey_pack_type, /* out - addr for pubkey
+ packing type */
+ uint8_t *pubkey_blob); /* out - addr for the
+ pubkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob
+ *
+ * Returns a public key blob, recreated from an already-packed public key.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t packed_pubkey_len, /* in - no. octets in
+ packed pubkey */
+ uint8_t const *packed_pubkey, /* in - pointer to the
+ packed pubkey */
+ uint8_t pubkey_pack_type, /* out - pubkey packing
+ type */
+ uint8_t *pubkey_blob); /* out - addr for the
+ pubkey blob */
+
+
+/* ntru_crypto_ntru_encrypt_key_create_privkey_blob
+ *
+ * Returns a privlic key blob, packed according to the packing type provided.
+ */
+
+extern void
+ntru_crypto_ntru_encrypt_key_create_privkey_blob(
+ NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to
+ param set
+ parameters */
+ uint16_t const *pubkey, /* in - pointer to the
+ coefficients
+ of the pubkey */
+ uint16_t const *privkey, /* in - pointer to the
+ indices of the
+ privkey */
+ uint8_t privkey_pack_type, /* in - privkey packing
+ type */
+ uint8_t *buf, /* in - temp, N bytes */
+ uint8_t *privkey_blob); /* out - addr for the
+ privkey blob */
+
+
+#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
new file mode 100644
index 000000000..5ddf91d2a
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
@@ -0,0 +1,384 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_param_sets.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_param_sets.c
+ *
+ * Contents: Defines the NTRUEncrypt parameter sets.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include "ntru_crypto_ntru_encrypt_param_sets.h"
+
+
+/* parameter sets */
+
+static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
+
+ {
+ NTRU_EES401EP1, /* parameter-set id */
+ {0x00, 0x02, 0x04}, /* OID */
+ 0x22, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 401, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 113, /* df, dr */
+ 133, /* dg */
+ 60, /* maxMsgLenBytes */
+ 113, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES449EP1, /* parameter-set id */
+ {0x00, 0x03, 0x03}, /* OID */
+ 0x23, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 449, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 134, /* df, dr */
+ 149, /* dg */
+ 67, /* maxMsgLenBytes */
+ 134, /* dm0 */
+ 9, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES677EP1, /* parameter-set id */
+ {0x00, 0x05, 0x03}, /* OID */
+ 0x24, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 677, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 157, /* df, dr */
+ 225, /* dg */
+ 101, /* maxMsgLenBytes */
+ 157, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1087EP2, /* parameter-set id */
+ {0x00, 0x06, 0x03}, /* OID */
+ 0x25, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 1087, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 120, /* df, dr */
+ 362, /* dg */
+ 170, /* maxMsgLenBytes */
+ 120, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES541EP1, /* parameter-set id */
+ {0x00, 0x02, 0x05}, /* OID */
+ 0x26, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 541, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 49, /* df, dr */
+ 180, /* dg */
+ 86, /* maxMsgLenBytes */
+ 49, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES613EP1, /* parameter-set id */
+ {0x00, 0x03, 0x04}, /* OID */
+ 0x27, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 613, /* N */
+ 16, /* securuity strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 55, /* df, dr */
+ 204, /* dg */
+ 97, /* maxMsgLenBytes */
+ 55, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES887EP1, /* parameter-set id */
+ {0x00, 0x05, 0x04}, /* OID */
+ 0x28, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 887, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 81, /* df, dr */
+ 295, /* dg */
+ 141, /* maxMsgLenBytes */
+ 81, /* dm0 */
+ 10, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1171EP1, /* parameter-set id */
+ {0x00, 0x06, 0x04}, /* OID */
+ 0x29, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1171, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 106, /* df, dr */
+ 390, /* dg */
+ 186, /* maxMsgLenBytes */
+ 106, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES659EP1, /* parameter-set id */
+ {0x00, 0x02, 0x06}, /* OID */
+ 0x2a, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 659, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 38, /* df, dr */
+ 219, /* dg */
+ 108, /* maxMsgLenBytes */
+ 38, /* dm0 */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES761EP1, /* parameter-set id */
+ {0x00, 0x03, 0x05}, /* OID */
+ 0x2b, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 761, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 42, /* df, dr */
+ 253, /* dg */
+ 125, /* maxMsgLenBytes */
+ 42, /* dm0 */
+ 12, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1087EP1, /* parameter-set id */
+ {0x00, 0x05, 0x05}, /* OID */
+ 0x2c, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1087, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 63, /* df, dr */
+ 362, /* dg */
+ 178, /* maxMsgLenBytes */
+ 63, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES1499EP1, /* parameter-set id */
+ {0x00, 0x06, 0x05}, /* OID */
+ 0x2d, /* DER id */
+ 11, /* no. of bits in N (i.e., in an index) */
+ 1499, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ FALSE, /* product form */
+ 79, /* df, dr */
+ 499, /* dg */
+ 247, /* maxMsgLenBytes */
+ 79, /* dm0 */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES401EP2, /* parameter-set id */
+ {0x00, 0x02, 0x10}, /* OID */
+ 0x2e, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 401, /* N */
+ 14, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 8 + (8 << 8) + (6 << 16), /* df, dr */
+ 133, /* dg */
+ 60, /* maxMsgLenBytes */
+ 136, /* m(1)_max */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES439EP1, /* parameter-set id */
+ {0x00, 0x03, 0x10}, /* OID */
+ 0x2f, /* DER id */
+ 9, /* no. of bits in N (i.e., in an index) */
+ 439, /* N */
+ 16, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 9 + (8 << 8) + (5 << 16), /* df, dr */
+ 146, /* dg */
+ 65, /* maxMsgLenBytes */
+ 126, /* m(1)_max */
+ 9, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES593EP1, /* parameter-set id */
+ {0x00, 0x05, 0x10}, /* OID */
+ 0x30, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 593, /* N */
+ 24, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 10 + (10 << 8) + (8 << 16), /* df, dr */
+ 197, /* dg */
+ 86, /* maxMsgLenBytes */
+ 90, /* m(1)_max */
+ 11, /* c */
+ 1, /* lLen */
+ },
+
+ {
+ NTRU_EES743EP1, /* parameter-set id */
+ {0x00, 0x06, 0x10}, /* OID */
+ 0x31, /* DER id */
+ 10, /* no. of bits in N (i.e., in an index) */
+ 743, /* N */
+ 32, /* security strength in octets */
+ 2048, /* q */
+ 11, /* no. of bits in q (i.e., in a coeff) */
+ TRUE, /* product form */
+ 11 + (11 << 8) + (15 << 16), /* df, dr */
+ 247, /* dg */
+ 106, /* maxMsgLenBytes */
+ 60, /* m(1)_max */
+ 13, /* c */
+ 1, /* lLen */
+ },
+
+};
+
+static size_t numParamSets =
+ sizeof(ntruParamSets)/sizeof(NTRU_ENCRYPT_PARAM_SET);
+
+
+/* functions */
+
+/* ntru_encrypt_get_params_with_id
+ *
+ * Looks up a set of NTRUEncrypt parameters based on the id of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_id(
+ NTRU_ENCRYPT_PARAM_SET_ID id) /* in - parameter-set id */
+{
+ size_t i;
+
+ for (i = 0; i < numParamSets; i++) {
+ if (ntruParamSets[i].id == id) {
+ return &(ntruParamSets[i]);
+ }
+ }
+ return NULL;
+}
+
+
+/* ntru_encrypt_get_params_with_OID
+ *
+ * Looks up a set of NTRUEncrypt parameters based on the OID of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_OID(
+ uint8_t const *oid) /* in - pointer to parameter-set OID */
+{
+ size_t i;
+
+ for (i = 0; i < numParamSets; i++) {
+ if (!memcmp(ntruParamSets[i].OID, oid, 3)) {
+ return &(ntruParamSets[i]);
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
new file mode 100644
index 000000000..e5e977a0e
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
@@ -0,0 +1,101 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_encrypt_param_sets.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_encrypt_param_sets.h
+ *
+ * Contents: Definitions and declarations for the NTRUEncrypt parameter sets.
+ *
+ *****************************************************************************/
+
+#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H
+#define NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H
+
+#include "ntru_crypto.h"
+
+/* structures */
+
+typedef struct _NTRU_ENCRYPT_PARAM_SET {
+ NTRU_ENCRYPT_PARAM_SET_ID id; /* parameter-set ID */
+ uint8_t const OID[3]; /* pointer to OID */
+ uint8_t der_id; /* parameter-set DER id */
+ uint8_t N_bits; /* no. of bits in N (i.e. in
+ an index */
+ uint16_t N; /* ring dimension */
+ uint16_t sec_strength_len; /* no. of octets of
+ security strength */
+ uint16_t q; /* big modulus */
+ uint8_t q_bits; /* no. of bits in q (i.e. in
+ a coefficient */
+ bool is_product_form; /* if product form used */
+ uint32_t dF_r; /* no. of 1 or -1 coefficients
+ in ring elements F, r */
+ uint16_t dg; /* no. - 1 of 1 coefficients
+ or no. of -1 coefficients
+ in ring element g */
+ uint16_t m_len_max; /* max no. of plaintext
+ octets */
+ uint16_t min_msg_rep_wt; /* min. message
+ representative weight */
+ uint8_t c_bits; /* no. bits in candidate for
+ deriving an index in
+ IGF-2 */
+ uint8_t m_len_len; /* no. of octets to hold
+ mLenOctets */
+} NTRU_ENCRYPT_PARAM_SET;
+
+
+
+/* function declarations */
+
+/* ntru_encrypt_get_params_with_id
+ *
+ * Looks up a set of NTRU Encrypt parameters based on the id of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+extern NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_id(
+ NTRU_ENCRYPT_PARAM_SET_ID id); /* in - parameter-set id */
+
+
+/* ntru_encrypt_get_params_with_OID
+ *
+ * Looks up a set of NTRU Encrypt parameters based on the OID of the
+ * parameter set.
+ *
+ * Returns a pointer to the parameter set parameters if successful.
+ * Returns NULL if the parameter set cannot be found.
+ */
+
+extern NTRU_ENCRYPT_PARAM_SET *
+ntru_encrypt_get_params_with_OID(
+ uint8_t const *oid); /* in - pointer to parameter-set OID */
+
+#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H */
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c
new file mode 100644
index 000000000..8e4eede87
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c
@@ -0,0 +1,242 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_poly.c is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include "ntru_crypto_ntru_poly.h"
+
+/* ntru_poly_check_min_weight
+ *
+ * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed
+ * a minimum weight.
+ */
+
+bool
+ntru_poly_check_min_weight(
+ uint16_t num_els, /* in - degree of polynomial */
+ uint8_t *ringels, /* in - pointer to trinary ring elements */
+ uint16_t min_wt) /* in - minimum weight */
+{
+ uint16_t wt[3];
+ uint16_t i;
+
+ wt[0] = wt[1] = wt[2] = 0;
+ for (i = 0; i < num_els; i++) {
+ ++wt[ringels[i]];
+ }
+ if ((wt[0] < min_wt) || (wt[1] < min_wt) || (wt[2] < min_wt)) {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/* ntru_ring_mult_coefficients
+ *
+ * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b"
+ * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1).
+ * This is a convolution operation.
+ *
+ * Ring element "b" has coefficients in the range [0,N).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum
+ * beyond 16 bits does not matter.
+ */
+
+void
+ntru_ring_mult_coefficients(
+ uint16_t const *a, /* in - pointer to polynomial a */
+ uint16_t const *b, /* in - pointer to polynomial b */
+ uint16_t N, /* in - no. of coefficients in a, b, c */
+ uint16_t q, /* in - large modulus */
+ uint16_t *c) /* out - address for polynomial c */
+{
+ uint16_t const *bptr = b;
+ uint16_t mod_q_mask = q - 1;
+ uint16_t i, k;
+
+ /* c[k] = sum(a[i] * b[k-i]) mod q */
+ memset(c, 0, N * sizeof(uint16_t));
+ for (k = 0; k < N; k++) {
+ i = 0;
+ while (i <= k)
+ c[k] += a[i++] * *bptr--;
+ bptr += N;
+ while (i < N)
+ c[k] += a[i++] * *bptr--;
+ c[k] &= mod_q_mask;
+ ++bptr;
+ }
+}
+
+
+/* ntru_ring_inv
+ *
+ * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that operations mod q can
+ * wait until the end, and only 16-bit arrays need to be used.
+ */
+
+bool
+ntru_ring_inv(
+ uint16_t *a, /* in - pointer to polynomial a */
+ uint16_t N, /* in - no. of coefficients in a */
+ uint16_t q, /* in - large modulus */
+ uint16_t *t, /* in - temp buffer of 2N elements */
+ uint16_t *a_inv) /* out - address for polynomial a^-1 */
+{
+ uint8_t *b = (uint8_t *)t; /* b cannot be in a_inv since it must be
+ rotated and copied there as a^-1 mod 2 */
+ uint8_t *c = b + N; /* c cannot be in a_inv since it exchanges
+ with b, and b cannot be in a_inv */
+ uint8_t *f = c + N;
+ uint8_t *g = (uint8_t *)a_inv; /* g needs N + 1 bytes */
+ uint16_t *t2 = t + N;
+ uint16_t deg_b;
+ uint16_t deg_c;
+ uint16_t deg_f;
+ uint16_t deg_g;
+ uint16_t k = 0;
+ bool done = FALSE;
+ uint16_t i, j;
+
+ /* form a^-1 in (Z/2Z)[X]/X^N - 1) */
+ memset(b, 0, (N << 1)); /* clear to init b, c */
+
+ /* b(X) = 1 */
+ b[0] = 1;
+ deg_b = 0;
+
+ /* c(X) = 0 (cleared above) */
+ deg_c = 0;
+
+ /* f(X) = a(X) mod 2 */
+ for (i = 0; i < N; i++)
+ f[i] = (uint8_t)(a[i] & 1);
+ deg_f = N - 1;
+
+ /* g(X) = X^N - 1 */
+ g[0] = 1;
+ memset(g + 1, 0, N - 1);
+ g[N] = 1;
+ deg_g = N;
+
+ /* until f(X) = 1 */
+
+ while (!done)
+ {
+
+ /* while f[0] = 0, f(X) /= X, c(X) *= X, k++ */
+
+ for (i = 0; (i <= deg_f) && (f[i] == 0); ++i);
+ if (i > deg_f)
+ return FALSE;
+ if (i) {
+ f = f + i;
+ deg_f = deg_f - i;
+ deg_c = deg_c + i;
+ for (j = deg_c; j >= i; j--)
+ c[j] = c[j-i];
+ for (j = 0; j < i; j++)
+ c[j] = 0;
+ k = k + i;
+ }
+
+ /* adjust degree of f(X) if the highest coefficients are zero
+ * Note: f[0] = 1 from above so the loop will terminate.
+ */
+
+ while (f[deg_f] == 0)
+ --deg_f;
+
+ /* if f(X) = 1, done
+ * Note: f[0] = 1 from above, so only check the x term and up
+ */
+
+ for (i = 1; (i <= deg_f) && (f[i] == 0); ++i);
+ if (i > deg_f) {
+ done = TRUE;
+ break;
+ }
+
+ /* if deg_f < deg_g, f <-> g, b <-> c */
+
+ if (deg_f < deg_g) {
+ uint8_t *x;
+
+ x = f;
+ f = g;
+ g = x;
+ deg_f ^= deg_g;
+ deg_g ^= deg_f;
+ deg_f ^= deg_g;
+ x = b;
+ b = c;
+ c = x;
+ deg_b ^= deg_c;
+ deg_c ^= deg_b;
+ deg_b ^= deg_c;
+ }
+
+ /* f(X) += g(X), b(X) += c(X) */
+
+ for (i = 0; i <= deg_g; i++)
+ f[i] ^= g[i];
+
+ if (deg_c > deg_b)
+ deg_b = deg_c;
+ for (i = 0; i <= deg_c; i++)
+ b[i] ^= c[i];
+ }
+
+ /* a^-1 in (Z/2Z)[X]/(X^N - 1) = b(X) shifted left k coefficients */
+
+ j = 0;
+ if (k >= N)
+ k = k - N;
+ for (i = k; i < N; i++)
+ a_inv[j++] = (uint16_t)(b[i]);
+ for (i = 0; i < k; i++)
+ a_inv[j++] = (uint16_t)(b[i]);
+
+ /* lift a^-1 in (Z/2Z)[X]/(X^N - 1) to a^-1 in (Z/qZ)[X]/(X^N -1) */
+
+ for (j = 0; j < 4; ++j) { /* assumes 256 < q <= 65536 */
+
+ /* a^-1 = a^-1 * (2 - a * a^-1) mod q */
+
+ memcpy(t2, a_inv, N * sizeof(uint16_t));
+ ntru_ring_mult_coefficients(a, t2, N, q, t);
+ for (i = 0; i < N; ++i)
+ t[i] = q - t[i];
+ t[0] = t[0] + 2;
+ ntru_ring_mult_coefficients(t2, t, N, q, a_inv);
+ }
+
+ return TRUE;
+
+
+}
+
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h
new file mode 100644
index 000000000..1e9d467ed
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h
@@ -0,0 +1,96 @@
+/******************************************************************************
+ * NTRU Cryptography Reference Source Code
+ * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved.
+ *
+ * ntru_crypto_ntru_poly.h is a component of ntru-crypto.
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ *****************************************************************************/
+
+/******************************************************************************
+ *
+ * File: ntru_crypto_ntru_poly.h
+ *
+ * Contents: Public header file for generating and operating on polynomials
+ * in the NTRU algorithm.
+ *
+ *****************************************************************************/
+
+
+#ifndef NTRU_CRYPTO_NTRU_POLY_H
+#define NTRU_CRYPTO_NTRU_POLY_H
+
+
+#include "ntru_crypto.h"
+
+#include <crypto/hashers/hasher.h>
+
+
+/* function declarations */
+
+/* ntru_poly_check_min_weight
+ *
+ * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed
+ * a minimum weight.
+ */
+
+extern bool
+ntru_poly_check_min_weight(
+ uint16_t num_els, /* in - degree of polynomial */
+ uint8_t *ringels, /* in - pointer to trinary ring elements */
+ uint16_t min_wt); /* in - minimum weight */
+
+/* ntru_ring_mult_coefficients
+ *
+ * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b"
+ * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1).
+ * This is a convolution operation.
+ *
+ * Ring element "b" has coefficients in the range [0,N).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum
+ * beyond 16 bits does not matter.
+ */
+
+extern void
+ntru_ring_mult_coefficients(
+ uint16_t const *a, /* in - pointer to polynomial a */
+ uint16_t const *b, /* in - pointer to polynomial b */
+ uint16_t N, /* in - no. of coefficients in a, b, c */
+ uint16_t q, /* in - large modulus */
+ uint16_t *c); /* out - address for polynomial c */
+
+
+/* ntru_ring_inv
+ *
+ * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1).
+ *
+ * This assumes q is 2^r where 8 < r < 16, so that operations mod q can
+ * wait until the end, and only 16-bit arrays need to be used.
+ */
+
+extern bool
+ntru_ring_inv(
+ uint16_t *a, /* in - pointer to polynomial a */
+ uint16_t N, /* in - no. of coefficients in a */
+ uint16_t q, /* in - large modulus */
+ uint16_t *t, /* in - temp buffer of 2N elements */
+ uint16_t *a_inv); /* out - address for polynomial a^-1 */
+
+
+#endif /* NTRU_CRYPTO_NTRU_POLY_H */
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c
new file mode 100644
index 000000000..181a58939
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_drbg.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+#define MAX_STRENGTH_BITS 256
+#define MAX_DRBG_REQUESTS 0xfffffffe
+
+typedef struct private_ntru_drbg_t private_ntru_drbg_t;
+
+/**
+ * Private data of an ntru_drbg_t object.
+ */
+struct private_ntru_drbg_t {
+ /**
+ * Public ntru_drbg_t interface.
+ */
+ ntru_drbg_t public;
+
+ /**
+ * Security strength in bits of the DRBG
+ */
+ u_int32_t strength;
+
+ /**
+ * Number of requests for pseudorandom bits
+ */
+ u_int32_t reseed_counter;
+
+ /**
+ * Maximum number of requests for pseudorandom bits
+ */
+ u_int32_t max_requests;
+
+ /**
+ * True entropy source
+ */
+ rng_t *entropy;
+
+ /**
+ * HMAC-SHA256
+ */
+ signer_t *hmac;
+
+ /**
+ * Internal state of HMAC-SHA256: key
+ */
+ chunk_t key;
+
+ /**
+ * Internal state of HMAC-SHA256: value
+ */
+ chunk_t value;
+
+};
+
+/**
+ * Update the internal state of the HMAC_DRBG
+ */
+static bool update(private_ntru_drbg_t *this, chunk_t data)
+{
+ chunk_t ch_00 = chunk_from_chars(0x00);
+ chunk_t ch_01 = chunk_from_chars(0x01);
+
+ if (!this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value, NULL) ||
+ !this->hmac->get_signature(this->hmac, ch_00, NULL) ||
+ !this->hmac->get_signature(this->hmac, data, this->key.ptr) ||
+ !this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+
+ if (data.len > 0)
+ {
+ if (!this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value, NULL) ||
+ !this->hmac->get_signature(this->hmac, ch_01, NULL) ||
+ !this->hmac->get_signature(this->hmac, data, this->key.ptr) ||
+ !this->hmac->set_key(this->hmac, this->key) ||
+ !this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+ }
+ DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value);
+ DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key);
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, get_strength, u_int32_t,
+ private_ntru_drbg_t *this)
+{
+ return this->strength;
+}
+
+METHOD(ntru_drbg_t, reseed, bool,
+ private_ntru_drbg_t *this)
+{
+ chunk_t seed;
+
+ seed = chunk_alloc(this->strength / BITS_PER_BYTE);
+ DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
+
+ if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+ {
+ chunk_free(&seed);
+ return FALSE;
+ }
+ if (!update(this, seed))
+ {
+ chunk_free(&seed);
+ return FALSE;
+ }
+ chunk_clear(&seed);
+ this->reseed_counter = 1;
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, generate, bool,
+ private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out)
+{
+ size_t delta;
+ chunk_t output;
+
+ DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
+ if (!out || len == 0)
+ {
+ return FALSE;
+ }
+ output = chunk_create(out, len);
+
+ if (this->reseed_counter > this->max_requests)
+ {
+ if (!reseed(this))
+ {
+ return FALSE;
+ }
+ }
+ while (len)
+ {
+ if (!this->hmac->get_signature(this->hmac, this->value,
+ this->value.ptr))
+ {
+ return FALSE;
+ }
+ delta = min(len, this->value.len);
+ memcpy(out, this->value.ptr, delta);
+ len -= delta;
+ out += delta;
+ }
+ DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output);
+
+ if (!update(this, chunk_empty))
+ {
+ return FALSE;
+ }
+ this->reseed_counter++;
+
+ return TRUE;
+}
+
+METHOD(ntru_drbg_t, destroy, void,
+ private_ntru_drbg_t *this)
+{
+ this->hmac->destroy(this->hmac);
+ chunk_clear(&this->key);
+ chunk_clear(&this->value);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ rng_t *entropy)
+{
+ private_ntru_drbg_t *this;
+ chunk_t seed;
+ signer_t *hmac;
+ size_t entropy_len;
+ u_int32_t max_requests;
+
+ if (strength > MAX_STRENGTH_BITS)
+ {
+ return NULL;
+ }
+ if (strength <= 112)
+ {
+ strength = 112;
+ }
+ else if (strength <= 128)
+ {
+ strength = 128;
+ }
+ else if (strength <= 192)
+ {
+ strength = 192;
+ }
+ else
+ {
+ strength = 256;
+ }
+
+ hmac = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA2_256_256);
+ if (!hmac)
+ {
+ DBG1(DBG_LIB, "could not instantiate HMAC-SHA256");
+ return NULL;
+ }
+
+ max_requests = lib->settings->get_int(lib->settings,
+ "%s.plugins.ntru.max_drbg_requests",
+ MAX_DRBG_REQUESTS, lib->ns);
+
+ INIT(this,
+ .public = {
+ .get_strength = _get_strength,
+ .reseed = _reseed,
+ .generate = _generate,
+ .destroy = _destroy,
+ },
+ .strength = strength,
+ .entropy = entropy,
+ .hmac = hmac,
+ .key = chunk_alloc(hmac->get_key_size(hmac)),
+ .value = chunk_alloc(hmac->get_block_size(hmac)),
+ .max_requests = max_requests,
+ .reseed_counter = 1,
+ );
+
+ memset(this->key.ptr, 0x00, this->key.len);
+ memset(this->value.ptr, 0x01, this->value.len);
+
+ entropy_len = (strength + strength/2) / BITS_PER_BYTE;
+ seed = chunk_alloc(entropy_len + pers_str.len);
+ DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
+
+ if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+ {
+ chunk_free(&seed);
+ destroy(this);
+ return NULL;
+ }
+ memcpy(seed.ptr + entropy_len, pers_str.ptr, pers_str.len);
+ DBG4(DBG_LIB, "seed: %B", &seed);
+
+ if (!update(this, seed))
+ {
+ chunk_free(&seed);
+ destroy(this);
+ return NULL;
+ }
+ chunk_clear(&seed);
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h
new file mode 100644
index 000000000..38ac718ae
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_drbg ntru_drbg
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_DRBG_H_
+#define NTRU_DRBG_H_
+
+typedef struct ntru_drbg_t ntru_drbg_t;
+
+#include <library.h>
+
+/**
+ * Implements a HMAC Deterministic Random Bit Generator (HMAC_DRBG)
+ * compliant with NIST SP 800-90A
+ */
+struct ntru_drbg_t {
+
+ /**
+ * Reseed the instantiated DRBG
+ *
+ * @return configured security strength in bits
+ */
+ u_int32_t (*get_strength)(ntru_drbg_t *this);
+
+ /**
+ * Reseed the instantiated DRBG
+ *
+ * @return TRUE if successful
+ */
+ bool (*reseed)(ntru_drbg_t *this);
+
+ /**
+ * Generate pseudorandom bytes.
+ * If the maximum number of requests has been reached, reseeding occurs
+ *
+ * @param strength requested security strength in bits
+ * @param len number of octets to generate
+ * @param out address of output buffer
+ * @return TRUE if successful
+ */
+ bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len,
+ u_int8_t *out);
+
+ /**
+ * Uninstantiate and destroy the DRBG object
+ */
+ void (*destroy)(ntru_drbg_t *this);
+};
+
+/**
+ * Create and instantiate a new DRBG objet.
+ *
+ * @param strength security strength in bits
+ * @param pers_str personalization string
+ * @param entropy entropy source to use
+ */
+ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str,
+ rng_t *entropy);
+
+#endif /** NTRU_DRBG_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
new file mode 100644
index 000000000..39fb261cd
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_ke.h"
+#include "ntru_drbg.h"
+
+#include "ntru_crypto/ntru_crypto.h"
+
+#include <crypto/diffie_hellman.h>
+#include <utils/debug.h>
+
+typedef struct private_ntru_ke_t private_ntru_ke_t;
+typedef struct param_set_t param_set_t;
+
+/**
+ * Defines an NTRU parameter set by ID or OID
+ */
+struct param_set_t {
+ NTRU_ENCRYPT_PARAM_SET_ID id;
+ char oid[3];
+ char *name;
+};
+
+/* Best bandwidth and speed, no X9.98 compatibility */
+static param_set_t param_sets_optimum[] = {
+ { NTRU_EES401EP2, {0x00, 0x02, 0x10}, "ees401ep2" },
+ { NTRU_EES439EP1, {0x00, 0x03, 0x10}, "ees439ep1" },
+ { NTRU_EES593EP1, {0x00, 0x05, 0x10}, "ees593ep1" },
+ { NTRU_EES743EP1, {0x00, 0x06, 0x10}, "ees743ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best speed */
+static param_set_t param_sets_x9_98_speed[] = {
+ { NTRU_EES659EP1, {0x00, 0x02, 0x06}, "ees659ep1" },
+ { NTRU_EES761EP1, {0x00, 0x03, 0x05}, "ees761ep1" },
+ { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" },
+ { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
+static param_set_t param_sets_x9_98_bandwidth[] = {
+ { NTRU_EES401EP1, {0x00, 0x02, 0x04}, "ees401ep1" },
+ { NTRU_EES449EP1, {0x00, 0x03, 0x03}, "ees449ep1" },
+ { NTRU_EES677EP1, {0x00, 0x05, 0x03}, "ees677ep1" },
+ { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
+static param_set_t param_sets_x9_98_balance[] = {
+ { NTRU_EES541EP1, {0x00, 0x02, 0x05}, "ees541ep1" },
+ { NTRU_EES613EP1, {0x00, 0x03, 0x04}, "ees613ep1" },
+ { NTRU_EES887EP1, {0x00, 0x05, 0x04}, "ees887ep1" },
+ { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" }
+};
+
+/**
+ * Private data of an ntru_ke_t object.
+ */
+struct private_ntru_ke_t {
+ /**
+ * Public ntru_ke_t interface.
+ */
+ ntru_ke_t public;
+
+ /**
+ * Diffie Hellman group number.
+ */
+ u_int16_t group;
+
+ /**
+ * NTRU Parameter Set
+ */
+ param_set_t *param_set;
+
+ /**
+ * Cryptographical strength in bits of the NTRU Parameter Set
+ */
+ u_int32_t strength;
+
+ /**
+ * NTRU Public Key
+ */
+ chunk_t pub_key;
+
+ /**
+ * NTRU Private Key
+ */
+ chunk_t priv_key;
+
+ /**
+ * NTRU encrypted shared secret
+ */
+ chunk_t ciphertext;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+
+ /**
+ * True if peer is responder
+ */
+ bool responder;
+
+ /**
+ * True if shared secret is computed
+ */
+ bool computed;
+
+ /**
+ * True Random Generator
+ */
+ rng_t *entropy;
+
+ /**
+ * Deterministic Random Bit Generator
+ */
+ ntru_drbg_t *drbg;
+};
+
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_ntru_ke_t *this, chunk_t *value)
+{
+ uint16_t pub_key_len, priv_key_len;
+
+ *value = chunk_empty;
+
+ if (this->responder)
+ {
+ if (this->ciphertext.len)
+ {
+ *value = chunk_clone(this->ciphertext);
+ }
+ }
+ else
+ {
+ if (this->pub_key.len == 0)
+ {
+ /* determine the NTRU public and private key sizes */
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
+ &pub_key_len, NULL,
+ &priv_key_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining NTRU public and private key "
+ "sizes");
+ return;
+ }
+ this->pub_key = chunk_alloc(pub_key_len);
+ this->priv_key = chunk_alloc(priv_key_len);
+
+ /* generate a random NTRU public/private key pair */
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
+ &pub_key_len, this->pub_key.ptr,
+ &priv_key_len, this->priv_key.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU keypair generation failed");
+ chunk_free(&this->priv_key);
+ chunk_free(&this->pub_key);
+ return;
+ }
+ DBG3(DBG_LIB, "NTRU public key: %B", &this->pub_key);
+ DBG4(DBG_LIB, "NTRU private key: %B", &this->priv_key);
+ }
+ *value = chunk_clone(this->pub_key);
+ }
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_ntru_ke_t *this, chunk_t *secret)
+{
+ if (!this->computed || !this->shared_secret.len)
+ {
+ *secret = chunk_empty;
+ return FAILED;
+ }
+ *secret = chunk_clone(this->shared_secret);
+
+ return SUCCESS;
+}
+
+
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_ntru_ke_t *this, chunk_t value)
+{
+ u_int16_t plaintext_len, ciphertext_len;
+
+ if (this->priv_key.len)
+ {
+ /* initiator decrypting shared secret */
+ if (value.len == 0)
+ {
+ DBG1(DBG_LIB, "empty NTRU ciphertext");
+ return;
+ }
+ this->ciphertext = chunk_clone(value);
+ DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
+
+ /* determine the size of the maximum plaintext */
+ if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr,
+ this->ciphertext.len, this->ciphertext.ptr,
+ &plaintext_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining maximum plaintext size");
+ return;
+ }
+ this->shared_secret = chunk_alloc(plaintext_len);
+
+ /* decrypt the shared secret */
+ if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr,
+ this->ciphertext.len, this->ciphertext.ptr,
+ &plaintext_len, this->shared_secret.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU decryption of shared secret failed");
+ chunk_free(&this->shared_secret);
+ return;
+ }
+ this->shared_secret.len = plaintext_len;
+ this->computed = TRUE;
+ }
+ else
+ {
+ /* responder generating and encrypting the shared secret */
+ this->responder = TRUE;
+
+ /* check the NTRU public key format */
+ if (value.len < 5 || value.ptr[0] != 1 || value.ptr[1] != 3)
+ {
+ DBG1(DBG_LIB, "received NTRU public key with invalid header");
+ return;
+ }
+ if (!memeq(value.ptr + 2, this->param_set->oid, 3))
+ {
+ DBG1(DBG_LIB, "received NTRU public key with wrong OID");
+ return;
+ }
+ this->pub_key = chunk_clone(value);
+
+ /* shared secret size is chosen as twice the cryptographical strength */
+ this->shared_secret = chunk_alloc(2 * this->strength / BITS_PER_BYTE);
+
+ /* generate the random shared secret */
+ if (!this->drbg->generate(this->drbg, this->strength,
+ this->shared_secret.len, this->shared_secret.ptr))
+ {
+ DBG1(DBG_LIB, "generation of shared secret failed");
+ chunk_free(&this->shared_secret);
+ return;
+ }
+ this->computed = TRUE;
+
+ /* determine the size of the ciphertext */
+ if (ntru_crypto_ntru_encrypt(this->drbg,
+ this->pub_key.len, this->pub_key.ptr,
+ this->shared_secret.len, this->shared_secret.ptr,
+ &ciphertext_len, NULL) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "error determining ciphertext size");
+ return;
+ }
+ this->ciphertext = chunk_alloc(ciphertext_len);
+
+ /* encrypt the shared secret */
+ if (ntru_crypto_ntru_encrypt(this->drbg,
+ this->pub_key.len, this->pub_key.ptr,
+ this->shared_secret.len, this->shared_secret.ptr,
+ &ciphertext_len, this->ciphertext.ptr) != NTRU_OK)
+ {
+ DBG1(DBG_LIB, "NTRU encryption of shared secret failed");
+ chunk_free(&this->ciphertext);
+ return;
+ }
+ DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
+ }
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_ntru_ke_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_ntru_ke_t *this)
+{
+ this->drbg->destroy(this->drbg);
+ this->entropy->destroy(this->entropy);
+ chunk_free(&this->pub_key);
+ chunk_free(&this->ciphertext);
+ chunk_clear(&this->priv_key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+ private_ntru_ke_t *this;
+ param_set_t *param_sets, *param_set;
+ rng_t *entropy;
+ ntru_drbg_t *drbg;
+ char *parameter_set;
+ u_int32_t strength;
+
+ parameter_set = lib->settings->get_str(lib->settings,
+ "%s.plugins.ntru.parameter_set", "optimum", lib->ns);
+
+ if (streq(parameter_set, "x9_98_speed"))
+ {
+ param_sets = param_sets_x9_98_speed;
+ }
+ else if (streq(parameter_set, "x9_98_bandwidth"))
+ {
+ param_sets = param_sets_x9_98_bandwidth;
+ }
+ else if (streq(parameter_set, "x9_98_balance"))
+ {
+ param_sets = param_sets_x9_98_balance;
+ }
+ else
+ {
+ param_sets = param_sets_optimum;
+ }
+
+ switch (group)
+ {
+ case NTRU_112_BIT:
+ strength = 112;
+ param_set = &param_sets[0];
+ break;
+ case NTRU_128_BIT:
+ strength = 128;
+ param_set = &param_sets[1];
+ break;
+ case NTRU_192_BIT:
+ strength = 192;
+ param_set = &param_sets[2];
+ break;
+ case NTRU_256_BIT:
+ strength = 256;
+ param_set = &param_sets[3];
+ break;
+ default:
+ return NULL;
+ }
+ DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength,
+ parameter_set, param_set->name);
+
+ entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
+ if (!entropy)
+ {
+ DBG1(DBG_LIB, "could not attach entropy source for DRBG");
+ return NULL;
+ }
+
+ drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy);
+ if (!drbg)
+ {
+ DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength);
+ entropy->destroy(entropy);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .param_set = param_set,
+ .strength = strength,
+ .entropy = entropy,
+ .drbg = drbg,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.h b/src/libstrongswan/plugins/ntru/ntru_ke.h
new file mode 100644
index 000000000..b8bbf5e54
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_ke ntru_ke
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_KE_H_
+#define NTRU_KE_H_
+
+typedef struct ntru_ke_t ntru_ke_t;
+
+#include <library.h>
+
+/**
+ * Implementation of a key exchange algorithm using NTRU encryption
+ */
+struct ntru_ke_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new ntru_ke_t object.
+ *
+ * @param group NTRU group number to use
+ * @param g not used
+ * @param p not used
+ * @return ntru_ke_t object, NULL if not supported
+ */
+ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
+#endif /** NTRU_KE_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.c b/src/libstrongswan/plugins/ntru/ntru_mgf1.c
new file mode 100644
index 000000000..2338db208
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.c
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_mgf1.h"
+
+#include <crypto/hashers/hasher.h>
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_mgf1_t private_ntru_mgf1_t;
+
+/**
+ * Private data of an ntru_mgf1_t object.
+ */
+struct private_ntru_mgf1_t {
+
+ /**
+ * Public ntru_mgf1_t interface.
+ */
+ ntru_mgf1_t public;
+
+ /**
+ * Hasher the MGF1 Mask Generation Function is based on
+ */
+ hasher_t *hasher;
+
+ /**
+ * Counter
+ */
+ u_int32_t counter;
+
+ /**
+ * Set if counter has reached 2^32
+ */
+ bool overflow;
+
+ /**
+ * Current state to be hashed
+ */
+ chunk_t state;
+
+ /**
+ * Position of the 4 octet counter string
+ */
+ u_char *ctr_str;
+
+};
+
+METHOD(ntru_mgf1_t, get_hash_size, size_t,
+ private_ntru_mgf1_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(ntru_mgf1_t, get_mask, bool,
+ private_ntru_mgf1_t *this, size_t mask_len, u_char *mask)
+{
+ u_char buf[HASH_SIZE_SHA512];
+ size_t hash_len;
+
+ hash_len = this->hasher->get_hash_size(this->hasher);
+
+ while (mask_len > 0)
+ {
+ /* detect overflow, set counter string and increment counter */
+ if (this->overflow)
+ {
+ return FALSE;
+ }
+ htoun32(this->ctr_str, this->counter++);
+ if (this->counter == 0)
+ {
+ this->overflow = TRUE;
+ }
+
+ /* get the next or final mask block from the hash function */
+ if (!this->hasher->get_hash(this->hasher, this->state,
+ (mask_len < hash_len) ? buf : mask))
+ {
+ return FALSE;
+ }
+ if (mask_len < hash_len)
+ {
+ memcpy(mask, buf, mask_len);
+ return TRUE;
+ }
+ mask_len -= hash_len;
+ mask += hash_len;
+ }
+ return TRUE;
+}
+
+METHOD(ntru_mgf1_t, allocate_mask, bool,
+ private_ntru_mgf1_t *this, size_t mask_len, chunk_t *mask)
+{
+ if (mask_len == 0)
+ {
+ *mask = chunk_empty;
+ return TRUE;
+ }
+ *mask = chunk_alloc(mask_len);
+
+ return get_mask(this, mask_len, mask->ptr);
+}
+
+METHOD(ntru_mgf1_t, destroy, void,
+ private_ntru_mgf1_t *this)
+{
+ this->hasher->destroy(this->hasher);
+ chunk_clear(&this->state);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
+ bool hash_seed)
+{
+ private_ntru_mgf1_t *this;
+ hasher_t *hasher;
+ size_t state_len;
+
+ if (seed.len == 0)
+ {
+ DBG1(DBG_LIB, "empty seed for MGF1");
+ return NULL;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, alg);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
+ hash_algorithm_names, alg);
+ return NULL;
+ }
+ state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
+
+ INIT(this,
+ .public = {
+ .get_hash_size = _get_hash_size,
+ .allocate_mask = _allocate_mask,
+ .get_mask = _get_mask,
+ .destroy = _destroy,
+ },
+ .hasher = hasher,
+ .state = chunk_alloc(state_len),
+ );
+
+ /* determine position of the 4 octet counter string */
+ this->ctr_str = this->state.ptr + state_len - 4;
+
+ if (hash_seed)
+ {
+ if (!hasher->get_hash(hasher, seed, this->state.ptr))
+ {
+ DBG1(DBG_LIB, "failed to hash seed for MGF1");
+ destroy(this);
+ return NULL;
+ }
+ }
+ else
+ {
+ memcpy(this->state.ptr, seed.ptr, seed.len);
+ }
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.h b/src/libstrongswan/plugins/ntru/ntru_mgf1.h
new file mode 100644
index 000000000..53e90412a
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_mgf1 ntru_mgf1
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_MGF1_H_
+#define NTRU_MGF1_H_
+
+typedef struct ntru_mgf1_t ntru_mgf1_t;
+
+#include <library.h>
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct ntru_mgf1_t {
+
+ /**
+ * Get the hash size of the underlying hash function
+ *
+ * @return hash size in bytes
+ */
+ size_t (*get_hash_size)(ntru_mgf1_t *this);
+
+ /**
+ * Generate a mask pattern and copy it to an output buffer
+ * If the maximum number of requests has been reached, reseeding occurs
+ *
+ * @param mask_len number of mask bytes to generate
+ * @param mask output buffer of minimum size mask_len
+ * @return TRUE if successful
+ */
+ bool (*get_mask)(ntru_mgf1_t *this, size_t mask_len, u_char *mask);
+
+ /**
+ * Generate a mask pattern and return it in an allocated chunk
+ *
+ * @param mask_len number of mask bytes to generate
+ * @param mask chunk containing generated mask
+ * @return TRUE if successful
+ */
+ bool (*allocate_mask)(ntru_mgf1_t *this, size_t mask_len, chunk_t *mask);
+
+ /**
+ * Destroy the MGF1 object
+ */
+ void (*destroy)(ntru_mgf1_t *this);
+};
+
+/**
+ * Create an MGF1 object
+ *
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate mask from
+ * @param hash_seed hash seed before using it as a seed from MGF1
+ */
+ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
+ bool hash_seed);
+
+#endif /** NTRU_MGF1_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c
new file mode 100644
index 000000000..66be7c75b
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_plugin.h"
+#include "ntru_ke.h"
+
+#include <library.h>
+
+typedef struct private_ntru_plugin_t private_ntru_plugin_t;
+
+/**
+ * private data of ntru_plugin
+ */
+struct private_ntru_plugin_t {
+
+ /**
+ * public functions
+ */
+ ntru_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_ntru_plugin_t *this)
+{
+ return "ntru";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_ntru_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(DH, ntru_ke_create),
+ PLUGIN_PROVIDE(DH, NTRU_112_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_128_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_192_BIT),
+ PLUGIN_PROVIDE(DH, NTRU_256_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA1)
+ };
+ *features = f;
+
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_ntru_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ntru_plugin_create()
+{
+ private_ntru_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.h b/src/libstrongswan/plugins/ntru/ntru_plugin.h
new file mode 100644
index 000000000..187b83445
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_p ntru
+ * @ingroup plugins
+ *
+ * @defgroup ntru_plugin ntru_plugin
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_PLUGIN_H_
+#define NTRU_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ntru_plugin_t ntru_plugin_t;
+
+/**
+ * Plugin implementing NTRU-base key exchange
+ */
+struct ntru_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** NTRU_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
new file mode 100644
index 000000000..3f754f2a0
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.c
@@ -0,0 +1,416 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2009-2013 Security Innovation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_poly.h"
+#include "ntru_mgf1.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_poly_t private_ntru_poly_t;
+typedef struct indices_len_t indices_len_t;
+
+/**
+ * Stores number of +1 and -1 coefficients
+ */
+struct indices_len_t {
+ int p;
+ int m;
+};
+
+/**
+ * Private data of an ntru_poly_t object.
+ */
+struct private_ntru_poly_t {
+
+ /**
+ * Public ntru_poly_t interface.
+ */
+ ntru_poly_t public;
+
+ /**
+ * Ring dimension equal to the number of polynomial coefficients
+ */
+ uint16_t N;
+
+ /**
+ * Large modulus
+ */
+ uint16_t q;
+
+ /**
+ * Array containing the indices of the non-zero coefficients
+ */
+ uint16_t *indices;
+
+ /**
+ * Number of indices of the non-zero coefficients
+ */
+ size_t num_indices;
+
+ /**
+ * Number of sparse polynomials
+ */
+ int num_polynomials;
+
+ /**
+ * Number of nonzero coefficients for up to 3 sparse polynomials
+ */
+ indices_len_t indices_len[3];
+
+};
+
+METHOD(ntru_poly_t, get_size, size_t,
+ private_ntru_poly_t *this)
+{
+ return this->num_indices;
+}
+
+METHOD(ntru_poly_t, get_indices, uint16_t*,
+ private_ntru_poly_t *this)
+{
+ return this->indices;
+}
+
+/**
+ * Multiplication of polynomial a with a sparse polynomial b given by
+ * the indices of its +1 and -1 coefficients results in polynomial c.
+ * This is a convolution operation
+ */
+static void ring_mult_i(uint16_t *a, indices_len_t len, uint16_t *indices,
+ uint16_t N, uint16_t mod_q_mask, uint16_t *t,
+ uint16_t *c)
+{
+ int i, j, k;
+
+ /* initialize temporary array t */
+ for (k = 0; k < N; k++)
+ {
+ t[k] = 0;
+ }
+
+ /* t[(i+k)%N] = sum i=0 through N-1 of a[i], for b[k] = -1 */
+ for (j = len.p; j < len.p + len.m; j++)
+ {
+ k = indices[j];
+ for (i = 0; k < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ for (k = 0; i < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ }
+
+ /* t[(i+k)%N] = -(sum i=0 through N-1 of a[i] for b[k] = -1) */
+ for (k = 0; k < N; k++)
+ {
+ t[k] = -t[k];
+ }
+
+ /* t[(i+k)%N] += sum i=0 through N-1 of a[i] for b[k] = +1 */
+ for (j = 0; j < len.p; j++)
+ {
+ k = indices[j];
+ for (i = 0; k < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ for (k = 0; i < N; ++i, ++k)
+ {
+ t[k] += a[i];
+ }
+ }
+
+ /* c = (a * b) mod q */
+ for (k = 0; k < N; k++)
+ {
+ c[k] = t[k] & mod_q_mask;
+ }
+}
+
+METHOD(ntru_poly_t, get_array, void,
+ private_ntru_poly_t *this, uint16_t *array)
+{
+ uint16_t *t, *bi;
+ uint16_t mod_q_mask = this->q - 1;
+ indices_len_t len;
+ int i;
+
+ /* form polynomial F or F1 */
+ memset(array, 0x00, this->N * sizeof(uint16_t));
+ bi = this->indices;
+ len = this->indices_len[0];
+ for (i = 0; i < len.p + len.m; i++)
+ {
+ array[bi[i]] = (i < len.p) ? 1 : mod_q_mask;
+ }
+
+ if (this->num_polynomials == 3)
+ {
+ /* allocate temporary array t */
+ t = malloc(this->N * sizeof(uint16_t));
+
+ /* form F1 * F2 */
+ bi += len.p + len.m;
+ len = this->indices_len[1];
+ ring_mult_i(array, len, bi, this->N, mod_q_mask, t, array);
+
+ /* form (F1 * F2) + F3 */
+ bi += len.p + len.m;
+ len = this->indices_len[2];
+ for (i = 0; i < len.p + len.m; i++)
+ {
+ if (i < len.p)
+ {
+ array[bi[i]] += 1;
+ }
+ else
+ {
+ array[bi[i]] -= 1;
+ }
+ array[bi[i]] &= mod_q_mask;
+ }
+ free(t);
+ }
+}
+
+METHOD(ntru_poly_t, ring_mult, void,
+ private_ntru_poly_t *this, uint16_t *a, uint16_t *c)
+{
+ uint16_t *t1, *t2;
+ uint16_t *bi = this->indices;
+ uint16_t mod_q_mask = this->q - 1;
+ int i;
+
+ /* allocate temporary array t1 */
+ t1 = malloc(this->N * sizeof(uint16_t));
+
+ if (this->num_polynomials == 1)
+ {
+ ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, c);
+ }
+ else
+ {
+ /* allocate temporary array t2 */
+ t2 = malloc(this->N * sizeof(uint16_t));
+
+ /* t1 = a * b1 */
+ ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, t1);
+
+ /* t1 = (a * b1) * b2 */
+ bi += this->indices_len[0].p + this->indices_len[0].m;
+ ring_mult_i(t1, this->indices_len[1], bi, this->N, mod_q_mask, t2, t1);
+
+ /* t2 = a * b3 */
+ bi += this->indices_len[1].p + this->indices_len[1].m;
+ ring_mult_i(a, this->indices_len[2], bi, this->N, mod_q_mask, t2, t2);
+
+ /* c = (a * b1 * b2) + (a * b3) */
+ for (i = 0; i < this->N; i++)
+ {
+ c[i] = (t1[i] + t2[i]) & mod_q_mask;
+ }
+ free(t2);
+ }
+ free(t1);
+}
+
+METHOD(ntru_poly_t, destroy, void,
+ private_ntru_poly_t *this)
+{
+ memwipe(this->indices, sizeof(uint16_t) * get_size(this));
+ free(this->indices);
+ free(this);
+}
+
+static void init_indices(private_ntru_poly_t *this, bool is_product_form,
+ uint32_t indices_len_p, uint32_t indices_len_m)
+{
+ int n;
+
+ if (is_product_form)
+ {
+ this->num_polynomials = 3;
+ for (n = 0; n < 3; n++)
+ {
+ this->indices_len[n].p = 0xff & indices_len_p;
+ this->indices_len[n].m = 0xff & indices_len_m;
+ this->num_indices += this->indices_len[n].p +
+ this->indices_len[n].m;
+ indices_len_p >>= 8;
+ indices_len_m >>= 8;
+ }
+ }
+ else
+ {
+ this->num_polynomials = 1;
+ this->indices_len[0].p = indices_len_p;
+ this->indices_len[0].m = indices_len_m;
+ this->num_indices = indices_len_p + indices_len_m;
+ }
+ this->indices = malloc(sizeof(uint16_t) * this->num_indices);
+}
+
+/*
+ * Described in header.
+ */
+ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ uint8_t c_bits, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form)
+{
+ private_ntru_poly_t *this;
+ size_t hash_len, octet_count = 0, i;
+ uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
+ uint16_t index, limit, left = 0;
+ int n, num_indices, index_i = 0;
+ ntru_mgf1_t *mgf1;
+
+ DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
+ mgf1 = ntru_mgf1_create(alg, seed, TRUE);
+ if (!mgf1)
+ {
+ return NULL;
+ }
+ i = hash_len = mgf1->get_hash_size(mgf1);
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_indices = _get_indices,
+ .get_array = _get_array,
+ .ring_mult = _ring_mult,
+ .destroy = _destroy,
+ },
+ .N = N,
+ .q = q,
+ );
+
+ init_indices(this, is_product_form, indices_len_p, indices_len_m);
+ used = malloc(N);
+ limit = N * ((1 << c_bits) / N);
+
+ /* generate indices for all polynomials */
+ for (n = 0; n < this->num_polynomials; n++)
+ {
+ memset(used, 0, N);
+ num_indices = this->indices_len[n].p + this->indices_len[n].m;
+
+ /* generate indices for a single polynomial */
+ while (num_indices)
+ {
+ /* generate a random candidate index with a size of c_bits */
+ do
+ {
+ /* use any leftover bits first */
+ index = num_left ? left << (c_bits - num_left) : 0;
+
+ /* get the rest of the bits needed from new octets */
+ num_needed = c_bits - num_left;
+
+ while (num_needed)
+ {
+ if (i == hash_len)
+ {
+ /* get another block from MGF1 */
+ if (!mgf1->get_mask(mgf1, hash_len, octets))
+ {
+ mgf1->destroy(mgf1);
+ destroy(this);
+ free(used);
+ return NULL;
+ }
+ octet_count += hash_len;
+ i = 0;
+ }
+ left = octets[i++];
+
+ if (num_needed <= 8)
+ {
+ /* all bits needed to fill the index are in this octet */
+ index |= left >> (8 - num_needed);
+ num_left = 8 - num_needed;
+ num_needed = 0;
+ left &= 0xff >> (8 - num_left);
+ }
+ else
+ {
+ /* more than one octet will be needed */
+ index |= left << (num_needed - 8);
+ num_needed -= 8;
+ }
+ }
+ }
+ while (index >= limit);
+
+ /* form index and check if unique */
+ index %= N;
+ if (!used[index])
+ {
+ used[index] = 1;
+ this->indices[index_i++] = index;
+ num_indices--;
+ }
+ }
+ }
+
+ DBG2(DBG_LIB, "MGF1 generates %u octets to derive %u indices",
+ octet_count, this->num_indices);
+ mgf1->destroy(mgf1);
+ free(used);
+
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form)
+{
+ private_ntru_poly_t *this;
+ int i;
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_indices = _get_indices,
+ .get_array = _get_array,
+ .ring_mult = _ring_mult,
+ .destroy = _destroy,
+ },
+ .N = N,
+ .q = q,
+ );
+
+ init_indices(this, is_product_form, indices_len_p, indices_len_m);
+ for (i = 0; i < this->num_indices; i++)
+ {
+ this->indices[i] = data[i];
+ }
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed);
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data);
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
new file mode 100644
index 000000000..87c77103c
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_poly ntru_poly
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_POLY_H_
+#define NTRU_POLY_H_
+
+typedef struct ntru_poly_t ntru_poly_t;
+
+#include <library.h>
+
+/**
+ * Implements a trinary polynomial storing the indices of non-zero coefficients
+ */
+struct ntru_poly_t {
+
+ /**
+ * Get the size of the indices array
+ *
+ * @return number of indices
+ */
+ size_t (*get_size)(ntru_poly_t *this);
+
+ /**
+ * @return array containing the indices of the non-zero coefficients
+ */
+ uint16_t* (*get_indices)(ntru_poly_t *this);
+
+ /**
+ * @param array array containing all N coefficients of the polynomial
+ */
+ void (*get_array)(ntru_poly_t *this, uint16_t *array);
+
+ /**
+ * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+ * to form result polynomial c = a * b
+ *
+ * @param a input polynomial a
+ * @param b output polynomial c
+ */
+ void (*ring_mult)(ntru_poly_t *this, uint16_t *a, uint16_t *c);
+
+ /**
+ * Destroy ntru_poly_t object
+ */
+ void (*destroy)(ntru_poly_t *this);
+};
+
+/**
+ * Create a trits polynomial from a seed using MGF1 with a base hash function
+ *
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate trits from
+ * @param N ring dimension, number of polynomial coefficients
+ * @param q large modulus
+ * @param c_bits number of bits for candidate index
+ * @param indices_len_p number of indices for +1 coefficients
+ * @param indices_len_m number of indices for -1 coefficients
+ * @param is_product_form generate multiple polynomials
+ */
+ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ uint8_t c_bits, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form);
+
+/**
+ * Create a trits polynomial from an array of indices of non-zero coefficients
+ *
+ * @param data array of indices of non-zero coefficients
+ * @param N ring dimension, number of polynomial coefficients
+ * @param q large modulus
+ * @param indices_len_p number of indices for +1 coefficients
+ * @param indices_len_m number of indices for -1 coefficients
+ * @param is_product_form generate multiple polynomials
+ */
+ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p,
+ uint32_t indices_len_m,
+ bool is_product_form);
+
+#endif /** NTRU_POLY_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
new file mode 100644
index 000000000..f82501629
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntru_trits.h"
+#include "ntru_mgf1.h"
+
+#include "ntru_crypto/ntru_crypto_ntru_convert.h"
+
+#include <utils/debug.h>
+#include <utils/test.h>
+
+typedef struct private_ntru_trits_t private_ntru_trits_t;
+
+/**
+ * Private data of an ntru_trits_t object.
+ */
+struct private_ntru_trits_t {
+
+ /**
+ * Public ntru_trits_t interface.
+ */
+ ntru_trits_t public;
+
+ /**
+ * Size of the trits array
+ */
+ size_t trits_len;
+
+ /**
+ * Array containing a trit per octet
+ */
+ uint8_t *trits;
+
+};
+
+METHOD(ntru_trits_t, get_size, size_t,
+ private_ntru_trits_t *this)
+{
+ return this->trits_len;
+}
+
+METHOD(ntru_trits_t, get_trits, uint8_t*,
+ private_ntru_trits_t *this)
+{
+ return this->trits;
+}
+
+METHOD(ntru_trits_t, destroy, void,
+ private_ntru_trits_t *this)
+{
+ memwipe(this->trits, this->trits_len);
+ free(this->trits);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
+{
+ private_ntru_trits_t *this;
+ uint8_t octets[HASH_SIZE_SHA512], buf[5], *trits;
+ size_t hash_len, octet_count = 0, trits_needed, i;
+ ntru_mgf1_t *mgf1;
+
+ DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
+ mgf1 = ntru_mgf1_create(alg, seed, TRUE);
+ if (!mgf1)
+ {
+ return NULL;
+ }
+ i = hash_len = mgf1->get_hash_size(mgf1);
+
+ INIT(this,
+ .public = {
+ .get_size = _get_size,
+ .get_trits = _get_trits,
+ .destroy = _destroy,
+ },
+ .trits_len = len,
+ .trits = malloc(len),
+ );
+
+ trits = this->trits;
+ trits_needed = this->trits_len;
+
+ while (trits_needed > 0)
+ {
+ if (i == hash_len)
+ {
+ /* get another block from MGF1 */
+ if (!mgf1->get_mask(mgf1, hash_len, octets))
+ {
+ mgf1->destroy(mgf1);
+ destroy(this);
+ return NULL;
+ }
+ octet_count += hash_len;
+ i = 0;
+ }
+ if (octets[i] < 243) /* 243 = 3^5 */
+ {
+ ntru_octet_2_trits(octets[i], (trits_needed < 5) ? buf : trits);
+ if (trits_needed < 5)
+ {
+ memcpy(trits, buf, trits_needed);
+ break;
+ }
+ trits += 5;
+ trits_needed -= 5;
+ }
+ i++;
+ }
+ DBG2(DBG_LIB, "MGF1 generates %u octets to extract %u trits",
+ octet_count, len);
+ mgf1->destroy(mgf1);
+
+ return &this->public;
+}
+
+EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h
new file mode 100644
index 000000000..524c51bac
--- /dev/null
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntru_trits ntru_trits
+ * @{ @ingroup ntru_p
+ */
+
+#ifndef NTRU_TRITS_H_
+#define NTRU_TRITS_H_
+
+typedef struct ntru_trits_t ntru_trits_t;
+
+#include <library.h>
+
+/**
+ * Implements an array of trinary elements (trits)
+ */
+struct ntru_trits_t {
+
+ /**
+ * Get the size of the trits array
+ *
+ * @return number of trinary elements
+ */
+ size_t (*get_size)(ntru_trits_t *this);
+
+ /**
+ * @return octet array containing a trit per octet
+ */
+ uint8_t* (*get_trits)(ntru_trits_t *this);
+
+ /**
+ * Destroy ntru_trits_t object
+ */
+ void (*destroy)(ntru_trits_t *this);
+};
+
+/**
+ * Create a trits array from a seed using MGF1 with a base hash function
+ *
+ * @param size size of the trits array
+ * @param alg hash algorithm to be used by MGF1
+ * @param seed seed used by MGF1 to generate trits from
+ */
+ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
+
+#endif /** NTRU_TRITS_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 53ff2eb4c..f0735294b 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -224,8 +224,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 18aa5ceca..cb02c663c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -471,7 +471,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
default:
ok = X509_EXTENSION_get_critical(ext) == 0 ||
!lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE);
+ "%s.x509.enforce_critical", TRUE, lib->ns);
if (!ok)
{
DBG1(DBG_LIB, "found unsupported critical X.509 "
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index c43fe455a..b487d59a5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point)
goto error;
}
+ if (!EC_POINT_is_on_curve(group, point, ctx))
+ {
+ goto error;
+ }
+
ret = TRUE;
error:
BN_CTX_end(ctx);
@@ -196,7 +201,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this,
* http://www.rfc-editor.org/errata_search.php?eid=9
*/
x_coordinate_only = lib->settings->get_bool(lib->settings,
- "libstrongswan.ecp_x_coordinate_only", TRUE);
+ "%s.ecp_x_coordinate_only", TRUE, lib->ns);
if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only))
{
goto error;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index ff2508609..f4aef8200 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -522,7 +522,7 @@ plugin_t *openssl_plugin_create()
int fips_mode;
fips_mode = lib->settings->get_int(lib->settings,
- "libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
+ "%s.plugins.openssl.fips_mode", FIPS_MODE, lib->ns);
#ifdef OPENSSL_FIPS
if (fips_mode)
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 036f53d23..10a35c1fd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -558,7 +558,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
if (!engine_id)
{
engine_id = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.openssl.engine_id", "pkcs11");
+ "%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
}
engine = ENGINE_by_id(engine_id);
if (!engine)
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 24b12d50c..7a5b206dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1012,7 +1012,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
default:
ok = X509_EXTENSION_get_critical(ext) == 0 ||
!lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE);
+ "%s.x509.enforce_critical", TRUE, lib->ns);
if (!ok)
{
char buf[80] = "";
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 5c3ce2a42..55c0271ce 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 060799dc8..22c33b0c8 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 254b1951b..62780c384 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -25,7 +25,6 @@
#include <stddef.h>
#include <fcntl.h>
#include <sys/types.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <utils/debug.h>
@@ -418,39 +417,17 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
static void *load_from_file(char *file, credential_type_t type, int subtype,
identification_t *subject, x509_flag_t flags)
{
- void *cred = NULL;
- struct stat sb;
- void *addr;
- int fd;
+ void *cred;
+ chunk_t *chunk;
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ chunk = chunk_map(file, FALSE);
+ if (!chunk)
{
DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return NULL;
}
-
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return NULL;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return NULL;
- }
-
- cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
- subject, flags);
-
- munmap(addr, sb.st_size);
- close(fd);
+ cred = load_from_blob(*chunk, type, subtype, subject, flags);
+ chunk_unmap(chunk);
return cred;
}
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 05319bb87..e2491f5a4 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 2befd0949..d3f3fdf49 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 186d90ac6..c8cec3771 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index 2e5af95ff..36cc284bf 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -135,7 +135,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
};
if (!lib->settings->get_bool(lib->settings,
- "libstrongswan.ecp_x_coordinate_only", TRUE))
+ "%s.ecp_x_coordinate_only", TRUE, lib->ns))
{ /* we only get the x coordinate back */
return;
}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
index 8bda5b66f..96c4a180d 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -338,7 +338,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
);
enumerator = lib->settings->create_section_enumerator(lib->settings,
- "libstrongswan.plugins.pkcs11.modules");
+ "%s.plugins.pkcs11.modules", lib->ns);
while (enumerator->enumerate(enumerator, &module))
{
INIT(entry,
@@ -346,7 +346,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
);
entry->path = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module);
+ "%s.plugins.pkcs11.modules.%s.path", NULL, lib->ns, module);
if (!entry->path)
{
DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module);
@@ -355,8 +355,8 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
}
entry->lib = pkcs11_library_create(module, entry->path,
lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.os_locking",
- FALSE, module));
+ "%s.plugins.pkcs11.modules.%s.os_locking",
+ FALSE, lib->ns, module));
if (!entry->lib)
{
free(entry);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index 3faa59cae..bd2a2c114 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -83,8 +83,8 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
if (add && this->handle_events)
{
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.modules.%s.load_certs",
- TRUE, p11->get_name(p11)))
+ "%s.plugins.pkcs11.modules.%s.load_certs",
+ TRUE, lib->ns, p11->get_name(p11)))
{
creds = pkcs11_creds_create(p11, slot);
if (creds)
@@ -174,8 +174,8 @@ static bool handle_certs(private_pkcs11_plugin_t *this,
METHOD(plugin_t, reload, bool,
private_pkcs11_plugin_t *this)
{
- if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.reload_certs", FALSE))
+ if (lib->settings->get_bool(lib->settings, "%s.plugins.pkcs11.reload_certs",
+ FALSE, lib->ns))
{
DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens");
handle_certs(this, NULL, FALSE, NULL);
@@ -247,28 +247,28 @@ METHOD(plugin_t, get_features, int,
if (!count)
{ /* initialize only once */
bool use_ecc = lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_ecc", FALSE);
+ "%s.plugins.pkcs11.use_ecc", FALSE, lib->ns);
plugin_features_add(f, f_manager, countof(f_manager), &count);
/* private key handling for EC keys is not disabled by use_ecc */
plugin_features_add(f, f_privkey, countof(f_privkey), &count);
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_pubkey", FALSE))
+ "%s.plugins.pkcs11.use_pubkey", FALSE, lib->ns))
{
plugin_features_add(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1),
&count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
+ "%s.plugins.pkcs11.use_hasher", FALSE, lib->ns))
{
plugin_features_add(f, f_hash, countof(f_hash), &count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_rng", FALSE))
+ "%s.plugins.pkcs11.use_rng", FALSE, lib->ns))
{
plugin_features_add(f, f_rng, countof(f_rng), &count);
}
if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_dh", FALSE))
+ "%s.plugins.pkcs11.use_dh", FALSE, lib->ns))
{
plugin_features_add(f, f_dh, countof(f_dh), &count);
if (use_ecc)
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 1972f33b3..67b1f4f57 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 300212173..feff6e5b0 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -219,8 +219,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index e2ccb326d..35a5c9a35 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 5ed0a9b0f..08a8442ea 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -28,6 +28,7 @@
#include <utils/debug.h>
#include <library.h>
#include <collections/hashtable.h>
+#include <collections/array.h>
#include <collections/linked_list.h>
#include <plugins/plugin.h>
#include <utils/integrity_checker.h>
@@ -936,18 +937,146 @@ static bool find_plugin(char *path, char *name, char *buf, char **file)
return FALSE;
}
+/**
+ * Used to sort plugins by priority
+ */
+typedef struct {
+ /* name of the plugin */
+ char *name;
+ /* the plugins priority */
+ int prio;
+ /* default priority */
+ int def;
+} plugin_priority_t;
+
+static void plugin_priority_free(const plugin_priority_t *this, int idx,
+ void *user)
+{
+ free(this->name);
+}
+
+/**
+ * Sort plugins and their priority by name
+ */
+static int plugin_priority_cmp_name(const plugin_priority_t *a,
+ const plugin_priority_t *b)
+{
+ return strcmp(a->name, b->name);
+}
+
+/**
+ * Sort plugins by decreasing priority or default priority then by name
+ */
+static int plugin_priority_cmp(const plugin_priority_t *a,
+ const plugin_priority_t *b, void *user)
+{
+ int diff;
+
+ diff = b->prio - a->prio;
+ if (!diff)
+ { /* the same priority, use default order */
+ diff = b->def - a->def;
+ if (!diff)
+ { /* same default priority (i.e. both were not found in that list) */
+ return strcmp(a->name, b->name);
+ }
+ }
+ return diff;
+}
+
+
+/**
+ * Determine the list of plugins to load via load option in each plugin's
+ * config section.
+ */
+static char *modular_pluginlist(char *list)
+{
+ enumerator_t *enumerator;
+ array_t *given, *final;
+ plugin_priority_t item, *current, found;
+ char *plugin, *plugins = NULL;
+ int i = 0, max_prio;
+
+ if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE,
+ lib->ns))
+ {
+ return list;
+ }
+
+ given = array_create(sizeof(plugin_priority_t), 0);
+ final = array_create(sizeof(plugin_priority_t), 0);
+
+ enumerator = enumerator_create_token(list, " ", " ");
+ while (enumerator->enumerate(enumerator, &plugin))
+ {
+ item.name = strdup(plugin);
+ item.prio = i++;
+ array_insert(given, ARRAY_TAIL, &item);
+ }
+ enumerator->destroy(enumerator);
+ array_sort(given, (void*)plugin_priority_cmp_name, NULL);
+ /* the maximum priority used for plugins not found in this list */
+ max_prio = i + 1;
+
+ enumerator = lib->settings->create_section_enumerator(lib->settings,
+ "%s.plugins", lib->ns);
+ while (enumerator->enumerate(enumerator, &plugin))
+ {
+ item.prio = lib->settings->get_int(lib->settings,
+ "%s.plugins.%s.load", 0, lib->ns, plugin);
+ if (!item.prio)
+ {
+ if (!lib->settings->get_bool(lib->settings,
+ "%s.plugins.%s.load", FALSE, lib->ns, plugin))
+ {
+ continue;
+ }
+ item.prio = 1;
+ }
+ item.name = plugin;
+ item.def = max_prio;
+ if (array_bsearch(given, &item, (void*)plugin_priority_cmp_name,
+ &found) != -1)
+ {
+ item.def = max_prio - found.prio;
+ }
+ array_insert(final, ARRAY_TAIL, &item);
+ }
+ enumerator->destroy(enumerator);
+ array_destroy_function(given, (void*)plugin_priority_free, NULL);
+
+ array_sort(final, (void*)plugin_priority_cmp, NULL);
+
+ enumerator = array_create_enumerator(final);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ char *prev = plugins;
+ if (asprintf(&plugins, "%s %s", plugins ?: "", current->name) < 0)
+ {
+ plugins = prev;
+ break;
+ }
+ free(prev);
+ }
+ enumerator->destroy(enumerator);
+ array_destroy(final);
+ return plugins;
+}
+
METHOD(plugin_loader_t, load_plugins, bool,
private_plugin_loader_t *this, char *list)
{
enumerator_t *enumerator;
- char *default_path = NULL, *token;
+ char *default_path = NULL, *plugins, *token;
bool critical_failed = FALSE;
#ifdef PLUGINDIR
default_path = PLUGINDIR;
#endif /* PLUGINDIR */
- enumerator = enumerator_create_token(list, " ", " ");
+ plugins = modular_pluginlist(list);
+
+ enumerator = enumerator_create_token(plugins, " ", " ");
while (!critical_failed && enumerator->enumerate(enumerator, &token))
{
plugin_entry_t *entry;
@@ -1006,6 +1135,10 @@ METHOD(plugin_loader_t, load_plugins, bool,
free(this->loaded_plugins);
this->loaded_plugins = loaded_plugins_list(this);
}
+ if (plugins != list)
+ {
+ free(plugins);
+ }
return !critical_failed;
}
@@ -1170,3 +1303,22 @@ plugin_loader_t *plugin_loader_create()
return &this->public;
}
+
+/*
+ * See header
+ */
+void plugin_loader_add_plugindirs(char *basedir, char *plugins)
+{
+ enumerator_t *enumerator;
+ char *name, path[PATH_MAX], dir[64];
+
+ enumerator = enumerator_create_token(plugins, " ", "");
+ while (enumerator->enumerate(enumerator, &name))
+ {
+ snprintf(dir, sizeof(dir), "%s", name);
+ translate(dir, "-", "_");
+ snprintf(path, sizeof(path), "%s/%s/.libs", basedir, dir);
+ lib->plugins->add_path(lib->plugins, path);
+ }
+ enumerator->destroy(enumerator);
+}
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index 285b33910..fec57ce98 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2013 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -67,6 +67,13 @@ struct plugin_loader_t {
* for the plugins first, in the order they were added, then the default
* path follows.
*
+ * If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to
+ * load are determined via a load option in their respective plugin config
+ * section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>.
+ * The oder is determined by the configured priority. If two plugins have
+ * the same priority the order as seen in list is preserved. Plugins not
+ * found in list are loaded first, in alphabetical order.
+ *
* @note Even though this method could be called multiple times this is
* currently not really supported in regards to plugin features and their
* dependencies (in particular soft dependencies).
@@ -146,4 +153,13 @@ struct plugin_loader_t {
*/
plugin_loader_t *plugin_loader_create();
+/**
+ * Convenience function to add plugin directories for the given plugins within
+ * the given base directory according to the conventions in the src/build tree.
+ *
+ * @param basedir base directory
+ * @param plugins space separated list of plugins
+ */
+void plugin_loader_add_plugindirs(char *basedir, char *plugins);
+
#endif /** PLUGIN_LOADER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index c5b3bad05..803eeab44 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 492bc31ac..0efe24cb7 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 24c711a69..1f1079240 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -51,6 +51,9 @@ static int dev_random = -1;
/** /dev/urandom file descriptor */
static int dev_urandom = -1;
+/** Is strong randomness equivalent to true randomness? */
+static bool strong_equals_true = FALSE;
+
/**
* See header.
*/
@@ -68,6 +71,14 @@ int random_plugin_get_dev_urandom()
}
/**
+ * See header.
+ */
+bool random_plugin_get_strong_equals_true()
+{
+ return strong_equals_true;
+}
+
+/**
* Open a random device file
*/
static bool open_dev(char *file, int *fd)
@@ -131,10 +142,12 @@ plugin_t *random_plugin_create()
},
);
+ strong_equals_true = lib->settings->get_bool(lib->settings,
+ "%s.plugins.random.strong_equals_true", FALSE, lib->ns);
urandom_file = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.random.urandom", DEV_URANDOM);
+ "%s.plugins.random.urandom", DEV_URANDOM, lib->ns);
random_file = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.random.random", DEV_RANDOM);
+ "%s.plugins.random.random", DEV_RANDOM, lib->ns);
if (!open_dev(urandom_file, &dev_urandom) ||
!open_dev(random_file, &dev_random))
{
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index c34fa8196..ff79bef0c 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -49,4 +49,9 @@ int random_plugin_get_dev_random();
*/
int random_plugin_get_dev_urandom();
+/**
+ * Must strong randomness be equivalent to true randomness?
+ */
+bool random_plugin_get_strong_equals_true();
+
#endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 568844899..36d5446b8 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality)
this->fd = random_plugin_get_dev_random();
break;
case RNG_STRONG:
+ this->fd = random_plugin_get_strong_equals_true() ?
+ random_plugin_get_dev_random() :
+ random_plugin_get_dev_urandom();
+ break;
case RNG_WEAK:
default:
this->fd = random_plugin_get_dev_urandom();
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index e2cdbac7a..afcbc07eb 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 0a3063f04..88b283e87 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
index 4bdfc258e..b416c872f 100644
--- a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
+++ b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c
@@ -77,11 +77,11 @@ static bool have_rdrand()
cpuid(1, &a, &b, &c, &d);
if (c & CPUID_RDRAND)
{
- DBG1(DBG_LIB, "detected RDRAND support on %s CPU", vendor);
+ DBG2(DBG_LIB, "detected RDRAND support on %s CPU", vendor);
return TRUE;
}
}
- DBG1(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor);
+ DBG2(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor);
return FALSE;
}
@@ -102,7 +102,11 @@ METHOD(plugin_t, get_features, int,
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
};
*features = f;
- return countof(f);
+ if (have_rdrand())
+ {
+ return countof(f);
+ }
+ return 0;
}
METHOD(plugin_t, destroy, void,
@@ -122,16 +126,12 @@ plugin_t *rdrand_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
+ .get_features = _get_features,
.reload = (void*)return_false,
.destroy = _destroy,
},
},
);
- if (have_rdrand())
- {
- this->public.plugin.get_features = _get_features;
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index fe9aa16e7..745ee83e7 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 2095dbdb7..e57eb78ab 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 2eb572f70..c044178b9 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 5483bf91f..cc16ef5cb 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -216,8 +216,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 13c0bf86d..c428b883f 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index a62d22a5b..3c9926acc 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 569b0b738..652663108 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -13,6 +13,7 @@
* for more details.
*/
+#define _GNU_SOURCE /* for fmemopen() */
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index d4cbde107..a1439f6ea 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -232,8 +232,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -301,6 +299,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -389,12 +392,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -409,6 +416,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index d79803189..961311eb0 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -218,8 +218,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c
index 42cdbc6cc..745e59d5b 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.c
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c
@@ -97,14 +97,14 @@ resolver_t *unbound_resolver_create(void)
char *resolv_conf, *trust_anchors, *dlv_anchors;
resolv_conf = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.resolv_conf",
- RESOLV_CONF_FILE);
+ "%s.plugins.unbound.resolv_conf",
+ RESOLV_CONF_FILE, lib->ns);
trust_anchors = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.trust_anchors",
- TRUST_ANCHOR_FILE);
+ "%s.plugins.unbound.trust_anchors",
+ TRUST_ANCHOR_FILE, lib->ns);
dlv_anchors = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.unbound.dlv_anchors",
- NULL);
+ "%s.plugins.unbound.dlv_anchors",
+ NULL, lib->ns);
INIT(this,
.public = {
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 09d300255..74552e00b 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -217,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 85c481552..ed850e8f5 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -20,14 +20,14 @@
#define _GNU_SOURCE
-#include "x509_cert.h"
-
#include <sys/stat.h>
#include <time.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
+#include "x509_cert.h"
+
#include <library.h>
#include <utils/debug.h>
#include <asn1/oid.h>
@@ -1446,7 +1446,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
default:
if (critical && lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE))
+ "%s.x509.enforce_critical", TRUE, lib->ns))
{
DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index efb70c94c..d6057c30f 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -325,7 +325,7 @@ static bool parse(private_x509_crl_t *this)
break;
default:
if (critical && lib->settings->get_bool(lib->settings,
- "libstrongswan.x509.enforce_critical", TRUE))
+ "%s.x509.enforce_critical", TRUE, lib->ns))
{
DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 59ee48377..c8f886c60 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -215,8 +215,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c
index adbd95685..012b169e3 100644
--- a/src/libstrongswan/processing/processor.c
+++ b/src/libstrongswan/processing/processor.c
@@ -545,7 +545,7 @@ processor_t *processor_create()
{
this->jobs[i] = linked_list_create();
this->prio_threads[i] = lib->settings->get_int(lib->settings,
- "libstrongswan.processor.priority_threads.%N", 0,
+ "%s.processor.priority_threads.%N", 0, lib->ns,
job_priority_names, i);
}
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index 9773e7601..cc3c3a788 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -340,7 +340,7 @@ static job_requeue_t watch(private_watcher_t *this)
}
else
{
- if (!this->pending)
+ if (!this->pending && errno != EINTR)
{ /* complain only if no pending updates */
DBG1(DBG_JOB, "watcher select() error: %s", strerror(errno));
}
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index c3d41a1cd..331a5480d 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -1,23 +1,62 @@
-TESTS = test_runner
+check_LTLIBRARIES = libtest.la
+
+libtest_la_SOURCES = \
+ test_suite.c test_suite.h \
+ test_runner.c test_runner.h \
+ utils/test_rng.c utils/test_rng.h
+
+libtest_la_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ @COVERAGE_CFLAGS@
+
+libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
+libtest_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(PTHREADLIB)
+
+
+TESTS = tests
check_PROGRAMS = $(TESTS)
-test_runner_SOURCES = \
- test_runner.c test_runner.h test_suite.h \
- test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \
- test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \
- test_identification.c test_threading.c test_utils.c test_vectors.c \
- test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c
+tests_SOURCES = tests.h tests.c \
+ suites/test_linked_list.c \
+ suites/test_enumerator.c \
+ suites/test_linked_list_enumerator.c \
+ suites/test_bio_reader.c \
+ suites/test_bio_writer.c \
+ suites/test_chunk.c \
+ suites/test_enum.c \
+ suites/test_hashtable.c \
+ suites/test_identification.c \
+ suites/test_threading.c \
+ suites/test_watcher.c \
+ suites/test_stream.c \
+ suites/test_fetch_http.c \
+ suites/test_utils.c \
+ suites/test_settings.c \
+ suites/test_vectors.c \
+ suites/test_array.c \
+ suites/test_ecdsa.c \
+ suites/test_rsa.c \
+ suites/test_host.c \
+ suites/test_hasher.c \
+ suites/test_crypter.c \
+ suites/test_pen.c \
+ suites/test_asn1.c \
+ suites/test_asn1_parser.c \
+ suites/test_printf.c \
+ suites/test_test_rng.c \
+ suites/test_ntru.c
-test_runner_CFLAGS = \
+tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
- @COVERAGE_CFLAGS@ \
- @CHECK_CFLAGS@
+ @COVERAGE_CFLAGS@
-test_runner_LDFLAGS = @COVERAGE_LDFLAGS@
-test_runner_LDADD = \
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) \
- @CHECK_LIBS@
+ libtest.la
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index adeae1a81..656be4efb 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -77,11 +77,11 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-TESTS = test_runner$(EXEEXT)
+TESTS = tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libstrongswan/tests
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp $(top_srcdir)/test-driver
+ $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,36 +99,57 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__EXEEXT_1 = test_runner$(EXEEXT)
-am_test_runner_OBJECTS = test_runner-test_runner.$(OBJEXT) \
- test_runner-test_linked_list.$(OBJEXT) \
- test_runner-test_enumerator.$(OBJEXT) \
- test_runner-test_linked_list_enumerator.$(OBJEXT) \
- test_runner-test_bio_reader.$(OBJEXT) \
- test_runner-test_bio_writer.$(OBJEXT) \
- test_runner-test_chunk.$(OBJEXT) \
- test_runner-test_enum.$(OBJEXT) \
- test_runner-test_hashtable.$(OBJEXT) \
- test_runner-test_identification.$(OBJEXT) \
- test_runner-test_threading.$(OBJEXT) \
- test_runner-test_utils.$(OBJEXT) \
- test_runner-test_vectors.$(OBJEXT) \
- test_runner-test_array.$(OBJEXT) \
- test_runner-test_ecdsa.$(OBJEXT) \
- test_runner-test_rsa.$(OBJEXT) test_runner-test_host.$(OBJEXT) \
- test_runner-test_printf.$(OBJEXT)
-test_runner_OBJECTS = $(am_test_runner_OBJECTS)
am__DEPENDENCIES_1 =
-test_runner_DEPENDENCIES = \
+libtest_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_1)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libtest_la_OBJECTS = libtest_la-test_suite.lo \
+ libtest_la-test_runner.lo utils/libtest_la-test_rng.lo
+libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-test_runner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_runner_CFLAGS) \
- $(CFLAGS) $(test_runner_LDFLAGS) $(LDFLAGS) -o $@
+libtest_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
+ $(CFLAGS) $(libtest_la_LDFLAGS) $(LDFLAGS) -o $@
+am__EXEEXT_1 = tests$(EXEEXT)
+am_tests_OBJECTS = tests-tests.$(OBJEXT) \
+ suites/tests-test_linked_list.$(OBJEXT) \
+ suites/tests-test_enumerator.$(OBJEXT) \
+ suites/tests-test_linked_list_enumerator.$(OBJEXT) \
+ suites/tests-test_bio_reader.$(OBJEXT) \
+ suites/tests-test_bio_writer.$(OBJEXT) \
+ suites/tests-test_chunk.$(OBJEXT) \
+ suites/tests-test_enum.$(OBJEXT) \
+ suites/tests-test_hashtable.$(OBJEXT) \
+ suites/tests-test_identification.$(OBJEXT) \
+ suites/tests-test_threading.$(OBJEXT) \
+ suites/tests-test_watcher.$(OBJEXT) \
+ suites/tests-test_stream.$(OBJEXT) \
+ suites/tests-test_fetch_http.$(OBJEXT) \
+ suites/tests-test_utils.$(OBJEXT) \
+ suites/tests-test_settings.$(OBJEXT) \
+ suites/tests-test_vectors.$(OBJEXT) \
+ suites/tests-test_array.$(OBJEXT) \
+ suites/tests-test_ecdsa.$(OBJEXT) \
+ suites/tests-test_rsa.$(OBJEXT) \
+ suites/tests-test_host.$(OBJEXT) \
+ suites/tests-test_hasher.$(OBJEXT) \
+ suites/tests-test_crypter.$(OBJEXT) \
+ suites/tests-test_pen.$(OBJEXT) \
+ suites/tests-test_asn1.$(OBJEXT) \
+ suites/tests-test_asn1_parser.$(OBJEXT) \
+ suites/tests-test_printf.$(OBJEXT) \
+ suites/tests-test_test_rng.$(OBJEXT) \
+ suites/tests-test_ntru.$(OBJEXT)
+tests_OBJECTS = $(am_tests_OBJECTS)
+tests_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la libtest.la
+tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \
+ $(tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -163,8 +184,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(test_runner_SOURCES)
-DIST_SOURCES = $(test_runner_SOURCES)
+SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
+DIST_SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -211,188 +232,6 @@ am__tty_colors = { \
std=''; \
fi; \
}
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -408,8 +247,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -477,6 +314,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -565,12 +407,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -585,6 +431,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -595,30 +442,67 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-test_runner_SOURCES = \
- test_runner.c test_runner.h test_suite.h \
- test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \
- test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \
- test_identification.c test_threading.c test_utils.c test_vectors.c \
- test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c
-
-test_runner_CFLAGS = \
+check_LTLIBRARIES = libtest.la
+libtest_la_SOURCES = \
+ test_suite.c test_suite.h \
+ test_runner.c test_runner.h \
+ utils/test_rng.c utils/test_rng.h
+
+libtest_la_CFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ @COVERAGE_CFLAGS@
+
+libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@
+libtest_la_LIBADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(PTHREADLIB)
+
+tests_SOURCES = tests.h tests.c \
+ suites/test_linked_list.c \
+ suites/test_enumerator.c \
+ suites/test_linked_list_enumerator.c \
+ suites/test_bio_reader.c \
+ suites/test_bio_writer.c \
+ suites/test_chunk.c \
+ suites/test_enum.c \
+ suites/test_hashtable.c \
+ suites/test_identification.c \
+ suites/test_threading.c \
+ suites/test_watcher.c \
+ suites/test_stream.c \
+ suites/test_fetch_http.c \
+ suites/test_utils.c \
+ suites/test_settings.c \
+ suites/test_vectors.c \
+ suites/test_array.c \
+ suites/test_ecdsa.c \
+ suites/test_rsa.c \
+ suites/test_host.c \
+ suites/test_hasher.c \
+ suites/test_crypter.c \
+ suites/test_pen.c \
+ suites/test_asn1.c \
+ suites/test_asn1_parser.c \
+ suites/test_printf.c \
+ suites/test_test_rng.c \
+ suites/test_ntru.c
+
+tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
- @COVERAGE_CFLAGS@ \
- @CHECK_CFLAGS@
+ @COVERAGE_CFLAGS@
-test_runner_LDFLAGS = @COVERAGE_LDFLAGS@
-test_runner_LDADD = \
+tests_LDFLAGS = @COVERAGE_LDFLAGS@
+tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(PTHREADLIB) \
- @CHECK_LIBS@
+ libtest.la
all: all-am
.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -650,6 +534,28 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkLTLIBRARIES:
+ -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES)
+ @list='$(check_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+utils/$(am__dirstamp):
+ @$(MKDIR_P) utils
+ @: > utils/$(am__dirstamp)
+utils/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) utils/$(DEPDIR)
+ @: > utils/$(DEPDIR)/$(am__dirstamp)
+utils/libtest_la-test_rng.lo: utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
+
+libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) $(EXTRA_libtest_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libtest_la_LINK) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
+
clean-checkPROGRAMS:
@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
@@ -658,35 +564,114 @@ clean-checkPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
-
-test_runner$(EXEEXT): $(test_runner_OBJECTS) $(test_runner_DEPENDENCIES) $(EXTRA_test_runner_DEPENDENCIES)
- @rm -f test_runner$(EXEEXT)
- $(AM_V_CCLD)$(test_runner_LINK) $(test_runner_OBJECTS) $(test_runner_LDADD) $(LIBS)
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_linked_list.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_enumerator.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_linked_list_enumerator.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_bio_reader.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_bio_writer.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_chunk.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_enum.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_hashtable.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_fetch_http.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_utils.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_settings.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_vectors.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_array.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_ecdsa.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_rsa.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_host.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_hasher.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_asn1_parser.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_printf.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_test_rng.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_ntru.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+
+tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES)
+ @rm -f tests$(EXEEXT)
+ $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
+ -rm -f suites/*.$(OBJEXT)
+ -rm -f utils/*.$(OBJEXT)
+ -rm -f utils/*.lo
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_array.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_bio_reader.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_bio_writer.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_chunk.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_ecdsa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_enum.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_enumerator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_hashtable.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_host.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_identification.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_linked_list.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_linked_list_enumerator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_printf.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_rsa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_runner.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_threading.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_utils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_vectors.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_runner.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_suite.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_array.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1_parser.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_reader.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_writer.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_chunk.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_crypter.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ecdsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enum.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enumerator.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_fetch_http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hasher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hashtable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_host.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_identification.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ntru.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_pen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_rsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_settings.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_stream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_test_rng.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_threading.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_utils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_vectors.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_watcher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/libtest_la-test_rng.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -712,263 +697,439 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-test_runner-test_runner.o: test_runner.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.o -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.o' libtool=no @AMDEPBACKSLASH@
+libtest_la-test_suite.lo: test_suite.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_suite.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_suite.Tpo -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_suite.Tpo $(DEPDIR)/libtest_la-test_suite.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_suite.c' object='libtest_la-test_suite.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c
+
+libtest_la-test_runner.lo: test_runner.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_runner.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_runner.Tpo -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_runner.Tpo $(DEPDIR)/libtest_la-test_runner.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='libtest_la-test_runner.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+
+utils/libtest_la-test_rng.lo: utils/test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT utils/libtest_la-test_rng.lo -MD -MP -MF utils/$(DEPDIR)/libtest_la-test_rng.Tpo -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/libtest_la-test_rng.Tpo utils/$(DEPDIR)/libtest_la-test_rng.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/test_rng.c' object='utils/libtest_la-test_rng.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c
+
+tests-tests.o: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+
+tests-tests.obj: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+
+suites/tests-test_linked_list.o: suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+
+suites/tests-test_linked_list.obj: suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+
+suites/tests-test_enumerator.o: suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+
+suites/tests-test_enumerator.obj: suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+
+suites/tests-test_linked_list_enumerator.o: suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+
+suites/tests-test_linked_list_enumerator.obj: suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+
+suites/tests-test_bio_reader.o: suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+
+suites/tests-test_bio_reader.obj: suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+
+suites/tests-test_bio_writer.o: suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+
+suites/tests-test_bio_writer.obj: suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+
+suites/tests-test_chunk.o: suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.o -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
-test_runner-test_runner.obj: test_runner.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.obj -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_chunk.obj: suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
-test_runner-test_linked_list.o: test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_enum.o: suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
-test_runner-test_linked_list.obj: test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_enum.obj: suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
-test_runner-test_enumerator.o: test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hashtable.o: suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
-test_runner-test_enumerator.obj: test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hashtable.obj: suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
-test_runner-test_linked_list_enumerator.o: test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_identification.o: suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.o -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
-test_runner-test_linked_list_enumerator.obj: test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_identification.obj: suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
-test_runner-test_bio_reader.o: test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_threading.o: suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.o -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
-test_runner-test_bio_reader.obj: test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_threading.obj: suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
-test_runner-test_bio_writer.o: test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_watcher.o: suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
-test_runner-test_bio_writer.obj: test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_watcher.obj: suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
-test_runner-test_chunk.o: test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.o -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_stream.o: suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.o -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
-test_runner-test_chunk.obj: test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.obj -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_stream.obj: suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
-test_runner-test_enum.o: test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.o -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_fetch_http.o: suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.o -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
-test_runner-test_enum.obj: test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_fetch_http.obj: suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
-test_runner-test_hashtable.o: test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.o -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_utils.o: suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.o -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
-test_runner-test_hashtable.obj: test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.obj -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_utils.obj: suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
-test_runner-test_identification.o: test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.o -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_settings.o: suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.o -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
-test_runner-test_identification.obj: test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.obj -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_settings.obj: suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
-test_runner-test_threading.o: test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.o -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_vectors.o: suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
-test_runner-test_threading.obj: test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.obj -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_vectors.obj: suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
-test_runner-test_utils.o: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.o -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_array.o: suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.o -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
-test_runner-test_utils.obj: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.obj -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_array.obj: suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
-test_runner-test_vectors.o: test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.o -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_ecdsa.o: suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
-test_runner-test_vectors.obj: test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.obj -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_ecdsa.obj: suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
-test_runner-test_array.o: test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.o -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_rsa.o: suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
-test_runner-test_array.obj: test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.obj -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_rsa.obj: suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
-test_runner-test_ecdsa.o: test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_host.o: suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.o -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
-test_runner-test_ecdsa.obj: test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_host.obj: suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
-test_runner-test_rsa.o: test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hasher.o: suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
-test_runner-test_rsa.obj: test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_hasher.obj: suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
-test_runner-test_host.o: test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.o -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_crypter.o: suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.o -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
-test_runner-test_host.obj: test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.obj -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_crypter.obj: suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
-test_runner-test_printf.o: test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.o -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.o' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_pen.o: suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
-test_runner-test_printf.obj: test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.obj -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.obj' libtool=no @AMDEPBACKSLASH@
+suites/tests-test_pen.obj: suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+
+suites/tests-test_asn1.o: suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+
+suites/tests-test_asn1.obj: suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+
+suites/tests-test_asn1_parser.o: suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+
+suites/tests-test_asn1_parser.obj: suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+
+suites/tests-test_printf.o: suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.o -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+
+suites/tests-test_printf.obj: suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+
+suites/tests-test_test_rng.o: suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.o -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+
+suites/tests-test_test_rng.obj: suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+
+suites/tests-test_ntru.o: suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+
+suites/tests-test_ntru.obj: suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
+ -rm -rf utils/.libs utils/_libs
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -1022,168 +1183,98 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- else \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
else \
- color_start= color_end=; \
+ skipped="($$skip tests were not run)"; \
fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS:
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(check_PROGRAMS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-test_runner.log: test_runner$(EXEEXT)
- @p='test_runner$(EXEEXT)'; \
- b='test_runner'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -1216,7 +1307,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) $(check_PROGRAMS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile
@@ -1241,26 +1332,27 @@ install-strip:
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+ -rm -f utils/$(DEPDIR)/$(am__dirstamp)
+ -rm -f utils/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
- mostlyclean-am
+clean-am: clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1306,7 +1398,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1328,18 +1420,18 @@ uninstall-am:
.MAKE: check-am install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
- ctags ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am
+ clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool cscopelist-am ctags ctags-am distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/tests/test_array.c b/src/libstrongswan/tests/suites/test_array.c
index 2220d5a2b..ba2aff460 100644
--- a/src/libstrongswan/tests/test_array.c
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -35,6 +38,14 @@ START_TEST(test_append_ptr)
/* 3, 4 */
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_get(array, 1, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(!array_get(array, 3, &x));
+
array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)1);
array_insert(array, 1, (void*)(uintptr_t)2);
ck_assert_int_eq(array_count(array), 4);
@@ -108,6 +119,14 @@ START_TEST(test_append_obj)
/* 3, 4 */
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 3);
+ ck_assert(array_get(array, 1, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 4);
+ ck_assert(!array_get(array, 3, &x));
+
array_insert(array, ARRAY_HEAD, &y[1]);
array_insert(array, 1, &y[2]);
ck_assert_int_eq(array_count(array), 4);
@@ -258,6 +277,149 @@ START_TEST(test_enumerate)
}
END_TEST
+static int comp_obj(const void *a, const void *b, void *arg)
+{
+ ck_assert_str_eq(arg, "arg");
+ return *(int*)a - *(int*)b;
+}
+
+START_TEST(test_sort_obj)
+{
+ array_t *array;
+ int x[][3] = {
+ {1, 2, 3},
+ {1, 3, 2},
+ {2, 1, 3},
+ {2, 3, 1},
+ {3, 1, 2},
+ {3, 2, 1},
+ };
+ char *arg = "arg";
+ int i, v;
+
+ for (i = 0; i < countof(x); i++)
+ {
+ array = array_create(sizeof(x[i][0]), 0);
+ array_insert(array, ARRAY_TAIL, &x[i][0]);
+ array_insert(array, ARRAY_TAIL, &x[i][1]);
+ array_insert(array, ARRAY_TAIL, &x[i][2]);
+
+ array_sort(array, comp_obj, arg);
+
+ ck_assert(array_get(array, 0, &v));
+ ck_assert_int_eq(v, 1);
+ ck_assert(array_get(array, 1, &v));
+ ck_assert_int_eq(v, 2);
+ ck_assert(array_get(array, 2, &v));
+ ck_assert_int_eq(v, 3);
+
+ array_destroy(array);
+ }
+}
+END_TEST
+
+static int comp_ptr(const void *a, const void *b, void *arg)
+{
+ ck_assert_str_eq(arg, "arg");
+ return strcmp(a, b);
+}
+
+START_TEST(test_sort_ptr)
+{
+ array_t *array;
+ char *x[][3] = {
+ {"a", "b", "c"},
+ {"a", "c", "b"},
+ {"b", "a", "c"},
+ {"b", "c", "a"},
+ {"c", "a", "b"},
+ {"c", "b", "a"},
+ };
+ char *v, *arg = "arg";
+ int i;
+
+ for (i = 0; i < countof(x); i++)
+ {
+ array = array_create(0, 0);
+ array_insert(array, ARRAY_TAIL, x[i][0]);
+ array_insert(array, ARRAY_TAIL, x[i][1]);
+ array_insert(array, ARRAY_TAIL, x[i][2]);
+
+ array_sort(array, comp_ptr, arg);
+
+ ck_assert(array_get(array, 0, &v));
+ ck_assert_str_eq(v, "a");
+ ck_assert(array_get(array, 1, &v));
+ ck_assert_str_eq(v, "b");
+ ck_assert(array_get(array, 2, &v));
+ ck_assert_str_eq(v, "c");
+
+ array_destroy(array);
+ }
+}
+END_TEST
+
+static int comp_search_obj(const void *a, const void *b)
+{
+ return *(int*)a - *(int*)b;
+}
+
+START_TEST(test_bsearch_obj)
+{
+ array_t *array;
+ int x[] = { 3, 2, 1 };
+ int k, v;
+
+ array = array_create(sizeof(x[0]), 0);
+ array_insert(array, ARRAY_TAIL, &x[0]);
+ array_insert(array, ARRAY_TAIL, &x[1]);
+ array_insert(array, ARRAY_TAIL, &x[2]);
+
+ array_sort(array, (void*)comp_search_obj, NULL);
+
+ k = 0;
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1);
+ for (k = 1; k < 4; k++)
+ {
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), k-1);
+ ck_assert_int_eq(v, k);
+ }
+ k = 4;
+ ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1);
+ array_destroy(array);
+}
+END_TEST
+
+static int comp_search_ptr(const void *a, const void *b)
+{
+ return strcmp(a, b);
+}
+
+START_TEST(test_bsearch_ptr)
+{
+ array_t *array;
+ char *x[] = {"c", "b", "a"};
+ char *v;
+
+ array = array_create(0, 0);
+ array_insert(array, ARRAY_TAIL, x[0]);
+ array_insert(array, ARRAY_TAIL, x[1]);
+ array_insert(array, ARRAY_TAIL, x[2]);
+
+ array_sort(array, (void*)comp_search_ptr, NULL);
+
+ ck_assert_int_eq(array_bsearch(array, "abc", comp_search_ptr, &v), -1);
+ ck_assert_int_eq(array_bsearch(array, "a", comp_search_ptr, &v), 0);
+ ck_assert_str_eq(v, "a");
+ ck_assert_int_eq(array_bsearch(array, "b", comp_search_ptr, &v), 1);
+ ck_assert_str_eq(v, "b");
+ ck_assert_int_eq(array_bsearch(array, "c", comp_search_ptr, &v), 2);
+ ck_assert_str_eq(v, "c");
+
+ array_destroy(array);
+}
+END_TEST
+
static void invoke(void *data, int idx, void *user)
{
int *y = user, *x = data;
@@ -336,11 +498,11 @@ Suite *array_suite_create()
s = suite_create("array");
- tc = tcase_create("add/remove ptr");
+ tc = tcase_create("add/get/remove ptr");
tcase_add_test(tc, test_append_ptr);
suite_add_tcase(s, tc);
- tc = tcase_create("add/remove obj");
+ tc = tcase_create("add/get/remove obj");
tcase_add_test(tc, test_append_obj);
suite_add_tcase(s, tc);
@@ -348,6 +510,16 @@ Suite *array_suite_create()
tcase_add_test(tc, test_enumerate);
suite_add_tcase(s, tc);
+ tc = tcase_create("sort");
+ tcase_add_test(tc, test_sort_obj);
+ tcase_add_test(tc, test_sort_ptr);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("bsearch");
+ tcase_add_test(tc, test_bsearch_obj);
+ tcase_add_test(tc, test_bsearch_ptr);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("invoke");
tcase_add_test(tc, test_invoke);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c
new file mode 100644
index 000000000..d0cd7e6e4
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_asn1.c
@@ -0,0 +1,869 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "test_suite.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <utils/chunk.h>
+
+/*******************************************************************************
+ * algorithm_identifier
+ */
+
+START_TEST(test_asn1_algorithmIdentifier)
+{
+ typedef struct {
+ int n;
+ chunk_t algid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_ECDSA_WITH_SHA1, chunk_from_chars(0x30, 0x09, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { OID_SHA1_WITH_RSA, chunk_from_chars(0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00) },
+ };
+
+ chunk_t algid;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ algid = asn1_algorithmIdentifier(test[i].n);
+ ck_assert(chunk_equals(algid, test[i].algid));
+ free(algid.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_algorithm_identifier
+ */
+
+START_TEST(test_asn1_parse_algorithmIdentifier)
+{
+ typedef struct {
+ int alg;
+ bool empty;
+ chunk_t parameters;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_ECDSA_WITH_SHA1, TRUE, chunk_empty },
+ { OID_SHA1_WITH_RSA, TRUE, chunk_from_chars(0x05, 0x00) },
+ { OID_3DES_EDE_CBC, FALSE, chunk_from_chars(0x04, 0x01, 0xaa) },
+ { OID_PBKDF2, FALSE, chunk_from_chars(0x30, 0x01, 0xaa) }
+ };
+
+ chunk_t algid, parameters;
+ int i, alg;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ algid = asn1_wrap(ASN1_SEQUENCE, "mc",
+ asn1_build_known_oid(test[i].alg), test[i].parameters);
+ parameters = chunk_empty;
+ if (i == 2)
+ {
+ alg = asn1_parse_algorithmIdentifier(algid, 0, NULL);
+ }
+ else
+ {
+ alg = asn1_parse_algorithmIdentifier(algid, 0, &parameters);
+ if (test[i].empty)
+ {
+ ck_assert(parameters.len == 0 && parameters.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(parameters, test[i].parameters));
+ }
+ }
+ ck_assert(alg == test[i].alg);
+ chunk_free(&algid);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * known_oid
+ */
+
+START_TEST(test_asn1_known_oid)
+{
+ typedef struct {
+ int n;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_UNKNOWN, chunk_empty },
+ { OID_UNKNOWN, chunk_from_chars(0x55, 0x04, 0x02) },
+ { OID_COUNTRY, chunk_from_chars(0x55, 0x04, 0x06) },
+ { OID_STRONGSWAN, chunk_from_chars(0x2b, 0x06, 0x01, 0x04, 0x01,
+ 0x82, 0xa0, 0x2a, 0x01) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_known_oid(test[i].oid) == test[i].n);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * build_known_oid
+ */
+
+START_TEST(test_asn1_build_known_oid)
+{
+ typedef struct {
+ int n;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { OID_UNKNOWN, chunk_empty },
+ { OID_MAX, chunk_empty },
+ { OID_COUNTRY, chunk_from_chars(0x06, 0x03, 0x55, 0x04, 0x06) },
+ { OID_STRONGSWAN, chunk_from_chars(0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
+ 0x01, 0x82, 0xa0, 0x2a, 0x01) }
+ };
+
+ int i;
+ chunk_t oid = chunk_empty;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ oid = asn1_build_known_oid(test[i].n);
+ if (test[i].oid.len == 0)
+ {
+ ck_assert(oid.len == 0 && oid.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(oid, test[i].oid));
+ chunk_free(&oid);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * oid_from_string
+ */
+
+START_TEST(test_asn1_oid_from_string)
+{
+ typedef struct {
+ char *string;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { "", chunk_empty },
+ { " ", chunk_empty },
+ { "0.2.262.1", chunk_from_chars(
+ 0x02, 0x82, 0x06, 0x01) },
+ { "1.2.840.10045.4.1", chunk_from_chars(
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { "1.3.6.1.4.1.36906.1", chunk_from_chars(
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) },
+ { "2.16.840.1.101.3.4.2.1", chunk_from_chars(
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) },
+ { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455",
+ chunk_from_chars(0x0a,0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d,
+ 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00,
+ 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) },
+ { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137."
+ "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388."
+ "2097153", chunk_from_chars(
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x81, 0x00, 0x81, 0x01, 0x81, 0x02, 0x81, 0x03, 0x81, 0x04,
+ 0x81, 0x05, 0x81, 0x06, 0x81, 0x07, 0x81, 0x08, 0x81, 0x09,
+ 0x82, 0x00, 0x82, 0x01, 0x82, 0x02, 0x82, 0x03, 0x82, 0x04,
+ 0x82, 0x05, 0x82, 0x06, 0x82, 0x07, 0x82, 0x08, 0x82, 0x09,
+ 0x83, 0x00, 0x83, 0x01, 0x83, 0x02, 0x83, 0x03, 0x83, 0x04,
+ 0x81, 0x80, 0x80, 0x01) },
+ { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137."
+ "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388."
+ "1.2097153", chunk_empty },
+ { "1.a.2.b.3", chunk_empty }
+ };
+
+ int i;
+ chunk_t oid = chunk_empty;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ oid = asn1_oid_from_string(test[i].string);
+ if (test[i].oid.len == 0)
+ {
+ ck_assert(oid.len == 0 && oid.ptr == NULL);
+ }
+ else
+ {
+ ck_assert(chunk_equals(oid, test[i].oid));
+ chunk_free(&oid);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * oid_to_string
+ */
+
+START_TEST(test_asn1_oid_to_string)
+{
+ typedef struct {
+ char *string;
+ chunk_t oid;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { NULL, chunk_empty },
+ { "0.2.262.1", chunk_from_chars(
+ 0x02, 0x82, 0x06, 0x01) },
+ { "1.2.840.10045.4.1", chunk_from_chars(
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) },
+ { "1.3.6.1.4.1.36906.1", chunk_from_chars(
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) },
+ { "2.16.840.1.101.3.4.2.1", chunk_from_chars(
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) },
+ { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455",
+ chunk_from_chars( 0x0a, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d,
+ 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00,
+ 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) },
+ { NULL, chunk_from_chars(
+ 0x0a, 0x02, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d, 0x20,
+ 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00, 0xaf, 0xd7, 0xc2, 0x00,
+ 0xff, 0xff, 0xff, 0x7f) },
+ { NULL, chunk_from_chars(0x0a, 0x87) }
+ };
+
+ int i;
+ char *string = NULL;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ string = asn1_oid_to_string(test[i].oid);
+ if (test[i].string == NULL)
+ {
+ ck_assert(string == NULL);
+ }
+ else
+ {
+ ck_assert(streq(string, test[i].string));
+ free(string);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * length
+ */
+
+START_TEST(test_asn1_length)
+{
+ chunk_t a;
+
+ a = chunk_empty;
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x00);
+ ck_assert(asn1_length(&a) == 0);
+
+ a = chunk_from_chars(0x04, 0x01);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x01, 0xaa);
+ ck_assert(asn1_length(&a) == 1);
+
+ a = chunk_from_chars(0x04, 0x7f, 0xaa);
+ a.len = 2 + 127;
+ ck_assert(asn1_length(&a) == 127);
+
+ a = chunk_from_chars(0x04, 0x80, 0xaa);
+ a.len = 2 + 128;
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81, 0x00);
+ ck_assert(asn1_length(&a) == 0);
+
+ a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa);
+ ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH);
+
+ a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa);
+ a.len = 3 + 128;
+ ck_assert(asn1_length(&a) == 128);
+
+ a = chunk_from_chars(0x04, 0x82, 0x01, 0x02, 0xaa);
+ a.len = 4 + 258;
+ ck_assert(asn1_length(&a) == 258);
+
+ a = chunk_from_chars(0x04, 0x83, 0x01, 0x02, 0x03, 0xaa);
+ a.len = 5 + 66051;
+ ck_assert(asn1_length(&a) == 66051);
+
+ a = chunk_from_chars(0x04, 0x84, 0x01, 0x02, 0x03, 0x04, 0xaa);
+ a.len = 6 + 16909060;
+ ck_assert(asn1_length(&a) == 16909060);
+
+ /* largest chunk on 32 bit system */
+ a = chunk_from_chars(0x04, 0x84, 0xff, 0xff, 0xff, 0xf9, 0xaa);
+ a.len = 4294967295;
+ ck_assert(asn1_length(&a) == 4294967289);
+
+}
+END_TEST
+
+/*******************************************************************************
+ * unwrap
+ */
+
+START_TEST(test_asn1_unwrap)
+{
+ chunk_t c0 = chunk_from_chars(0x30);
+ chunk_t c1 = chunk_from_chars(0x30, 0x01, 0xaa);
+ chunk_t c2 = chunk_from_chars(0x30, 0x80);
+ chunk_t c3 = chunk_from_chars(0x30, 0x81);
+ chunk_t c4 = chunk_from_chars(0x30, 0x81, 0x01, 0xaa);
+ chunk_t c5 = chunk_from_chars(0x30, 0x81, 0x02, 0xaa);
+
+ chunk_t inner;
+ chunk_t inner_ref = chunk_from_chars(0xaa);
+
+ ck_assert(asn1_unwrap(&c0, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c1, &inner) == ASN1_SEQUENCE);
+
+ ck_assert(chunk_equals(inner, inner_ref));
+
+ ck_assert(asn1_unwrap(&c2, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c3, &inner) == ASN1_INVALID);
+
+ ck_assert(asn1_unwrap(&c4, &inner) == ASN1_SEQUENCE);
+
+ ck_assert(chunk_equals(inner, inner_ref));
+
+ ck_assert(asn1_unwrap(&c5, &inner) == ASN1_INVALID);
+}
+END_TEST
+
+/*******************************************************************************
+ * is_asn1
+ */
+
+START_TEST(test_is_asn1)
+{
+ typedef struct {
+ bool asn1;
+ chunk_t chunk;
+ } testdata_t;
+
+ u_char buf[8];
+ chunk_t chunk_zero = { buf, 0 };
+ chunk_t chunk_mean = { 0, 1 };
+
+ testdata_t test[] = {
+ { FALSE, chunk_zero },
+ { FALSE, chunk_empty },
+ { FALSE, chunk_mean },
+ { TRUE, chunk_from_chars(0x30, 0x00) },
+ { TRUE, chunk_from_chars(0x31, 0x00) },
+ { TRUE, chunk_from_chars(0x04, 0x00) },
+ { FALSE, chunk_from_chars(0x02, 0x00) },
+ { FALSE, chunk_from_chars(0x30, 0x01) },
+ { FALSE, chunk_from_chars(0x30, 0x80) },
+ { TRUE, chunk_from_chars(0x30, 0x01, 0xa1) },
+ { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2) },
+ { TRUE, chunk_from_chars(0x30, 0x01, 0xa1, 0x0a) },
+ { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2, 0x0a) },
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(is_asn1(test[i].chunk) == test[i].asn1);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * is_printablestring
+ */
+
+START_TEST(test_asn1_is_printablestring)
+{
+ typedef struct {
+ bool printable;
+ char *string;
+ } testdata_t;
+
+
+ testdata_t test[] = {
+ { TRUE, "" },
+ { TRUE, "Z" },
+ { FALSE, "Z#" },
+ { FALSE, "&Z" },
+ { FALSE, "Z@z" },
+ { FALSE, "!" }, { FALSE, "*" }, { FALSE, "$" }, { FALSE, "%" },
+ { FALSE, "[" }, { FALSE, "]" }, { FALSE, "{" }, { FALSE, "}" },
+ { FALSE, "|" }, { FALSE, "~" }, { FALSE, "^" }, { FALSE, "_" },
+ { FALSE, "\"" }, { FALSE, "\\" }, { FALSE, "ä" }, { FALSE, "à" },
+ { TRUE, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ "0123456789 '()+,-./:=?" },
+ };
+
+ chunk_t chunk;
+ int i;
+
+ ck_assert(asn1_is_printablestring(chunk_empty));
+
+ for (i = 0; i < countof(test); i++)
+ {
+ chunk = chunk_from_str(test[i].string);
+ ck_assert(asn1_is_printablestring(chunk) == test[i].printable);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * to_time
+ */
+
+START_TEST(test_asn1_to_time)
+{
+ typedef struct {
+ time_t time;
+ u_int8_t type;
+ char *string;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352980, 0x18, "197001050203Z" },
+ { 352984, 0x18, "19700105020304Z" },
+ { 352980, 0x17, "7001050203Z" },
+ { 347580, 0x17, "7001050203+0130" },
+ { 358380, 0x17, "7001050203-0130" },
+ { 352984, 0x17, "700105020304Z" },
+ { 347584, 0x17, "700105020304+0130" },
+ { 358384, 0x17, "700105020304-0130" },
+ { 0, 0x17, "700105020304+01" },
+ { 0, 0x17, "700105020304-01" },
+ { 0, 0x17, "700105020304" },
+ { 0, 0x17, "70010502Z" },
+ { 0, 0x17, "7001050203xxZ" },
+ { 0, 0x17, "7000050203Z" },
+ { 0, 0x17, "7013050203Z" },
+ { 0, 0x17, "7001004203Z" },
+ { 0, 0x17, "7001320203Z" },
+ { 0, 0x17, "700101-103Z" },
+ { 0, 0x17, "7001016003Z" },
+ { 0, 0x17, "70010102-1Z" },
+ { 0, 0x17, "7001010260Z" },
+ { 0, 0x17, "7001010203-1Z" },
+ { 0, 0x17, "700101020361Z" },
+ { -631152000, 0x17, "500101000000Z" }, /* UTCTime min */
+ { 59, 0x17, "691231235959-0001" },
+ { -1, 0x17, "691231235959Z" },
+ { 0, 0x17, "700101000000Z" },
+ { -60, 0x17, "700101000000+0001" },
+ { 2524607999UL, 0x17, "491231235959Z" }, /* UTCTime max */
+ { 5097600, 0x17, "7003010000Z" },
+ { 68256000, 0x17, "7203010000Z" },
+ { 951868800, 0x17, "0003010000Z" },
+ { 4107542400UL, 0x18, "210003010000Z" }
+ };
+
+ int i;
+ chunk_t chunk;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ if (sizeof(time_t) == 4 && test[i].time < 0)
+ {
+ continue;
+ }
+ chunk = chunk_from_str(test[i].string);
+ ck_assert(asn1_to_time(&chunk, test[i].type) == test[i].time);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * from_time
+ */
+
+START_TEST(test_asn1_from_time)
+{
+ typedef struct {
+ time_t time;
+ u_int8_t type;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352984, 0x18, chunk_from_chars(
+ 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 352984, 0x17, chunk_from_chars(
+ 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 1078099200, 0x17, chunk_from_chars(
+ 0x17, 0x0d, 0x30, 0x34, 0x30, 0x33, 0x30, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) },
+ { 4107542400UL, 0x18, chunk_from_chars(
+ 0x18, 0x0f, 0x32, 0x31, 0x30, 0x30, 0x30, 0x33, 0x30, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) }
+ };
+
+ int i;
+ chunk_t chunk;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ if (sizeof(time_t) == 4 && test[i].time < 0)
+ {
+ continue;
+ }
+ chunk = asn1_from_time(&test[i].time, test[i].type);
+ ck_assert(chunk_equals(chunk, test[i].chunk));
+ free(chunk.ptr);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_time
+ */
+
+START_TEST(test_asn1_parse_time)
+{
+ typedef struct {
+ time_t time;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { 352984, chunk_from_chars(
+ 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 352984, chunk_from_chars(
+ 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35,
+ 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) },
+ { 0, chunk_from_chars(0x05, 0x00) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_parse_time(test[i].chunk, 0) == test[i].time);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * build_object
+ */
+
+START_TEST(test_asn1_build_object)
+{
+ typedef struct {
+ size_t len;
+ size_t size;
+ u_char *b;
+ } testdata_t;
+
+ u_char b0[] = { 0x05, 0x00 };
+ u_char b1[] = { 0x04, 0x7f };
+ u_char b2[] = { 0x04, 0x81, 0x80 };
+ u_char b3[] = { 0x04, 0x81, 0xff };
+ u_char b4[] = { 0x04, 0x82, 0x01, 0x00 };
+ u_char b5[] = { 0x04, 0x82, 0xff, 0xff };
+ u_char b6[] = { 0x04, 0x83, 0x01, 0x00, 0x00 };
+
+ testdata_t test[] = {
+ { 0, sizeof(b0), b0 },
+ { 127, sizeof(b1), b1 },
+ { 128, sizeof(b2), b2 },
+ { 255, sizeof(b3), b3 },
+ { 256, sizeof(b4), b4 },
+ { 65535, sizeof(b5), b5 },
+ { 65536, sizeof(b6), b6 }
+ };
+
+ chunk_t a = chunk_empty;
+ u_char *pos;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ pos = asn1_build_object(&a, test[i].b[0], test[i].len);
+ ck_assert(pos == (a.ptr + test[i].size));
+ ck_assert(a.len == test[i].size + test[i].len);
+ ck_assert(memeq(a.ptr, test[i].b, test[i].size));
+ chunk_free(&a);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * simple_object
+ */
+
+START_TEST(test_asn1_simple_object)
+{
+ chunk_t a = chunk_empty;
+ chunk_t b = chunk_from_chars(0x04, 0x05, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5);
+ chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4, 0xa5);
+
+ a = asn1_simple_object(0x04, c);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_simple_object
+ */
+
+START_TEST(test_asn1_parse_simple_object)
+{
+ typedef struct {
+ bool res;
+ int type;
+ chunk_t chunk;
+ } testdata_t;
+
+ testdata_t test[] = {
+ { FALSE, 0x04, chunk_from_chars(0x04) },
+ { FALSE, 0x04, chunk_from_chars(0x02, 0x01, 0x55) },
+ { FALSE, 0x04, chunk_from_chars(0x04, 0x01) },
+ { TRUE, 0x04, chunk_from_chars(0x04, 0x01, 0x55) },
+ { TRUE, 0x06, chunk_from_chars(0x06, 0x02, 0x55, 0x03) },
+ { TRUE, 0x06, chunk_from_chars(0x06, 0x00) },
+ { TRUE, 0x13, chunk_from_chars(0x13, 0x01, 0x55), }
+ };
+
+ int i;
+ bool res;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ res = asn1_parse_simple_object(&test[i].chunk, test[i].type, 0, "test");
+ ck_assert(res == test[i].res);
+ if (res && test[i].chunk.len)
+ {
+ ck_assert(*test[i].chunk.ptr == 0x55);
+ }
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * bitstring
+ */
+
+START_TEST(test_asn1_bitstring)
+{
+ chunk_t a = chunk_empty;
+ chunk_t b = chunk_from_chars(0x03, 0x05, 0x00, 0xa1, 0xa2, 0xa3, 0xa4);
+ chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4);
+ chunk_t d = chunk_clone(c);
+
+ a = asn1_bitstring("c", c);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+
+ a = asn1_bitstring("m", d);
+ ck_assert(chunk_equals(a, b));
+ chunk_free(&a);
+}
+END_TEST
+
+/*******************************************************************************
+ * integer
+ */
+
+START_TEST(test_asn1_integer)
+{
+ typedef struct {
+ chunk_t b;
+ chunk_t c;
+ } testdata_t;
+
+ chunk_t b0 = chunk_from_chars(0x02, 0x01, 0x00);
+ chunk_t b1 = chunk_from_chars(0x02, 0x01, 0x7f);
+ chunk_t b2 = chunk_from_chars(0x02, 0x02, 0x00, 0x80);
+
+ chunk_t c0 = chunk_empty;
+ chunk_t c1 = chunk_from_chars(0x7f);
+ chunk_t c2 = chunk_from_chars(0x80);
+ chunk_t c3 = chunk_from_chars(0x00, 0x80);
+
+ testdata_t test[] = {
+ { b0, c0 },
+ { b1, c1 },
+ { b2, c2 },
+ { b2, c3 }
+ };
+
+ chunk_t a = chunk_empty;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ a = asn1_integer("c", test[i].c);
+ ck_assert(chunk_equals(a, test[i].b));
+ chunk_free(&a);
+
+ a = asn1_integer("m", chunk_clone(test[i].c));
+ ck_assert(chunk_equals(a, test[i].b));
+ chunk_free(&a);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * parse_integer_uint64
+ */
+
+START_TEST(test_asn1_parse_integer_uint64)
+{
+ typedef struct {
+ u_int64_t n;
+ chunk_t chunk;
+ } testdata_t;
+
+
+ testdata_t test[] = {
+ { 67305985ULL, chunk_from_chars(
+ 0x04, 0x03, 0x02, 0x01) },
+ { 578437695752307201ULL, chunk_from_chars(
+ 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01) },
+ { 18446744073709551615ULL, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff) }
+ };
+
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ ck_assert(asn1_parse_integer_uint64(test[i].chunk) == test[i].n);
+ }
+}
+END_TEST
+
+Suite *asn1_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("asn1");
+
+ tc = tcase_create("algorithmIdentifier");
+ tcase_add_test(tc, test_asn1_algorithmIdentifier);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_algorithmIdentifier");
+ tcase_add_test(tc, test_asn1_parse_algorithmIdentifier);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("known_oid");
+ tcase_add_test(tc, test_asn1_known_oid);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("build_known_oid");
+ tcase_add_test(tc, test_asn1_build_known_oid);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("oid_from_string");
+ tcase_add_test(tc, test_asn1_oid_from_string);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("oid_to_string");
+ tcase_add_test(tc, test_asn1_oid_to_string);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("length");
+ tcase_add_test(tc, test_asn1_length);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("unwrap");
+ tcase_add_test(tc, test_asn1_unwrap);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_asn1");
+ tcase_add_test(tc, test_is_asn1);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_printablestring");
+ tcase_add_test(tc, test_asn1_is_printablestring);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_time");
+ tcase_add_test(tc, test_asn1_to_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_time");
+ tcase_add_test(tc, test_asn1_from_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_time");
+ tcase_add_test(tc, test_asn1_parse_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("build_object");
+ tcase_add_test(tc, test_asn1_build_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("simple_object");
+ tcase_add_test(tc, test_asn1_simple_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_simple_object");
+ tcase_add_test(tc, test_asn1_parse_simple_object);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("bitstring");
+ tcase_add_test(tc, test_asn1_bitstring);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("integer");
+ tcase_add_test(tc, test_asn1_integer);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse_integer_uint64");
+ tcase_add_test(tc, test_asn1_parse_integer_uint64);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_asn1_parser.c b/src/libstrongswan/tests/suites/test_asn1_parser.c
new file mode 100644
index 000000000..973562bff
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_asn1_parser.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <asn1/asn1_parser.h>
+#include <utils/chunk.h>
+
+/*******************************************************************************
+ * utilities
+ */
+
+typedef struct {
+ bool success;
+ int count;
+ chunk_t blob;
+} asn1_test_t;
+
+static void run_parser_test(const asn1Object_t *objects, int id,
+ asn1_test_t *test)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, count = 0;
+ bool success;
+
+ parser = asn1_parser_create(objects, test->blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ if (objectID == id)
+ {
+ count++;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success == test->success && count == test->count);
+}
+
+/*******************************************************************************
+ * length
+ */
+
+static const asn1Object_t octetStringObjects[] = {
+ { 0, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 0 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+asn1_test_t length_tests[] = {
+ { FALSE, 0, { NULL, 0 } },
+ { FALSE, 0, chunk_from_chars(0x04) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x00) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x7f) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x80) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x81) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x00) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x81, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x82, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x82, 0x00, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01, 0xaa) },
+ { FALSE, 0, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01, 0xaa) },
+};
+
+START_TEST(test_asn1_parser_length)
+{
+ run_parser_test(octetStringObjects, 0, &length_tests[_i]);
+}
+END_TEST
+
+/*******************************************************************************
+ * loop
+ */
+
+static const asn1Object_t loopObjects[] = {
+ { 0, "loopObjects", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+asn1_test_t loop_tests[] = {
+ { TRUE, 0, chunk_from_chars(0x30, 0x00) },
+ { FALSE, 0, chunk_from_chars(0x30, 0x02, 0x04, 0x01) },
+ { TRUE, 1, chunk_from_chars(0x30, 0x03, 0x04, 0x01, 0xaa) },
+ { TRUE, 2, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x04, 0x00) },
+ { FALSE, 1, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x05, 0x00) },
+ { TRUE, 3, chunk_from_chars(0x30, 0x09, 0x04, 0x01, 0xaa, 0x04, 0x00,
+ 0x04, 0x02, 0xbb, 0xcc) },
+};
+
+START_TEST(test_asn1_parser_loop)
+{
+ run_parser_test(loopObjects, 1, &loop_tests[_i]);
+}
+END_TEST
+
+/*******************************************************************************
+ * default
+ */
+
+typedef struct {
+ int i1, i2, i3;
+ chunk_t blob;
+} default_opt_test_t;
+
+static const asn1Object_t defaultObjects[] = {
+ { 0, "defaultObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "explicit int1", ASN1_CONTEXT_C_1, ASN1_DEF }, /* 1 */
+ { 2, "int1", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "int2", ASN1_INTEGER, ASN1_DEF|ASN1_BODY }, /* 3 */
+ { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_DEF|ASN1_BODY }, /* 4 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+default_opt_test_t default_tests[] = {
+ { -1, -2, -3, chunk_from_chars(0x30, 0x00) },
+ { 1, -2, -3, chunk_from_chars(0x30, 0x05, 0xa1, 0x03, 0x02, 0x01, 0x01) },
+ { -1, 2, -3, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) },
+ { -1, -2, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) },
+ { 1, 2, -3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02) },
+ { 1, -2, 3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x83, 0x01, 0x03) },
+ { -1, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 0, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x04, 0x01, 0xaa,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x05, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x02, 0x03) },
+};
+
+START_TEST(test_asn1_parser_default)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, i1 = 0, i2 = 0, i3 = 0;
+ bool success;
+
+ parser = asn1_parser_create(defaultObjects, default_tests[_i].blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case 2:
+ i1 = object.len ? *object.ptr : -1;
+ break;
+ case 3:
+ i2 = object.len ? *object.ptr : -2;
+ break;
+ case 4:
+ i3 = object.len ? *object.ptr : -3;
+ break;
+ default:
+ break;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success == (default_tests[_i].i1 &&
+ default_tests[_i].i2 &&
+ default_tests[_i].i3));
+
+ ck_assert(i1 == default_tests[_i].i1 &&
+ i2 == default_tests[_i].i2 &&
+ i3 == default_tests[_i].i3);
+}
+END_TEST
+
+/*******************************************************************************
+ * option
+ */
+
+static const asn1Object_t optionObjects[] = {
+ { 0, "optionalObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "sequence int1", ASN1_SEQUENCE, ASN1_OPT }, /* 1 */
+ { 2, "int1", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
+ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "int2", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 5 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
+ { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 7 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 8 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+
+default_opt_test_t option_tests[] = {
+ { 0, 0, 0, chunk_from_chars(0x30, 0x00) },
+ { 1, 0, 0, chunk_from_chars(0x30, 0x05, 0x30, 0x03, 0x02, 0x01, 0x01) },
+ { 0, 2, 0, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) },
+ { 0, 0, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) },
+ { 1, 2, 0, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02) },
+ { 1, 0, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x83, 0x01, 0x03) },
+ { 0, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0x30, 0x03, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+ { 0, 2, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x00,
+ 0x02, 0x01, 0x02,
+ 0x83, 0x01, 0x03) },
+};
+
+START_TEST(test_asn1_parser_option)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, i1 = 0, i2 = 0, i3 = 0;
+ bool success;
+
+ parser = asn1_parser_create(optionObjects, option_tests[_i].blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case 2:
+ i1 = *object.ptr;
+ break;
+ case 5:
+ i2 = *object.ptr;
+ break;
+ case 7:
+ i3 = *object.ptr;
+ break;
+ default:
+ break;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ ck_assert(success);
+
+ ck_assert(i1 == option_tests[_i].i1 &&
+ i2 == option_tests[_i].i2 &&
+ i3 == option_tests[_i].i3);
+}
+END_TEST
+
+Suite *asn1_parser_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("asn1_parser");
+
+ tc = tcase_create("length");
+ tcase_add_loop_test(tc, test_asn1_parser_length, 0, countof(length_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("loop");
+ tcase_add_loop_test(tc, test_asn1_parser_loop, 0, countof(loop_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("default");
+ tcase_add_loop_test(tc, test_asn1_parser_default, 0, countof(default_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("option");
+ tcase_add_loop_test(tc, test_asn1_parser_option, 0, countof(option_tests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c
index 45b20db00..6a9743d62 100644
--- a/src/libstrongswan/tests/test_bio_reader.c
+++ b/src/libstrongswan/tests/suites/test_bio_reader.c
@@ -329,7 +329,7 @@ END_TEST
*/
#define assert_read_data_len(bits) ({ \
- bio_reader_t *reader; \
+ bio_reader_t *reader; \
chunk_t read, data; \
int i, len = bits / 8; \
data = chunk_empty; \
diff --git a/src/libstrongswan/tests/test_bio_writer.c b/src/libstrongswan/tests/suites/test_bio_writer.c
index 665cd2d7c..e74288eb7 100644
--- a/src/libstrongswan/tests/test_bio_writer.c
+++ b/src/libstrongswan/tests/suites/test_bio_writer.c
@@ -181,7 +181,7 @@ END_TEST
*/
#define assert_write_data_len(init, bits) ({ \
- bio_writer_t *writer; \
+ bio_writer_t *writer; \
chunk_t buf, data; \
int i, len = bits / 8; \
writer = bio_writer_create(init); \
@@ -240,7 +240,7 @@ END_TEST
*/
#define assert_wrap_data(init, bits) ({ \
- bio_writer_t *writer; \
+ bio_writer_t *writer; \
chunk_t buf, data; \
int i, len = bits / 8; \
writer = bio_writer_create(init); \
diff --git a/src/libstrongswan/tests/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
index 8e29971c1..e373fbdb6 100644
--- a/src/libstrongswan/tests/test_chunk.c
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -14,10 +14,16 @@
* for more details.
*/
-
#include "test_suite.h"
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
#include <utils/chunk.h>
+#include <threading/thread.h>
/*******************************************************************************
* utilities
@@ -672,6 +678,31 @@ static const u_char sip_vectors[64][8] =
{ 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
};
+/**
+ * Our SipHash-2-4 implementation returns the result in host order, which
+ * doesn't matter for practical purposes and even avoids a byte swap. But
+ * because the test vectors are in little-endian we have to account for this
+ * with this custom comparison function.
+ */
+static inline bool sipeq(const void *a, const void *b, size_t n)
+{
+ u_char *ap = (u_char*)a, *bp = (u_char*)b;
+ int i;
+
+ for (i = 0; i < n; i++)
+ {
+#ifdef WORDS_BIGENDIAN
+ if (ap[i] != bp[n - i - 1])
+#else
+ if (ap[i] != bp[i])
+#endif
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
START_TEST(test_chunk_mac)
{
chunk_t in;
@@ -692,7 +723,7 @@ START_TEST(test_chunk_mac)
in.ptr[i] = i;
in.len = i;
out = chunk_mac(in, key);
- fail_unless(memeq(&out, sip_vectors[i], 8),
+ fail_unless(sipeq(&out, sip_vectors[i], 8),
"test vector failed for %d bytes", i);
}
}
@@ -739,7 +770,7 @@ START_TEST(test_chunk_hash_static)
in.len = i;
/* compared to chunk_mac() we only get half the value back */
out = chunk_hash_static(in);
- fail_unless(memeq(&out, sip_vectors[i], 4),
+ fail_unless(sipeq(&out, sip_vectors[i], 4),
"test vector failed for %d bytes", i);
}
hash_a = chunk_hash_static_inc(in, out);
@@ -750,6 +781,116 @@ START_TEST(test_chunk_hash_static)
END_TEST
/*******************************************************************************
+ * test for chunk_map and friends
+ */
+
+START_TEST(test_chunk_map)
+{
+ chunk_t *map, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ char *path = "/tmp/strongswan-chunk-map-test";
+
+ ck_assert(chunk_write(contents, path, 022, TRUE));
+
+ /* read */
+ map = chunk_map(path, FALSE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ /* altering mapped chunk should not hurt */
+ *map = chunk_empty;
+ ck_assert(chunk_unmap(map));
+
+ /* write */
+ map = chunk_map(path, TRUE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ map->ptr[0] = 0x06;
+ ck_assert(chunk_unmap(map));
+
+ /* verify write */
+ contents.ptr[0] = 0x06;
+ map = chunk_map(path, FALSE);
+ ck_assert(map != NULL);
+ ck_assert_msg(chunk_equals(*map, contents), "%B", map);
+ ck_assert(chunk_unmap(map));
+
+ unlink(path);
+}
+END_TEST
+
+/*******************************************************************************
+ * test for chunk_from_fd
+ */
+
+START_TEST(test_chunk_from_fd_file)
+{
+ chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ char *path = "/tmp/strongswan-chunk-fd-test";
+ int fd;
+
+ ck_assert(chunk_write(contents, path, 022, TRUE));
+
+ fd = open(path, O_RDONLY);
+ ck_assert(fd != -1);
+
+ ck_assert(chunk_from_fd(fd, &in));
+ close(fd);
+ ck_assert_msg(chunk_equals(in, contents), "%B", &in);
+ unlink(path);
+ free(in.ptr);
+}
+END_TEST
+
+START_TEST(test_chunk_from_fd_skt)
+{
+ chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05);
+ int s[2];
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0);
+ ck_assert(write(s[1], contents.ptr, contents.len) == contents.len);
+ close(s[1]);
+ ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno));
+ close(s[0]);
+ ck_assert_msg(chunk_equals(in, contents), "%B", &in);
+ free(in.ptr);
+}
+END_TEST
+
+#define FROM_FD_COUNT 8192
+
+void *chunk_from_fd_run(void *data)
+{
+ int i, fd = (uintptr_t)data;
+
+ for (i = 0; i < FROM_FD_COUNT; i++)
+ {
+ ck_assert(write(fd, &i, sizeof(i)) == sizeof(i));
+ }
+ close(fd);
+ return NULL;
+}
+
+START_TEST(test_chunk_from_fd_huge)
+{
+ thread_t *thread;
+ chunk_t in;
+ int s[2], i;
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0);
+
+ thread = thread_create(chunk_from_fd_run, (void*)(uintptr_t)s[1]);
+ ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno));
+ ck_assert_int_eq(in.len, FROM_FD_COUNT * sizeof(i));
+ for (i = 0; i < FROM_FD_COUNT; i++)
+ {
+ ck_assert_int_eq(((int*)in.ptr)[i], i);
+ }
+ thread->join(thread);
+ close(s[0]);
+ free(in.ptr);
+}
+END_TEST
+
+/*******************************************************************************
* printf_hook tests
*/
@@ -866,6 +1007,16 @@ Suite *chunk_suite_create()
tcase_add_test(tc, test_chunk_hash_static);
suite_add_tcase(s, tc);
+ tc = tcase_create("chunk_map");
+ tcase_add_test(tc, test_chunk_map);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("chunk_from_fd");
+ tcase_add_test(tc, test_chunk_from_fd_file);
+ tcase_add_test(tc, test_chunk_from_fd_skt);
+ tcase_add_test(tc, test_chunk_from_fd_huge);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("printf_hook");
tcase_add_loop_test(tc, test_printf_hook_hash, 0, countof(printf_hook_data));
tcase_add_loop_test(tc, test_printf_hook_plus, 0, countof(printf_hook_data));
diff --git a/src/libstrongswan/tests/suites/test_crypter.c b/src/libstrongswan/tests/suites/test_crypter.c
new file mode 100644
index 000000000..4e7550aee
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_crypter.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/crypters/crypter.h>
+#include <asn1/oid.h>
+#include <utils/test.h>
+
+typedef struct {
+ int oid;
+ encryption_algorithm_t alg;
+ size_t key_size;
+}crypter_oid_t;
+
+static crypter_oid_t oids[] = {
+ { OID_UNKNOWN, ENCR_AES_CBC, 0 },
+ { OID_UNKNOWN, ENCR_CAMELLIA_CBC, 0 },
+ { OID_UNKNOWN, ENCR_UNDEFINED, 0 },
+ { OID_DES_CBC, ENCR_DES, 0 },
+ { OID_3DES_EDE_CBC, ENCR_3DES, 0 },
+ { OID_AES128_CBC, ENCR_AES_CBC, 128 },
+ { OID_AES192_CBC, ENCR_AES_CBC, 192 },
+ { OID_AES256_CBC, ENCR_AES_CBC, 256 },
+ { OID_CAMELLIA128_CBC, ENCR_CAMELLIA_CBC, 128 },
+ { OID_CAMELLIA192_CBC, ENCR_CAMELLIA_CBC, 192 },
+ { OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 }
+};
+
+START_TEST(test_crypter_from_oid)
+{
+ size_t key_size;
+
+ ck_assert(encryption_algorithm_from_oid(oids[_i].oid, NULL) ==
+ oids[_i].alg);
+ ck_assert(encryption_algorithm_from_oid(oids[_i].oid, &key_size) ==
+ oids[_i].alg);
+ ck_assert(key_size == oids[_i].key_size);
+}
+END_TEST
+
+START_TEST(test_crypter_to_oid)
+{
+ ck_assert(encryption_algorithm_to_oid(oids[_i].alg,
+ oids[_i].key_size) == oids[_i].oid);
+}
+END_TEST
+
+typedef struct {
+ encryption_algorithm_t alg;
+ bool is_aead;
+}crypter_aead_t;
+
+static crypter_aead_t aead[] = {
+ { ENCR_AES_CCM_ICV8, TRUE },
+ { ENCR_AES_CCM_ICV12, TRUE },
+ { ENCR_AES_CCM_ICV16, TRUE },
+ { ENCR_AES_GCM_ICV8, TRUE },
+ { ENCR_AES_GCM_ICV12, TRUE },
+ { ENCR_AES_GCM_ICV16, TRUE },
+ { ENCR_NULL_AUTH_AES_GMAC, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV8, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV12, TRUE },
+ { ENCR_CAMELLIA_CCM_ICV16, TRUE },
+ { ENCR_AES_CBC, FALSE },
+ { ENCR_CAMELLIA_CBC, FALSE }
+};
+
+START_TEST(test_crypter_is_aead)
+{
+ ck_assert(encryption_algorithm_is_aead(aead[_i].alg) == aead[_i].is_aead);
+}
+END_TEST
+
+Suite *crypter_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("crypter");
+
+ tc = tcase_create("from_oid");
+ tcase_add_loop_test(tc, test_crypter_from_oid, 2, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_oid");
+ tcase_add_loop_test(tc, test_crypter_to_oid, 0, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is_aead");
+ tcase_add_loop_test(tc, test_crypter_is_aead, 0, countof(aead));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
index 2955bae2f..3c842996d 100644
--- a/src/libstrongswan/tests/test_ecdsa.c
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -222,11 +222,17 @@ Suite *ecdsa_suite_create()
{
Suite *s;
TCase *tc;
+ int gen_count = countof(key_sizes);
s = suite_create("ecdsa");
+ if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL)
+ {
+ gen_count = min(1, gen_count);
+ }
+
tc = tcase_create("generate");
- tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
+ tcase_add_loop_test(tc, test_gen, 0, gen_count);
suite_add_tcase(s, tc);
tc = tcase_create("load");
diff --git a/src/libstrongswan/tests/test_enum.c b/src/libstrongswan/tests/suites/test_enum.c
index 990d9cfad..990d9cfad 100644
--- a/src/libstrongswan/tests/test_enum.c
+++ b/src/libstrongswan/tests/suites/test_enum.c
diff --git a/src/libstrongswan/tests/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c
index b5dde4650..b5dde4650 100644
--- a/src/libstrongswan/tests/test_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_enumerator.c
diff --git a/src/libstrongswan/tests/suites/test_fetch_http.c b/src/libstrongswan/tests/suites/test_fetch_http.c
new file mode 100644
index 000000000..8749ff375
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_fetch_http.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+#include <time.h>
+
+/**
+ * HTTP test definition
+ */
+typedef struct {
+ /* HTTP Method */
+ char *meth;
+ /* HTTP 1.x minor version */
+ int minor;
+ /* host to connect to */
+ char *host;
+ /* HTTP service port */
+ int port;
+ /* path on host to fetch from */
+ char *path;
+ /* request Content-Type, if any */
+ char *type;
+ /* request data, if any */
+ void *req;
+ /* length of request data */
+ int req_len;
+ /* response data, if any */
+ void *res;
+ /* length of response data */
+ int res_len;
+} test_service_t;
+
+static char large[] = {
+ 0x88,0x3e,0xa3,0xe3,0x95,0x67,0x53,0x93,0xc8,0xce,0x5c,0xcd,0x8c,0x03,0x0c,0xa8,
+ 0x94,0xaf,0x49,0xf6,0xc6,0x50,0xad,0xb8,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+ 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f,
+ 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6,
+ 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32,
+ 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7,
+ 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15,
+ 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02,
+ 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc,
+};
+
+static bool servicing(void *data, stream_t *stream)
+{
+ test_service_t *test = (test_service_t*)data;
+ char buf[1024], hdr[256], *start, *end = NULL, *body = NULL, *type = NULL;
+ struct tm tm;
+ time_t t;
+ ssize_t len, tot = 0;
+ int nr = 0;
+
+ start = buf;
+
+ /* parse method and headers */
+ while (end != start)
+ {
+ len = stream->read(stream, buf + tot, sizeof(buf) - tot, TRUE);
+ ck_assert(len > 0);
+ tot += len;
+
+ while (TRUE)
+ {
+ end = memchr(start, '\n', tot);
+ if (!end)
+ {
+ break;
+ }
+ *end = '\0';
+ ck_assert(end > buf);
+ ck_assert(*(--end) == '\r');
+ *end = '\0';
+ if (end == start)
+ {
+ body = end + strlen("\r\n");
+ break;
+ }
+ switch (nr++)
+ {
+ case 0:
+ snprintf(hdr, sizeof(hdr), "%s %s HTTP/1.%u",
+ test->meth, test->path, test->minor);
+ ck_assert_str_eq(hdr, start);
+ break;
+ default:
+ if (strcasepfx(start, "Content-Length: "))
+ {
+ ck_assert_int_eq(
+ atoi(start + strlen("Content-Length: ")),
+ test->req_len);
+ }
+ if (strcasepfx(start, "Content-Type: "))
+ {
+ type = start + strlen("Content-Type: ");
+ }
+ break;
+ }
+ start = end + strlen("\r\n");
+ }
+ }
+
+ if (test->type)
+ {
+ ck_assert(type);
+ ck_assert_str_eq(type, test->type);
+ }
+
+ /* request body */
+ if (test->req_len)
+ {
+ ck_assert(stream->read_all(stream, buf + tot,
+ test->req_len - (tot - (body - buf))));
+ ck_assert(memeq(body, test->req, test->req_len));
+ }
+
+ /* response headers */
+ snprintf(buf, sizeof(buf), "HTTP/1.%u 200 OK\r\n", test->minor);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ t = time(NULL);
+ gmtime_r(&t, &tm);
+ strftime(buf, sizeof(buf), "%a, %d %b %Y %T %z", &tm);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Server: strongSwan unit test\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+
+ /* rest of response headers */
+ snprintf(buf, sizeof(buf), "Content-Type: text/plain\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Content-Length: %u\r\n", test->res_len);
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "Connection: close\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+ snprintf(buf, sizeof(buf), "\r\n");
+ ck_assert(stream->write_all(stream, buf, strlen(buf)));
+
+ /* response body */
+ ck_assert(stream->write_all(stream, test->res, test->res_len));
+ return FALSE;
+}
+
+static test_service_t gtests[] = {
+ { "GET", 1, "127.0.0.1", 6543, "/a/test/?b=c", NULL,
+ NULL, 0, "\x12\x34", 2 },
+ { "GET", 0, "localhost", 6543, "/", NULL,
+ NULL, 0, NULL, 0 },
+ { "GET", 0, "127.0.0.1", 6543, "/largefile", NULL,
+ NULL, 0, large, sizeof(large) },
+ { "GET", 1, "[::1]", 6543, "/ipv6-url", NULL,
+ NULL, 0, "\x00\r\n\r\x00testdatablabla", 20 },
+};
+
+START_TEST(test_get)
+{
+ stream_service_t *service;
+ status_t status;
+ chunk_t data, expected;
+ char uri[256];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ snprintf(uri, sizeof(uri), "tcp://%s:%u", gtests[_i].host, gtests[_i].port);
+ service = lib->streams->create_service(lib->streams, uri, 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, &gtests[_i], JOB_PRIO_HIGH, 0);
+
+ snprintf(uri, sizeof(uri), "http://%s:%u%s",
+ gtests[_i].host, gtests[_i].port, gtests[_i].path);
+ status = lib->fetcher->fetch(lib->fetcher, uri, &data,
+ !gtests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END,
+ FETCH_END);
+ ck_assert_int_eq(status, SUCCESS);
+ expected = chunk_create(gtests[_i].res, gtests[_i].res_len);
+ ck_assert_msg(chunk_compare(expected, data) == 0,
+ "exp %B\ngot %B\n", &expected, &data);
+ free(data.ptr);
+
+ service->destroy(service);
+}
+END_TEST
+
+
+static test_service_t ptests[] = {
+ { "POST", 1, "127.0.0.1", 6543, "/a/test/?b=c", "application/binary",
+ "\x23\x45", 2, "\x12\x34", 2 },
+ { "POST", 0, "localhost", 6543, "/largefile", "application/x-large",
+ large, sizeof(large), large, sizeof(large) },
+ { "POST", 1, "[::1]", 6543, "/ipv6-url", "text/plain",
+ "\x00\r\n\r\x00testdatablabla", 20, "\x00\r\n\r\x00testdatablabla", 20 },
+};
+
+START_TEST(test_post)
+{
+ stream_service_t *service;
+ status_t status;
+ chunk_t data, expected;
+ char uri[256];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ snprintf(uri, sizeof(uri), "tcp://%s:%u", ptests[_i].host, ptests[_i].port);
+ service = lib->streams->create_service(lib->streams, uri, 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, &ptests[_i], JOB_PRIO_HIGH, 0);
+
+ snprintf(uri, sizeof(uri), "http://%s:%u%s",
+ ptests[_i].host, ptests[_i].port, ptests[_i].path);
+ status = lib->fetcher->fetch(lib->fetcher, uri, &data,
+ FETCH_REQUEST_TYPE, ptests[_i].type,
+ FETCH_REQUEST_DATA,
+ chunk_create(ptests[_i].req, ptests[_i].req_len),
+ !ptests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END,
+ FETCH_END);
+ ck_assert_int_eq(status, SUCCESS);
+ expected = chunk_create(ptests[_i].res, ptests[_i].res_len);
+ ck_assert_msg(chunk_compare(expected, data) == 0,
+ "exp %B\ngot %B\n", &expected, &data);
+ free(data.ptr);
+
+ service->destroy(service);
+}
+END_TEST
+
+Suite *fetch_http_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("http fetcher");
+
+ tc = tcase_create("GET");
+ tcase_add_loop_test(tc, test_get, 0, countof(gtests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("POST");
+ tcase_add_loop_test(tc, test_post, 0, countof(ptests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
new file mode 100644
index 000000000..41a9d64ef
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <crypto/hashers/hasher.h>
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
+#include <asn1/oid.h>
+#include <utils/test.h>
+
+typedef struct {
+ int oid;
+ hash_algorithm_t alg;
+ key_type_t key;
+}hasher_oid_t;
+
+static hasher_oid_t oids[] = {
+ { OID_MD2, HASH_MD2, KEY_ANY },
+ { OID_MD5, HASH_MD5, KEY_ANY },
+ { OID_SHA1, HASH_SHA1, KEY_ANY },
+ { OID_SHA224, HASH_SHA224, KEY_ANY },
+ { OID_SHA256, HASH_SHA256, KEY_ANY },
+ { OID_SHA384, HASH_SHA384, KEY_ANY },
+ { OID_SHA512, HASH_SHA512, KEY_ANY },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },
+ { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },
+ { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },
+ { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },
+ { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },
+ { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },
+ { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },
+ { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },
+ { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },
+ { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }
+};
+
+START_TEST(test_hasher_from_oid)
+{
+ ck_assert(hasher_algorithm_from_oid(oids[_i].oid) == oids[_i].alg);
+}
+END_TEST
+
+START_TEST(test_hasher_to_oid)
+{
+ ck_assert(hasher_algorithm_to_oid(oids[_i].alg) == oids[_i].oid);
+}
+END_TEST
+
+START_TEST(test_hasher_sig_to_oid)
+{
+ ck_assert(hasher_signature_algorithm_to_oid(oids[_i].alg,
+ oids[_i].key) == oids[_i].oid);
+}
+END_TEST
+
+typedef struct {
+ pseudo_random_function_t prf;
+ hash_algorithm_t alg;
+}hasher_prf_t;
+
+static hasher_prf_t prfs[] = {
+ { PRF_HMAC_MD5, HASH_MD5 },
+ { PRF_HMAC_SHA1, HASH_SHA1 },
+ { PRF_FIPS_SHA1_160, HASH_SHA1 },
+ { PRF_KEYED_SHA1, HASH_SHA1 },
+ { PRF_HMAC_SHA2_256, HASH_SHA256 },
+ { PRF_HMAC_SHA2_384, HASH_SHA384 },
+ { PRF_HMAC_SHA2_512, HASH_SHA512 },
+ { PRF_HMAC_TIGER, HASH_UNKNOWN },
+ { PRF_AES128_XCBC, HASH_UNKNOWN },
+ { PRF_AES128_CMAC, HASH_UNKNOWN },
+ { PRF_FIPS_DES, HASH_UNKNOWN },
+ { PRF_CAMELLIA128_XCBC, HASH_UNKNOWN },
+ { PRF_UNDEFINED, HASH_UNKNOWN },
+ { 0, HASH_UNKNOWN }
+};
+
+START_TEST(test_hasher_from_prf)
+{
+ ck_assert(hasher_algorithm_from_prf(prfs[_i].prf) == prfs[_i].alg);
+}
+END_TEST
+
+typedef struct {
+ integrity_algorithm_t auth;
+ hash_algorithm_t alg;
+ size_t length;
+}hasher_auth_t;
+
+static hasher_auth_t auths[] = {
+ { AUTH_UNDEFINED, HASH_MD2, 0 },
+ { AUTH_UNDEFINED, HASH_MD4, 0 },
+ { AUTH_UNDEFINED, HASH_SHA224, 0 },
+ { AUTH_UNDEFINED, 9, 0 },
+ { AUTH_UNDEFINED, HASH_UNKNOWN, 0 },
+ { AUTH_HMAC_MD5_96, HASH_MD5, 12 },
+ { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 },
+ { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 },
+ { AUTH_HMAC_MD5_128, HASH_MD5, 16 },
+ { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 },
+ { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 },
+ { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 },
+ { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 },
+ { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 },
+ { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 },
+ { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 },
+ { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 },
+ { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 },
+ { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 },
+ { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 },
+ { AUTH_DES_MAC, HASH_UNKNOWN, 0 },
+ { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 },
+ { 0, HASH_UNKNOWN, 0 }
+};
+
+START_TEST(test_hasher_from_integrity)
+{
+ size_t length;
+
+ length = 0;
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
+ auths[_i].alg);
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
+ auths[_i].alg);
+ ck_assert(length == auths[_i].length);
+}
+END_TEST
+
+START_TEST(test_hasher_to_integrity)
+{
+ ck_assert(hasher_algorithm_to_integrity(
+ auths[_i].alg, auths[_i].length) == auths[_i].auth);
+ ck_assert(hasher_algorithm_to_integrity(
+ auths[_i].alg, 0) == AUTH_UNDEFINED);
+}
+END_TEST
+
+Suite *hasher_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("hasher");
+
+ tc = tcase_create("from_oid");
+ tcase_add_loop_test(tc, test_hasher_from_oid, 0, 15);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_oid");
+ tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("sig_to_oid");
+ tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_prf");
+ tcase_add_loop_test(tc, test_hasher_from_prf, 0, countof(prfs));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_integrity");
+ tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("to_integrity");
+ tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_hashtable.c b/src/libstrongswan/tests/suites/test_hashtable.c
index 8cc7bfe42..8cc7bfe42 100644
--- a/src/libstrongswan/tests/test_hashtable.c
+++ b/src/libstrongswan/tests/suites/test_hashtable.c
diff --git a/src/libstrongswan/tests/test_host.c b/src/libstrongswan/tests/suites/test_host.c
index 30b9eb940..30b9eb940 100644
--- a/src/libstrongswan/tests/test_host.c
+++ b/src/libstrongswan/tests/suites/test_host.c
diff --git a/src/libstrongswan/tests/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index 1dc6776d1..edf53f0fd 100644
--- a/src/libstrongswan/tests/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -179,7 +179,7 @@ static struct {
START_TEST(test_from_string)
{
identification_t *a;
- chunk_t encoding, expected;
+ chunk_t encoding, expected = chunk_empty;
char *id;
id = string_data[_i].id;
diff --git a/src/libstrongswan/tests/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c
index 9e85c58d8..922f954e3 100644
--- a/src/libstrongswan/tests/test_linked_list.c
+++ b/src/libstrongswan/tests/suites/test_linked_list.c
@@ -246,10 +246,10 @@ struct invoke_t {
static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum)
{
- ck_assert(a == (void*)1);
- ck_assert(b == (void*)2);
- ck_assert(c == (void*)3);
- ck_assert(d == (void*)4);
+ ck_assert_int_eq((uintptr_t)a, 1);
+ ck_assert_int_eq((uintptr_t)b, 2);
+ ck_assert_int_eq((uintptr_t)c, 3);
+ ck_assert_int_eq((uintptr_t)d, 4);
*sum += item;
}
@@ -267,7 +267,9 @@ START_TEST(test_invoke_function)
list->insert_last(list, (void*)3);
list->insert_last(list, (void*)4);
list->insert_last(list, (void*)5);
- list->invoke_function(list, (linked_list_invoke_t)invoke, 1, 2, 3, 4, &sum);
+ list->invoke_function(list, (linked_list_invoke_t)invoke,
+ (uintptr_t)1, (uintptr_t)2,
+ (uintptr_t)3, (uintptr_t)4, &sum);
ck_assert_int_eq(sum, 15);
}
END_TEST
@@ -287,7 +289,9 @@ START_TEST(test_invoke_offset)
{
list->insert_last(list, &items[i]);
}
- list->invoke_offset(list, offsetof(invoke_t, invoke), 1, 2, 3, 4, &sum);
+ list->invoke_offset(list, offsetof(invoke_t, invoke),
+ (uintptr_t)1, (uintptr_t)2,
+ (uintptr_t)3, (uintptr_t)4, &sum);
ck_assert_int_eq(sum, 15);
}
END_TEST
@@ -303,7 +307,7 @@ struct clone_t {
void *(*clone)(clone_t *item);
};
-static void *clone(clone_t *item)
+static void *clonefn(clone_t *item)
{
return item->val;
}
@@ -326,11 +330,11 @@ START_TEST(test_clone_offset)
{
linked_list_t *other;
clone_t items[] = {
- { .val = (void*)1, .clone = clone, },
- { .val = (void*)2, .clone = clone, },
- { .val = (void*)3, .clone = clone, },
- { .val = (void*)4, .clone = clone, },
- { .val = (void*)5, .clone = clone, },
+ { .val = (void*)1, .clone = clonefn, },
+ { .val = (void*)2, .clone = clonefn, },
+ { .val = (void*)3, .clone = clonefn, },
+ { .val = (void*)4, .clone = clonefn, },
+ { .val = (void*)5, .clone = clonefn, },
};
int i;
diff --git a/src/libstrongswan/tests/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
index 48d6f40e6..48d6f40e6 100644
--- a/src/libstrongswan/tests/test_linked_list_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
new file mode 100644
index 000000000..a46f5742c
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -0,0 +1,1042 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/test_rng.h>
+#include <plugins/ntru/ntru_drbg.h>
+#include <plugins/ntru/ntru_mgf1.h>
+#include <plugins/ntru/ntru_trits.h>
+#include <plugins/ntru/ntru_poly.h>
+#include <utils/test.h>
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
+ u_int32_t strength, chunk_t pers_str, rng_t *entropy)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*,
+ hash_algorithm_t alg, chunk_t seed, bool hash_seed)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
+ size_t len, hash_algorithm_t alg, chunk_t seed)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
+ hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
+ uint16_t N, uint16_t q, uint32_t indices_len_p,
+ uint32_t indices_len_m, bool is_product_form)
+
+IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
+ u_int16_t *data, uint16_t N, uint16_t q,
+ uint32_t indices_len_p, uint32_t indices_len_m,
+ bool is_product_form)
+
+/**
+ * NTRU parameter sets to test
+ */
+static struct {
+ diffie_hellman_group_t group;
+ char *group_name;
+} params[] = {
+ { NTRU_112_BIT, "NTRU_112" },
+ { NTRU_128_BIT, "NTRU_128" },
+ { NTRU_192_BIT, "NTRU_192" },
+ { NTRU_256_BIT, "NTRU_256" }
+};
+
+/**
+ * NTRU parameter set selection
+ */
+char *parameter_sets[] = {
+ "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
+};
+
+typedef struct {
+ u_int32_t requested;
+ u_int32_t standard;
+}strength_t;
+
+strength_t strengths[] = {
+ { 80, 112 },
+ { 112, 112 },
+ { 120, 128 },
+ { 128, 128 },
+ { 150, 192 },
+ { 192, 192 },
+ { 200, 256 },
+ { 256, 256 },
+ { 512, 0 }
+};
+
+START_TEST(test_ntru_drbg_strength)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+
+ entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ ck_assert(entropy != NULL);
+
+ drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
+ if (strengths[_i].standard)
+ {
+ ck_assert(drbg != NULL);
+ ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
+ drbg->destroy(drbg);
+ }
+ else
+ {
+ ck_assert(drbg == NULL);
+ }
+ entropy->destroy(entropy);
+}
+END_TEST
+
+typedef struct {
+ chunk_t pers_str;
+ chunk_t entropy;
+ chunk_t out;
+} drbg_test_t;
+
+/**
+ * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
+ */
+drbg_test_t drbg_tests[] = {
+ /* SHA-256 test case 1 - count 0 */
+ { { NULL, 0 },
+ chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
+ 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
+ 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
+ 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
+ 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
+ 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
+ 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
+ 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
+ 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
+ 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
+ chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
+ 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
+ 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
+ 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
+ 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
+ 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
+ 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
+ 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
+ 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
+ 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
+ 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
+ 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
+ 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
+ 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
+ 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
+ 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
+ },
+ /* SHA-256 test case 3 - count 0 */
+ { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
+ 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
+ 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
+ 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
+ chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
+ 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
+ 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
+ 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
+ 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
+ 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
+ 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
+ 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
+ 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
+ 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
+ chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
+ 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
+ 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
+ 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
+ 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
+ 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
+ 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
+ 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
+ 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
+ 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
+ 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
+ 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
+ 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
+ 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
+ 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
+ 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
+ },
+ /* SHA-256 test case 5 - count 0 */
+ { { NULL, 0 },
+ chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
+ 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
+ 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
+ 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
+ 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
+ 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
+ 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
+ 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
+ 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
+ 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
+ chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
+ 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
+ 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
+ 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
+ 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
+ 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
+ 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
+ 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
+ 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
+ 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
+ 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
+ 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
+ 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
+ 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
+ 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
+ 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
+ },
+ /* SHA-256 test case 7 - count 0 */
+ { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
+ 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
+ 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
+ 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
+ chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
+ 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
+ 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
+ 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
+ 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
+ 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
+ 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
+ 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
+ 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
+ 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
+ chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
+ 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
+ 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
+ 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
+ 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
+ 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
+ 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
+ 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
+ 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
+ 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
+ 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
+ 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
+ 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
+ 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
+ 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
+ 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
+ }
+};
+
+START_TEST(test_ntru_drbg)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+ chunk_t out;
+
+ out = chunk_alloc(128);
+ entropy = test_rng_create(drbg_tests[_i].entropy);
+ drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
+ ck_assert(drbg != NULL);
+ ck_assert(drbg->reseed(drbg));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(chunk_equals(out, drbg_tests[_i].out));
+ drbg->destroy(drbg);
+ entropy->destroy(entropy);
+ chunk_free(&out);
+}
+END_TEST
+
+START_TEST(test_ntru_drbg_reseed)
+{
+ ntru_drbg_t *drbg;
+ rng_t *entropy;
+ chunk_t out;
+
+ lib->settings->set_int(lib->settings,
+ "libstrongswan.plugins.ntru.max_drbg_requests", 2);
+ out = chunk_alloc(128);
+ entropy = test_rng_create(drbg_tests[0].entropy);
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+
+ /* bad output parameters */
+ ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
+ ck_assert(!drbg->generate(drbg, 256, 128, NULL));
+
+ /* no reseeding occurs */
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+
+ /* consuming remaining entropy */
+ ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
+
+ /* no entropy available for automatic reseeding */
+ ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
+ drbg->destroy(drbg);
+
+ /* no entropy available for DRBG instantiation */
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+ ck_assert(drbg == NULL);
+ entropy->destroy(entropy);
+
+ /* one automatic reseeding occurs */
+ entropy = test_rng_create(drbg_tests[0].entropy);
+ drbg = ntru_drbg_create(256, chunk_empty, entropy);
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+ ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
+
+ /* no entropy left */
+ ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
+
+ drbg->destroy(drbg);
+ entropy->destroy(entropy);
+ chunk_free(&out);
+ lib->settings->set_int(lib->settings,
+ "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
+}
+END_TEST
+
+typedef struct {
+ uint8_t c_bits;
+ uint16_t N;
+ uint16_t q;
+ bool is_product_form;
+ uint32_t indices_len;
+ uint32_t indices_size;
+ uint16_t *indices;
+} poly_test_t;
+
+typedef struct {
+ hash_algorithm_t alg;
+ size_t hash_size;
+ size_t ml1, ml2, ml3, seed_len;
+ chunk_t seed;
+ chunk_t hashed_seed;
+ chunk_t mask;
+ chunk_t trits;
+ poly_test_t poly_test[2];
+} mgf1_test_t;
+
+uint16_t indices_ees439ep1[] = {
+ 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
+ 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
+ 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
+};
+
+uint16_t indices_ees613ep1[] = {
+ 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
+ 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
+ 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
+ 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
+ 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
+ 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
+ 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
+ 283, 268, 54, 539, 5
+};
+
+uint16_t indices_ees743ep1[] = {
+ 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
+ 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
+ 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
+ 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
+ 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
+};
+
+uint16_t indices_ees1171ep1[] = {
+ 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
+ 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
+ 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
+ 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
+ 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
+ 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
+ 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
+ 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
+ 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
+ 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
+ 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
+ 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
+ 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
+ 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
+ 536, 191
+};
+
+/**
+ * MGF1 Mask Generation Function Test Vectors
+ */
+mgf1_test_t mgf1_tests[] = {
+ { HASH_SHA1, 20, 60, 20, 15, 24,
+ chunk_from_chars(
+ 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
+ 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
+ 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
+ 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
+ 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
+ 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
+ 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
+ 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
+ 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
+ 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
+ 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
+ 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
+ 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
+ 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
+ chunk_from_chars(
+ 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7,
+ 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0,
+ 0x21, 0xC4, 0x90, 0xB6),
+ chunk_from_chars(
+ 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E,
+ 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1,
+ 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46,
+ 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1,
+ 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16,
+ 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D,
+ 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10,
+ 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29,
+ 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1,
+ 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B,
+ 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66,
+ 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D,
+ 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C,
+ 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92,
+ 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14),
+ chunk_from_chars(
+ 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
+ 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
+ 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
+ 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
+ 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
+ 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
+ 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
+ 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
+ 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
+ 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
+ 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
+ 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
+ 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
+ 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
+ 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
+ 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
+ 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
+ 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
+ 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
+ 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
+ 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
+ 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
+ {
+ { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
+ countof(indices_ees439ep1), indices_ees439ep1
+ },
+ { 11, 613, 2048, FALSE, 55,
+ countof(indices_ees613ep1), indices_ees613ep1
+ }
+ }
+ },
+ { HASH_SHA256, 32, 64, 32, 33, 40,
+ chunk_from_chars(
+ 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
+ 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
+ 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
+ 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
+ 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
+ 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
+ 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
+ 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
+ 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
+ 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
+ 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
+ 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
+ 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
+ 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
+ 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
+ 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
+ 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
+ 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
+ 0x54, 0xEE, 0x20, 0xF0, 0x80),
+ chunk_from_chars(
+ 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D,
+ 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB,
+ 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C,
+ 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28),
+ chunk_from_chars(
+ 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A,
+ 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46,
+ 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F,
+ 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A,
+ 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6,
+ 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5,
+ 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC,
+ 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13,
+ 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B,
+ 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07,
+ 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92,
+ 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08,
+ 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6,
+ 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC,
+ 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA,
+ 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD,
+ 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3,
+ 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6,
+ 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95,
+ 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42),
+ chunk_from_chars(
+ 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
+ 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
+ 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
+ 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
+ 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
+ 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
+ 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
+ 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
+ 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
+ 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
+ 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
+ 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
+ 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
+ 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
+ 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
+ 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
+ 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
+ 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
+ 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
+ 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
+ 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
+ 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
+ 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
+ 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
+ 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
+ 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
+ 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
+ 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
+ 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
+ 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
+ {
+ { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
+ countof(indices_ees743ep1), indices_ees743ep1
+ },
+ { 12, 1171, 2048, FALSE, 106,
+ countof(indices_ees1171ep1), indices_ees1171ep1
+ }
+ }
+ }
+};
+
+START_TEST(test_ntru_mgf1)
+{
+ ntru_mgf1_t *mgf1;
+ chunk_t mask, mask1, mask2, mask3;
+
+ mask1 = mgf1_tests[_i].mask;
+ mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1);
+ mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2);
+ mask1.len = mgf1_tests[_i].ml1;
+ mask2.len = mgf1_tests[_i].ml2;
+ mask3.len = mgf1_tests[_i].ml3;
+
+ mgf1 = ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1 == NULL);
+
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
+ ck_assert(mgf1 == NULL);
+
+ /* return mask in allocated chunk */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1);
+
+ /* check hash size */
+ ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
+
+ /* get zero number of octets */
+ ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
+ ck_assert(mask.len == 0 && mask.ptr == NULL);
+
+ /* get non-zero number of octets */
+ ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
+ ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
+ mgf1->destroy(mgf1);
+
+ /* copy mask to pre-allocated buffer */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
+ ck_assert(mgf1);
+ ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
+ ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
+ mgf1->destroy(mgf1);
+
+ /* get mask in batches without hashing the seed */
+ mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
+ ck_assert(mgf1);
+
+ /* first batch */
+ ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
+ mask.len = mask1.len;
+ ck_assert(chunk_equals(mask, mask1));
+
+ /* second batch */
+ ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
+ mask.len = mask2.len;
+ ck_assert(chunk_equals(mask, mask2));
+
+ /* third batch */
+ ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
+ mask.len = mask3.len;
+ ck_assert(chunk_equals(mask, mask3));
+
+ mgf1->destroy(mgf1);
+ chunk_free(&mask);
+}
+END_TEST
+
+START_TEST(test_ntru_trits)
+{
+ ntru_trits_t *mask;
+ chunk_t trits;
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN,
+ mgf1_tests[_i].seed);
+ ck_assert(mask == NULL);
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
+ chunk_empty);
+ ck_assert(mask == NULL);
+
+ mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
+ mgf1_tests[_i].seed);
+ ck_assert(mask);
+
+ trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
+ ck_assert(chunk_equals(trits, mgf1_tests[_i].trits));
+ mask->destroy(mask);
+
+ /* generate a multiple of 5 trits */
+ mask = ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed);
+ ck_assert(mask);
+
+ trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
+ ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10)));
+ mask->destroy(mask);
+}
+END_TEST
+
+START_TEST(test_ntru_poly)
+{
+ ntru_poly_t *poly;
+ uint16_t *indices;
+ chunk_t seed;
+ poly_test_t *p;
+ int j, n;
+
+ seed = mgf1_tests[_i].seed;
+ seed.len = mgf1_tests[_i].seed_len;
+
+ p = &mgf1_tests[_i].poly_test[0];
+ poly = ntru_poly_create_from_seed(HASH_UNKNOWN, seed, p->c_bits, p->N, p->q,
+ p->indices_len, p->indices_len,
+ p->is_product_form);
+ ck_assert(poly == NULL);
+
+ for (n = 0; n < 2; n++)
+ {
+ p = &mgf1_tests[_i].poly_test[n];
+ poly = ntru_poly_create_from_seed(mgf1_tests[_i].alg, seed, p->c_bits,
+ p->N, p->q, p->indices_len,
+ p->indices_len, p->is_product_form);
+ ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
+
+ indices = poly->get_indices(poly);
+ for (j = 0; j < p->indices_size; j++)
+ {
+ ck_assert(indices[j] == p->indices[j]);
+ }
+ poly->destroy(poly);
+ }
+}
+END_TEST
+
+typedef struct {
+ uint16_t N;
+ uint16_t q;
+ bool is_product_form;
+ uint32_t indices_len_p;
+ uint32_t indices_len_m;
+ uint16_t *indices;
+ uint16_t *a;
+ uint16_t *c;
+} ring_mult_test_t;
+
+uint16_t t1_indices[] = { 1, 6, 5, 3 };
+
+uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
+uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
+
+uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
+uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
+
+uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
+uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
+
+uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
+uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
+
+uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
+uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
+
+uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
+uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
+
+uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
+uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
+
+uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
+uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
+
+uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
+uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
+
+uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
+uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
+
+uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
+uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
+
+uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
+
+uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
+uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
+uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
+uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
+uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
+
+uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
+
+uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
+
+ring_mult_test_t ring_mult_tests[] = {
+ { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
+ { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
+ { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
+ { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
+ { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
+ { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
+ { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
+ { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
+};
+
+START_TEST(test_ntru_ring_mult)
+{
+ ntru_poly_t *poly;
+ ring_mult_test_t *t;
+ uint16_t *c;
+ int i;
+
+ t = &ring_mult_tests[_i];
+ poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
+ t->indices_len_m, t->is_product_form);
+ ck_assert(poly != NULL);
+
+ c = malloc(t->N * sizeof(uint16_t));
+ poly->ring_mult(poly, t->a, c);
+
+ for (i = 0; i < t->N; i++)
+ {
+ ck_assert(c[i] == t->c[i]);
+ }
+
+ free(c);
+ poly->destroy(poly);
+}
+END_TEST
+
+int array_tests[] = { 0, 11, 12, 16 };
+
+START_TEST(test_ntru_array)
+{
+ ntru_poly_t *poly;
+ ring_mult_test_t *t;
+ uint16_t *c;
+ int i;
+
+ t = &ring_mult_tests[array_tests[_i]];
+
+ poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
+ t->indices_len_m, t->is_product_form);
+ ck_assert(poly != NULL);
+
+ c = malloc(t->N * sizeof(uint16_t));
+ poly->get_array(poly, c);
+
+ for (i = 0; i < t->N; i++)
+ {
+ ck_assert(c[i] == t->c[i]);
+ }
+
+ free(c);
+ poly->destroy(poly);
+}
+END_TEST
+
+START_TEST(test_ntru_ke)
+{
+ chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
+ diffie_hellman_t *i_ntru, *r_ntru;
+ char buf[10];
+ int n, len;
+ status_t status;
+
+ len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
+ params[_i].group);
+ ck_assert(len == 8);
+ ck_assert(streq(buf, params[_i].group_name));
+
+ for (n = 0; n < countof(parameter_sets); n++)
+ {
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ parameter_sets[n]);
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
+ ck_assert(i_ntru != NULL);
+ ck_assert(i_ntru->get_dh_group(i_ntru) == params[_i].group);
+
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+ ck_assert(pub_key.len > 0);
+
+ r_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
+ ck_assert(r_ntru != NULL);
+
+ r_ntru->set_other_public_value(r_ntru, pub_key);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len > 0);
+
+ status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
+ ck_assert(status == SUCCESS);
+ ck_assert(r_shared_secret.len > 0);
+
+ i_ntru->set_other_public_value(i_ntru, cipher_text);
+ status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
+
+ if (status == SUCCESS)
+ {
+ ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
+ }
+ else
+ {
+ ck_assert(i_shared_secret.len == 0);
+ }
+
+ chunk_clear(&i_shared_secret);
+ chunk_clear(&r_shared_secret);
+ chunk_free(&pub_key);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ r_ntru->destroy(r_ntru);
+ }
+}
+END_TEST
+
+START_TEST(test_ntru_retransmission)
+{
+ diffie_hellman_t *i_ntru;
+ chunk_t pub_key1, pub_key2;
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key1);
+ i_ntru->get_my_public_value(i_ntru, &pub_key2);
+ ck_assert(chunk_equals(pub_key1, pub_key2));
+
+ chunk_free(&pub_key1);
+ chunk_free(&pub_key2);
+ i_ntru->destroy(i_ntru);
+}
+END_TEST
+
+chunk_t oid_tests[] = {
+ { NULL, 0 },
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x01),
+ chunk_from_chars(0x02),
+ chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
+};
+
+START_TEST(test_ntru_pubkey_oid)
+{
+ diffie_hellman_t *r_ntru;
+ chunk_t cipher_text;
+
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len == 0);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+START_TEST(test_ntru_wrong_set)
+{
+ diffie_hellman_t *i_ntru, *r_ntru;
+ chunk_t pub_key, cipher_text;
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "x9_98_bandwidth");
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "optimum");
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ r_ntru->set_other_public_value(r_ntru, pub_key);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len == 0);
+
+ chunk_free(&pub_key);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+START_TEST(test_ntru_ciphertext)
+{
+ char buf_00[604], buf_ff[604];
+
+ chunk_t test[] = {
+ chunk_empty,
+ chunk_from_chars(0x00),
+ chunk_create(buf_00, sizeof(buf_00)),
+ chunk_create(buf_ff, sizeof(buf_ff)),
+ };
+
+ diffie_hellman_t *i_ntru;
+ chunk_t pub_key, shared_secret;
+ int i;
+
+ memset(buf_00, 0x00, sizeof(buf_00));
+ memset(buf_ff, 0xff, sizeof(buf_ff));
+
+ for (i = 0; i < countof(test); i++)
+ {
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+ i_ntru->set_other_public_value(i_ntru, test[i]);
+ ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
+ ck_assert(shared_secret.len == 0);
+
+ chunk_free(&pub_key);
+ i_ntru->destroy(i_ntru);
+ }
+}
+END_TEST
+
+START_TEST(test_ntru_wrong_ciphertext)
+{
+ diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
+ chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
+
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+
+ i_ntru->get_my_public_value(i_ntru, &pub_key_i);
+ m_ntru->get_my_public_value(m_ntru, &pub_key_m);
+ r_ntru->set_other_public_value(r_ntru, pub_key_m);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ i_ntru->set_other_public_value(i_ntru, cipher_text);
+ ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
+ ck_assert(shared_secret.len == 0);
+
+ chunk_free(&pub_key_i);
+ chunk_free(&pub_key_m);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ m_ntru->destroy(m_ntru);
+ r_ntru->destroy(r_ntru);
+}
+END_TEST
+
+Suite *ntru_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("ntru");
+
+ tc = tcase_create("drbg_strength");
+ tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("drbg");
+ tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("drgb_reseed");
+ tcase_add_test(tc, test_ntru_drbg_reseed);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("mgf1");
+ tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("trits");
+ tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("poly");
+ tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ring_mult");
+ tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("array");
+ tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ke");
+ tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("retransmission");
+ tcase_add_test(tc, test_ntru_retransmission);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("pubkey_oid");
+ tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrong_set");
+ tcase_add_test(tc, test_ntru_wrong_set);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("ciphertext");
+ tcase_add_test(tc, test_ntru_ciphertext);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrong_ciphertext");
+ tcase_add_test(tc, test_ntru_wrong_ciphertext);
+ suite_add_tcase(s, tc);
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_pen.c b/src/libstrongswan/tests/suites/test_pen.c
new file mode 100644
index 000000000..a6cbc9aa1
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_pen.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+
+#include "test_suite.h"
+
+#include <pen/pen.h>
+
+/*******************************************************************************
+ * create
+ */
+
+START_TEST(test_pen_type_create)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+
+ ck_assert(ita_1.vendor_id == PEN_ITA);
+ ck_assert(ita_1.type == 100);
+}
+END_TEST
+
+/*******************************************************************************
+ * equals
+ */
+
+START_TEST(test_pen_type_equals)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+ pen_type_t ita_2 = pen_type_create(PEN_ITA, 200);
+ pen_type_t fhh_1 = pen_type_create(PEN_FHH, 100);
+ pen_type_t fhh_2 = pen_type_create(PEN_FHH, 200);
+
+ ck_assert( pen_type_equals(ita_1, ita_1));
+ ck_assert(!pen_type_equals(ita_1, ita_2));
+ ck_assert(!pen_type_equals(ita_1, fhh_1));
+ ck_assert(!pen_type_equals(ita_1, fhh_2));
+}
+END_TEST
+
+/*******************************************************************************
+ * is
+ */
+
+START_TEST(test_pen_type_is)
+{
+ pen_type_t ita_1 = pen_type_create(PEN_ITA, 100);
+
+ ck_assert( pen_type_is(ita_1, PEN_ITA, 100));
+ ck_assert(!pen_type_is(ita_1, PEN_ITA, 200));
+ ck_assert(!pen_type_is(ita_1, PEN_FHH, 100));
+ ck_assert(!pen_type_is(ita_1, PEN_FHH, 200));
+}
+END_TEST
+
+Suite *pen_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("pen");
+
+ tc = tcase_create("create");
+ tcase_add_test(tc, test_pen_type_create);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("equals");
+ tcase_add_test(tc, test_pen_type_equals);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("is");
+ tcase_add_test(tc, test_pen_type_is);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c
index 6c15fbea1..9e40d1fc0 100644
--- a/src/libstrongswan/tests/test_printf.c
+++ b/src/libstrongswan/tests/suites/test_printf.c
@@ -17,10 +17,10 @@
#include <errno.h>
#include <math.h>
+#include <inttypes.h>
static void verify(char *expected, char *format, ...)
{
- FILE *mem;
char buf[128];
va_list args;
@@ -29,17 +29,35 @@ static void verify(char *expected, char *format, ...)
ck_assert_str_eq(expected, buf);
va_end(args);
- mem = fmemopen(buf, sizeof(buf), "w");
- va_start(args, format);
- vfprintf(mem, format, args);
- va_end(args);
- fclose(mem);
- ck_assert_str_eq(expected, buf);
+#ifdef HAVE_FMEMOPEN
+ {
+ FILE *mem;
+
+ mem = fmemopen(buf, sizeof(buf), "w");
+ va_start(args, format);
+ vfprintf(mem, format, args);
+ va_end(args);
+ fclose(mem);
+ ck_assert_str_eq(expected, buf);
+ }
+#endif /* HAVE_FMEMOPEN */
}
+START_TEST(test_printf_null)
+{
+ char buf[16];
+
+ /* on FreeBSD "(null)" gets printed even when a precision of 0 is used.
+ * because printing of "(null)" for NULL is not standardized we don't verify
+ * the output and just make sure there is no crash */
+ snprintf(buf, sizeof(buf), "%s", NULL);
+}
+END_TEST
+
START_TEST(test_printf_strings)
{
verify("a bc def", "%s %s %s", "a", "bc", "def");
+ verify("", "%.0s", "asdfg");
verify("asd", "%.3s", "asdfg");
verify("asdf", "%.*s", (int)4, "asdfg");
verify(" asdf", "%6s", "asdf");
@@ -150,6 +168,26 @@ START_TEST(test_printf_float)
}
END_TEST
+START_TEST(test_printf_pri)
+{
+ verify("255", "%" PRIu8, (u_int8_t)0xFF);
+ verify("65535", "%" PRIu16, (u_int16_t)0xFFFF);
+ verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll);
+ verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll);
+
+ verify("-1", "%" PRId8, (int8_t)-1);
+ verify("-1", "%" PRId16, (int16_t)-1);
+ verify("-1", "%" PRId32, (int32_t)-1);
+ verify("-1", "%" PRId64, (int64_t)-1);
+
+ verify("1", "%" PRIuMAX, (uintmax_t)1);
+ verify("1", "%" PRIuPTR, (uintptr_t)1);
+
+ verify("-1", "%" PRIdMAX, (intmax_t)-1);
+ verify("-1", "%" PRIdPTR, (intptr_t)-1);
+}
+END_TEST
+
Suite *printf_suite_create()
{
Suite *s;
@@ -158,6 +196,7 @@ Suite *printf_suite_create()
s = suite_create("printf");
tc = tcase_create("strings");
+ tcase_add_test(tc, test_printf_null);
tcase_add_test(tc, test_printf_strings);
suite_add_tcase(s, tc);
@@ -181,5 +220,9 @@ Suite *printf_suite_create()
tcase_add_test(tc, test_printf_float);
suite_add_tcase(s, tc);
+ tc = tcase_create("PRI*");
+ tcase_add_test(tc, test_printf_pri);
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 4c75c34bc..2c1c6fb8d 100644
--- a/src/libstrongswan/tests/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -117,7 +117,7 @@ static void test_bad_sigs(public_key_t *pubkey)
* RSA key sizes to test
*/
static int key_sizes[] = {
- 786, 1024, 1536, 2048, 3072, 4096,
+ 768, 1024, 1536, 2048, 3072, 4096,
};
START_TEST(test_gen)
@@ -377,11 +377,17 @@ Suite *rsa_suite_create()
{
Suite *s;
TCase *tc;
+ int gen_count = countof(key_sizes);
s = suite_create("rsa");
+ if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL)
+ {
+ gen_count = min(1, gen_count);
+ }
+
tc = tcase_create("generate");
- tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
+ tcase_add_loop_test(tc, test_gen, 0, gen_count);
tcase_set_timeout(tc, 8);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
new file mode 100644
index 000000000..096465191
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -0,0 +1,920 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+#include <utils/settings.h>
+#include <utils/chunk.h>
+#include <utils/utils.h>
+#include <collections/linked_list.h>
+
+static char *path = "/tmp/strongswan-settings-test";
+static settings_t *settings;
+
+static void create_settings(chunk_t contents)
+{
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ settings = settings_create(path);
+}
+
+START_SETUP(setup_base_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " # this gets overridden below\n"
+ " key2 = val2\n"
+ " none = \n"
+ " sub1 {\n"
+ " key = value\n"
+ " key2 = value2\n"
+ " subsub {\n"
+ " foo = bar\n"
+ " }\n"
+ " # subsub is a section and a value\n"
+ " subsub = section value\n"
+ " }\n"
+ " sub% {\n"
+ " id = %any\n"
+ " }\n"
+ " key2 = with spaces\n"
+ "}\n"
+ "out = side\n"
+ "other {\n"
+ " key1 = other val\n"
+ " empty {\n"
+ " }\n"
+ "}"));
+}
+END_SETUP
+
+START_TEARDOWN(teardown_config)
+{
+ settings->destroy(settings);
+ unlink(path);
+}
+END_TEARDOWN
+
+#define verify_string(expected, key, ...) \
+ ck_assert_str_eq(expected, settings->get_str(settings, key, NULL, ##__VA_ARGS__))
+#define verify_null(key, ...) \
+ ck_assert(!settings->get_str(settings, key, NULL, ##__VA_ARGS__))
+
+START_TEST(test_get_str)
+{
+ verify_string("val1", "main.key1");
+ verify_string("val1", "main..key1");
+ verify_string("val1", ".main.key1");
+ verify_string("with spaces", "main.key2");
+ verify_string("value", "main.sub1.key");
+ verify_string("value2", "main.sub1.key2");
+ verify_string("bar", "main.sub1.subsub.foo");
+ verify_string("section value", "main.sub1.subsub");
+ verify_string("%any", "main.sub%%.id");
+ verify_string("side", "out");
+ verify_string("other val", "other.key1");
+
+ /* FIXME: should this rather be undefined i.e. return the default value? */
+ verify_string("", "main.none");
+
+ verify_null("main.key3");
+ verify_null("other.sub");
+}
+END_TEST
+
+enum {
+ KEY1,
+ SUB1
+} settings_test_enum;
+
+enum_name_t *test_settings_test_names;
+
+ENUM_BEGIN(test_settings_test_names, KEY1, SUB1,
+ "key1", "sub1");
+ENUM_END(test_settings_test_names, SUB1);
+
+START_TEST(test_get_str_printf)
+{
+ verify_string("val1", "%s.key1", "main");
+ verify_string("val1", "%s.%s", "main", "key1");
+ verify_string("val1", "%s.%N", "main", test_settings_test_names, KEY1);
+ verify_string("val1", "%s.%s%d", "main", "key", 1);
+ verify_string("bar", "%s.sub1.%s.foo", "main", "subsub");
+ verify_string("bar", "%s.%N.%s.foo", "main", test_settings_test_names, SUB1, "subsub");
+ verify_string("bar", "%s.sub%d.%s.foo", "main", 1, "subsub");
+ verify_string("%any", "%s.sub%%.id", "main");
+
+ /* FIXME: this is a bit inconsistent, while this works */
+ verify_string("value2", "main.%s%u.key2", "sub", 1);
+ /* this won't because no argument is consumed for %u so key1 will be tried
+ * granted, we never actually used any other specifiers, but we should
+ * probably document it at least */
+ verify_null("main.%s%u.key%d", "sub", 1, 2);
+
+ verify_null("%s.%s%d", "main", "key", 3);
+}
+END_TEST
+
+START_TEST(test_set_str)
+{
+ settings->set_str(settings, "main.key1", "val");
+ verify_string("val", "main.key1");
+ settings->set_str(settings, "main.key1", "longer value");
+ verify_string("longer value", "main.key1");
+ settings->set_str(settings, "main", "main val");
+ verify_string("main val", "main");
+ settings->set_str(settings, "main.sub1.new", "added");
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.sub2.newsub.foo", "bar");
+ verify_string("bar", "main.sub2.newsub.foo");
+ settings->set_str(settings, "new.newsub.foo", "bar");
+ verify_string("bar", "new.newsub.foo");
+ settings->set_str(settings, "main.key1", NULL);
+ verify_null("main.key1");
+}
+END_TEST
+
+START_TEST(test_set_str_printf)
+{
+ settings->set_str(settings, "%s.key1", "val", "main");
+ verify_string("val", "main.key1");
+ settings->set_str(settings, "main.%N.new", "added", test_settings_test_names, SUB1);
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.%s%d.newsub.%s", "bar", "sub", 2, "foo");
+ verify_string("bar", "main.sub2.newsub.foo");
+}
+END_TEST
+
+START_TEST(test_set_default_str)
+{
+ settings->set_default_str(settings, "main.key1", "default");
+ verify_string("val1", "main.key1");
+ settings->set_default_str(settings, "main.sub1.new", "added");
+ verify_string("added", "main.sub1.new");
+ settings->set_str(settings, "main.sub1.new", "changed");
+ verify_string("changed", "main.sub1.new");
+}
+END_TEST
+
+START_SETUP(setup_bool_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = yes\n"
+ " key2 = true\n"
+ " key3 = Enabled\n"
+ " key4 = 1\n"
+ " key5 = no\n"
+ " key6 = FALSE\n"
+ " key7 = disabled\n"
+ " key8 = 0\n"
+ " key9 = 5\n"
+ " none = \n"
+ " foo = bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_bool(expected, def, key, ...) \
+ ck_assert(expected == settings->get_bool(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_bool)
+{
+ verify_bool(TRUE, FALSE, "main.key1");
+ verify_bool(TRUE, FALSE, "main.key2");
+ verify_bool(TRUE, FALSE, "main.key3");
+ verify_bool(TRUE, FALSE, "main.key4");
+ verify_bool(FALSE, TRUE, "main.key5");
+ verify_bool(FALSE, TRUE, "main.key6");
+ verify_bool(FALSE, TRUE, "main.key7");
+ verify_bool(FALSE, TRUE, "main.key8");
+
+ verify_bool(FALSE, FALSE, "main.none");
+ verify_bool(TRUE, TRUE, "main.none");
+ verify_bool(FALSE, FALSE, "main.foo");
+ verify_bool(TRUE, TRUE, "main.foo");
+
+ verify_bool(FALSE, FALSE, "main.key9");
+ verify_bool(TRUE, TRUE, "main.key9");
+ verify_bool(FALSE, FALSE, "main");
+ verify_bool(TRUE, TRUE, "main");
+
+}
+END_TEST
+
+START_TEST(test_set_bool)
+{
+ settings->set_str(settings, "main.key1", "no");
+ verify_bool(FALSE, TRUE, "main.key1");
+ settings->set_bool(settings, "main.key2", FALSE);
+ verify_bool(FALSE, TRUE, "main.key2");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_bool(FALSE, FALSE, "main.key3");
+ verify_bool(TRUE, TRUE, "main.key3");
+ settings->set_bool(settings, "main.key5", TRUE);
+ verify_bool(TRUE, FALSE, "main.key5");
+ settings->set_bool(settings, "main.new", TRUE);
+ verify_bool(TRUE, FALSE, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_int_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5\n"
+ " # gets cut off\n"
+ " key2 = 5.5\n"
+ " key3 = -42\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13\n"
+ " foo3 = 13bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_int(expected, def, key, ...) \
+ ck_assert_int_eq(expected, settings->get_int(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_int)
+{
+ verify_int(5, 0, "main.key1");
+ verify_int(5, 0, "main.key2");
+ verify_int(-42, 0, "main.key3");
+
+ /* FIXME: do we want this behavior? */
+ verify_int(0, 11, "main.none");
+ verify_int(0, 11, "main.foo1");
+ verify_int(0, 11, "main.foo2");
+ verify_int(13, 11, "main.foo3");
+
+ verify_int(13, 13, "main.key4");
+ verify_int(-13, -13, "main");
+}
+END_TEST
+
+START_TEST(test_set_int)
+{
+ settings->set_str(settings, "main.key1", "13");
+ verify_int(13, 0, "main.key1");
+ settings->set_int(settings, "main.key2", 6);
+ verify_int(6, 0, "main.key2");
+ settings->set_int(settings, "main.key3", -6);
+ verify_int(-6, 0, "main.key3");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_int(15, 15, "main.key3");
+ settings->set_int(settings, "main.new", 314);
+ verify_int(314, 0, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_double_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5\n"
+ " key2 = 5.5\n"
+ " key3 = -42\n"
+ " key4 = -42.5\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13.5\n"
+ " foo3 = 13.5bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_double(expected, def, key, ...) \
+ ck_assert(expected == settings->get_double(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_double)
+{
+ verify_double(5, 0, "main.key1");
+ verify_double(5.5, 0, "main.key2");
+ verify_double(-42, 0, "main.key3");
+ verify_double(-42.5, 0, "main.key4");
+
+ /* FIXME: do we want this behavior? */
+ verify_double(0, 11.5, "main.none");
+ verify_double(0, 11.5, "main.foo1");
+ verify_double(0, 11.5, "main.foo2");
+ verify_double(13.5, 11.5, "main.foo3");
+
+ verify_double(11.5, 11.5, "main.key5");
+ verify_double(-11.5, -11.5, "main");
+}
+END_TEST
+
+START_TEST(test_set_double)
+{
+ settings->set_str(settings, "main.key1", "5.5");
+ verify_double(5.5, 0, "main.key1");
+ settings->set_double(settings, "main.key2", 13);
+ verify_double(13, 0, "main.key2");
+ settings->set_double(settings, "main.key3", -13.5);
+ verify_double(-13.5, 0, "main.key3");
+ settings->set_double(settings, "main.key4", 11.5);
+ verify_double(11.5, 0, "main.key4");
+ settings->set_str(settings, "main.key4", NULL);
+ verify_double(42.5, 42.5, "main.key4");
+ settings->set_double(settings, "main.new", 3.14);
+ verify_double(3.14, 0, "main.new");
+}
+END_TEST
+
+START_SETUP(setup_time_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = 5s\n"
+ " key2 = 5m\n"
+ " key3 = 5h\n"
+ " key4 = 5d\n"
+ " none = \n"
+ " foo1 = bar\n"
+ " foo2 = bar13\n"
+ " foo3 = 13bar\n"
+ "}"));
+}
+END_SETUP
+
+#define verify_time(expected, def, key, ...) \
+ ck_assert_int_eq(expected, settings->get_time(settings, key, def, ##__VA_ARGS__))
+
+START_TEST(test_get_time)
+{
+ verify_time(5, 0, "main.key1");
+ verify_time(300, 0, "main.key2");
+ verify_time(18000, 0, "main.key3");
+ verify_time(432000, 0, "main.key4");
+
+ /* FIXME: do we want this behavior? */
+ verify_time(0, 11, "main.none");
+ verify_time(0, 11, "main.foo1");
+ verify_time(0, 11, "main.foo2");
+ verify_time(13, 11, "main.foo3");
+
+ verify_time(11, 11, "main.key5");
+ verify_time(11, 11, "main");
+}
+END_TEST
+
+START_TEST(test_set_time)
+{
+ settings->set_str(settings, "main.key1", "15m");
+ verify_time(900, 0, "main.key1");
+ settings->set_time(settings, "main.key2", 15);
+ verify_time(15, 0, "main.key2");
+ settings->set_str(settings, "main.key3", NULL);
+ verify_time(300, 300, "main.key3");
+ settings->set_time(settings, "main.new", 314);
+ verify_time(314, 0, "main.new");
+}
+END_TEST
+
+static bool verify_section(linked_list_t *verifier, char *section)
+{
+ enumerator_t *enumerator;
+ char *current;
+ bool result = FALSE;
+
+ enumerator = verifier->create_enumerator(verifier);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (streq(current, section))
+ {
+ verifier->remove_at(verifier, enumerator);
+ result = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return result;
+}
+
+static void verify_sections(linked_list_t *verifier, char *parent)
+{
+ enumerator_t *enumerator;
+ char *section;
+
+ enumerator = settings->create_section_enumerator(settings, parent);
+ while (enumerator->enumerate(enumerator, &section))
+ {
+ ck_assert(verify_section(verifier, section));
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(0, verifier->get_count(verifier));
+ verifier->destroy(verifier);
+}
+
+START_TEST(test_section_enumerator)
+{
+ linked_list_t *verifier;
+
+ verifier = linked_list_create_with_items("sub1", "sub%", NULL);
+ verify_sections(verifier, "main");
+
+ settings->set_str(settings, "main.sub2.new", "added");
+ verifier = linked_list_create_with_items("sub1", "sub%", "sub2", NULL);
+ verify_sections(verifier, "main");
+
+ verifier = linked_list_create_with_items("subsub", NULL);
+ verify_sections(verifier, "main.sub1");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.sub%%");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.key1");
+
+ verifier = linked_list_create_with_items(NULL);
+ verify_sections(verifier, "main.unknown");
+}
+END_TEST
+
+static bool verify_key_value(linked_list_t *keys, linked_list_t *values,
+ char *key, char *value)
+{
+ enumerator_t *enum_keys, *enum_values;
+ char *current_key, *current_value;
+ bool result = FALSE;
+
+ enum_keys = keys->create_enumerator(keys);
+ enum_values = values->create_enumerator(values);
+ while (enum_keys->enumerate(enum_keys, &current_key) &&
+ enum_values->enumerate(enum_values, &current_value))
+ {
+ if (streq(current_key, key))
+ {
+ ck_assert_str_eq(current_value, value);
+ keys->remove_at(keys, enum_keys);
+ values->remove_at(values, enum_values);
+ result = TRUE;
+ break;
+ }
+ }
+ enum_keys->destroy(enum_keys);
+ enum_values->destroy(enum_values);
+ return result;
+}
+
+static void verify_key_values(linked_list_t *keys, linked_list_t *values,
+ char *parent)
+{
+ enumerator_t *enumerator;
+ char *key, *value;
+
+ enumerator = settings->create_key_value_enumerator(settings, parent);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ ck_assert(verify_key_value(keys, values, key, value));
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_int_eq(0, keys->get_count(keys));
+ keys->destroy(keys);
+ values->destroy(values);
+}
+
+START_TEST(test_key_value_enumerator)
+{
+ linked_list_t *keys, *values;
+
+ keys = linked_list_create_with_items("key1", "key2", "none", NULL);
+ values = linked_list_create_with_items("val1", "with spaces", "", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key", "key2", "subsub", NULL);
+ values = linked_list_create_with_items("value", "value2", "section value", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ settings->set_str(settings, "main.sub2.new", "added");
+ keys = linked_list_create_with_items("new", NULL);
+ values = linked_list_create_with_items("added", NULL);
+ verify_key_values(keys, values, "main.sub2");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "other.empty");
+
+ settings->set_str(settings, "other.empty.new", "added");
+ keys = linked_list_create_with_items("new", NULL);
+ values = linked_list_create_with_items("added", NULL);
+ verify_key_values(keys, values, "other.empty");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "main.unknown");
+}
+END_TEST
+
+#define include1 "/tmp/strongswan-settings-test-include1"
+#define include2 "/tmp/strongswan-settings-test-include2"
+
+START_SETUP(setup_include_config)
+{
+ chunk_t inc1 = chunk_from_str(
+ "main {\n"
+ " key1 = n1\n"
+ " key2 = n2\n"
+ " none = \n"
+ " sub1 {\n"
+ " key3 = value\n"
+ " }\n"
+ " sub2 {\n"
+ " sub3 = val3\n"
+ " }\n"
+ " include " include2 "\n"
+ "}");
+ chunk_t inc2 = chunk_from_str(
+ "key2 = v2\n"
+ "sub1 {\n"
+ " key = val\n"
+ "}");
+ ck_assert(chunk_write(inc1, include1, 0022, TRUE));
+ ck_assert(chunk_write(inc2, include2, 0022, TRUE));
+}
+END_SETUP
+
+START_TEARDOWN(teardown_include_config)
+{
+ settings->destroy(settings);
+ unlink(include2);
+ unlink(include1);
+ unlink(path);
+}
+END_TEARDOWN
+
+static void verify_include()
+{
+ verify_string("n1", "main.key1");
+ verify_string("v2", "main.key2");
+ verify_string("", "main.none");
+ verify_string("val", "main.sub1.key");
+ verify_string("v2", "main.sub1.key2");
+ verify_string("val", "main.sub1.sub1.key");
+ verify_string("value", "main.sub1.key3");
+ verify_string("value", "main.sub1.include");
+ verify_string("val3", "main.sub2.sub3");
+}
+
+START_TEST(test_include)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " include " include2 "\n"
+ " }\n"
+ "}\n"
+ "# currently there must be a newline after include statements\n"
+ "include " include1 "\n");
+
+ create_settings(contents);
+ verify_include();
+}
+END_TEST
+
+START_TEST(test_load_files)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = v2\n"
+ " sub1 {\n"
+ " key = val\n"
+ " }\n"
+ " }\n"
+ "}");
+
+ create_settings(contents);
+
+ ck_assert(settings->load_files(settings, include1, TRUE));
+ verify_include();
+
+ ck_assert(settings->load_files(settings, include2, FALSE));
+ verify_null("main.key1");
+ verify_string("v2", "key2");
+ verify_string("val", "sub1.key");
+ verify_null("main.sub1.key3");
+}
+END_TEST
+
+START_TEST(test_load_files_section)
+{
+ chunk_t contents = chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " }\n"
+ "}");
+
+ create_settings(contents);
+
+ ck_assert(settings->load_files_section(settings, include1, TRUE, ""));
+ ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub1"));
+ verify_include();
+
+ /* non existing files are no failure */
+ ck_assert(settings->load_files_section(settings, include1".conf", TRUE, ""));
+ verify_include();
+
+ /* unreadable files are */
+ ck_assert(chunk_write(contents, include1".no", 0444, TRUE));
+ ck_assert(!settings->load_files_section(settings, include1".no", TRUE, ""));
+ unlink(include1".no");
+ verify_include();
+
+ ck_assert(settings->load_files_section(settings, include2, FALSE, "main"));
+ verify_null("main.key1");
+ verify_string("v2", "main.key2");
+ verify_string("val", "main.sub1.key");
+ verify_null("main.sub1.key3");
+ verify_null("main.sub2.sub3");
+
+ ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub2"));
+ verify_string("v2", "main.sub2.key2");
+ verify_string("val", "main.sub2.sub1.key");
+}
+END_TEST
+
+START_SETUP(setup_fallback_config)
+{
+ create_settings(chunk_from_str(
+ "main {\n"
+ " key1 = val1\n"
+ " sub1 {\n"
+ " key1 = val1\n"
+ " }\n"
+ "}\n"
+ "sub {\n"
+ " key1 = subval1\n"
+ " key2 = subval2\n"
+ " subsub {\n"
+ " subkey1 = subsubval1\n"
+ " }\n"
+ "}\n"
+ "base {\n"
+ " key1 = baseval1\n"
+ " key2 = baseval2\n"
+ " sub1 {\n"
+ " key1 = subbase1\n"
+ " key2 = subbase2\n"
+ " key3 = subbase3\n"
+ " subsub {\n"
+ " subkey1 = subsubbaseval1\n"
+ " subkey2 = subsubbaseval2\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " key4 = subbase4\n"
+ " }\n"
+ "}"));
+}
+END_SETUP
+
+START_TEST(test_add_fallback)
+{
+ linked_list_t *keys, *values;
+
+ settings->add_fallback(settings, "main.sub1", "sub");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ /* fallbacks are preserved even if the complete config is replaced */
+ settings->load_files(settings, path, FALSE);
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ keys = linked_list_create_with_items("sub1", NULL);
+ verify_sections(keys, "main");
+ keys = linked_list_create_with_items("subsub", NULL);
+ verify_sections(keys, "main.sub1");
+
+ keys = linked_list_create_with_items("key1", NULL);
+ values = linked_list_create_with_items("val1", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key1", "key2", NULL);
+ values = linked_list_create_with_items("val1", "subval2", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ keys = linked_list_create_with_items("subkey1", NULL);
+ values = linked_list_create_with_items("subsubval1", NULL);
+ verify_key_values(keys, values, "main.sub1.subsub");
+
+ settings->add_fallback(settings, "main", "base");
+ verify_string("val1", "main.key1");
+ verify_string("baseval2", "main.key2");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+ verify_string("subsubbaseval2", "main.sub1.subsub.subkey2");
+ verify_string("subbase3", "main.sub1.key3");
+ verify_string("subbase4", "main.sub2.key4");
+
+
+ keys = linked_list_create_with_items("sub1", "sub2", NULL);
+ verify_sections(keys, "main");
+ keys = linked_list_create_with_items("subsub", NULL);
+ verify_sections(keys, "main.sub1");
+
+ keys = linked_list_create_with_items("key1", "key2", NULL);
+ values = linked_list_create_with_items("val1", "baseval2", NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("key1", "key2", "key3", NULL);
+ values = linked_list_create_with_items("val1", "subval2", "subbase3", NULL);
+ verify_key_values(keys, values, "main.sub1");
+
+ keys = linked_list_create_with_items("subkey1", "subkey2", NULL);
+ values = linked_list_create_with_items("subsubval1", "subsubbaseval2", NULL);
+ verify_key_values(keys, values, "main.sub1.subsub");
+
+ settings->set_str(settings, "main.sub1.key2", "val2");
+ verify_string("val2", "main.sub1.key2");
+ settings->set_str(settings, "main.sub1.subsub.subkey2", "val2");
+ verify_string("val2", "main.sub1.subsub.subkey2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+}
+END_TEST
+
+START_TEST(test_add_fallback_printf)
+{
+ settings->add_fallback(settings, "%s.sub1", "sub", "main");
+ verify_string("val1", "main.sub1.key1");
+ verify_string("subval2", "main.sub1.key2");
+ verify_string("subsubval1", "main.sub1.subsub.subkey1");
+
+ settings->add_fallback(settings, "%s.%s2", "%s.%s1", "main", "sub");
+ verify_string("val1", "main.sub2.key1");
+ verify_string("subval2", "main.sub2.key2");
+ verify_string("subsubval1", "main.sub2.subsub.subkey1");
+}
+END_TEST
+
+START_SETUP(setup_invalid_config)
+{
+ create_settings(chunk_from_str(
+ "# section without name\n"
+ "{\n"
+ " key1 = val1\n"
+ "}\n"
+ "main {\n"
+ " key2 = val2\n"
+ " # value without key\n"
+ " = val3\n"
+ " key4 = val4\n"
+ " # key without value does not change it\n"
+ " key4\n"
+ " # subsection without name\n"
+ " {\n"
+ " key5 = val5\n"
+ " }\n"
+ " # empty include pattern\n"
+ " include\n"
+ " key6 = val6\n"
+ "}"));
+}
+END_SETUP
+
+START_TEST(test_invalid)
+{
+ linked_list_t *keys, *values;
+ chunk_t contents;
+
+ verify_null("key1");
+ verify_null(".key1");
+ verify_null("%s.key1", "");
+ verify_string("val2", "main.key2");
+ verify_string("val4", "main.key4");
+ verify_null("main..key5");
+ verify_string("val6", "main.key6");
+
+ keys = linked_list_create_with_items("main", NULL);
+ verify_sections(keys, "");
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "main");
+
+ keys = linked_list_create_with_items("key2", "key4", "key6", NULL);
+ values = linked_list_create_with_items("val2", "val4", "val6", NULL);
+ verify_key_values(keys, values, "main");
+
+ /* FIXME: we should probably fix this */
+ contents = chunk_from_str(
+ "requires = newline");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "unterminated {\n"
+ " not = valid\n");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "singleline { not = valid }\n");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+}
+END_TEST
+
+Suite *settings_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("settings");
+
+ tc = tcase_create("get/set_str (basic behavior)");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_get_str);
+ tcase_add_test(tc, test_get_str_printf);
+ tcase_add_test(tc, test_set_str);
+ tcase_add_test(tc, test_set_str_printf);
+ tcase_add_test(tc, test_set_default_str);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_bool");
+ tcase_add_checked_fixture(tc, setup_bool_config, teardown_config);
+ tcase_add_test(tc, test_get_bool);
+ tcase_add_test(tc, test_set_bool);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_int");
+ tcase_add_checked_fixture(tc, setup_int_config, teardown_config);
+ tcase_add_test(tc, test_get_int);
+ tcase_add_test(tc, test_set_int);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_double");
+ tcase_add_checked_fixture(tc, setup_double_config, teardown_config);
+ tcase_add_test(tc, test_get_double);
+ tcase_add_test(tc, test_set_double);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("get/set_time");
+ tcase_add_checked_fixture(tc, setup_time_config, teardown_config);
+ tcase_add_test(tc, test_get_time);
+ tcase_add_test(tc, test_set_time);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("section enumerator");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_section_enumerator);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("key/value enumerator");
+ tcase_add_checked_fixture(tc, setup_base_config, teardown_config);
+ tcase_add_test(tc, test_key_value_enumerator);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("include/load_files[_section]");
+ tcase_add_checked_fixture(tc, setup_include_config, teardown_include_config);
+ tcase_add_test(tc, test_include);
+ tcase_add_test(tc, test_load_files);
+ tcase_add_test(tc, test_load_files_section);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("fallback");
+ tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config);
+ tcase_add_test(tc, test_add_fallback);
+ tcase_add_test(tc, test_add_fallback_printf);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("invalid data");
+ tcase_add_checked_fixture(tc, setup_invalid_config, teardown_config);
+ tcase_add_test(tc, test_invalid);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c
new file mode 100644
index 000000000..2d3173d46
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_stream.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+static char* services[] = {
+ "unix:///tmp/strongswan-test-service.sck",
+ "tcp://127.0.0.1:7766",
+ "tcp://[::1]:7766",
+};
+
+static char msg[] = "testmessage";
+static int msglen = 12;
+
+static bool servicing(void *data, stream_t *stream)
+{
+ char buf[64];
+ ssize_t len, total;
+
+ ck_assert(streq((char*)data, "test"));
+
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, buf, len, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+
+ return FALSE;
+}
+
+START_TEST(test_sync)
+{
+ char buf[64];
+ stream_service_t *service;
+ stream_t *stream;
+ ssize_t len, total;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 1);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, msg, msglen, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ ck_assert(streq(buf, msg));
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool on_write(void *data, stream_t *stream)
+{
+ ssize_t len, total;
+
+ ck_assert(streq((char*)data, "test-write"));
+ for (total = 0; total < msglen;)
+ {
+ len = stream->write(stream, msg, msglen, TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ return FALSE;
+}
+
+static bool read_done = FALSE;
+
+static bool on_read(void *data, stream_t *stream)
+{
+ ssize_t len, total;
+ char buf[64];
+
+ ck_assert(streq((char*)data, "test-read"));
+ for (total = 0; total < msglen;)
+ {
+ len = stream->read(stream, buf, sizeof(buf), TRUE);
+ ck_assert(len > 0);
+ total += len;
+ }
+ ck_assert(streq(buf, msg));
+ read_done = TRUE;
+ return FALSE;
+}
+
+START_TEST(test_async)
+{
+ stream_service_t *service;
+ stream_t *stream;
+
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 0);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ read_done = FALSE;
+ stream->on_write(stream, (stream_cb_t)on_write, "test-write");
+ stream->on_read(stream, (stream_cb_t)on_read, "test-read");
+
+ while (!read_done)
+ {
+ usleep(1000);
+ }
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool all(void *data, stream_t *stream)
+{
+ char buf[64], *pos;
+ ssize_t len;
+ int i;
+
+ pos = buf;
+ for (i = 0; i < msglen; i++)
+ {
+ len = stream->read(stream, pos, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ pos += len;
+ }
+ pos = buf;
+ for (i = 0; i < msglen; i++)
+ {
+ len = stream->write(stream, pos, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ pos += len;
+ }
+
+ return FALSE;
+}
+
+START_TEST(test_all)
+{
+ char buf[64];
+ stream_service_t *service;
+ stream_t *stream;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 1);
+ ck_assert(service != NULL);
+ service->on_accept(service, all, NULL, JOB_PRIO_HIGH, 1);
+
+ stream = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(stream != NULL);
+ ck_assert(stream->write_all(stream, msg, msglen));
+ ck_assert(stream->read_all(stream, buf, msglen));
+ ck_assert(streq(buf, msg));
+ stream->destroy(stream);
+
+ service->destroy(service);
+}
+END_TEST
+
+static bool concurrency(void *data, stream_t *stream)
+{
+ static refcount_t refs = 0;
+ u_int current;
+ ssize_t len;
+
+ current = ref_get(&refs);
+ ck_assert(current <= 3);
+ len = stream->write(stream, "x", 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ usleep(1000);
+ ignore_result(ref_put(&refs));
+
+ return FALSE;
+}
+
+START_TEST(test_concurrency)
+{
+ stream_service_t *service;
+ stream_t *streams[10];
+ ssize_t len;
+ char x;
+ int i;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ service = lib->streams->create_service(lib->streams, services[_i], 10);
+ ck_assert(service != NULL);
+ service->on_accept(service, concurrency, NULL, JOB_PRIO_HIGH, 3);
+
+ for (i = 0; i < countof(streams); i++)
+ {
+ streams[i] = lib->streams->connect(lib->streams, services[_i]);
+ ck_assert(streams[i] != NULL);
+ }
+ for (i = 0; i < countof(streams); i++)
+ {
+ len = streams[i]->read(streams[i], &x, 1, TRUE);
+ ck_assert_int_eq(len, 1);
+ ck_assert_int_eq(x, 'x');
+ }
+ for (i = 0; i < countof(streams); i++)
+ {
+ streams[i]->destroy(streams[i]);
+ }
+ service->destroy(service);
+}
+END_TEST
+
+Suite *stream_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("stream");
+
+ tc = tcase_create("sync");
+ tcase_add_loop_test(tc, test_sync, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("async");
+ tcase_add_loop_test(tc, test_async, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("all");
+ tcase_add_loop_test(tc, test_all, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("concurrency");
+ tcase_add_loop_test(tc, test_concurrency, 0, countof(services));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_test_rng.c b/src/libstrongswan/tests/suites/test_test_rng.c
new file mode 100644
index 000000000..9a983b677
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_test_rng.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <tests/utils/test_rng.h>
+#include <utils/test.h>
+
+START_TEST(test_test_rng)
+{
+ rng_t *entropy;
+ chunk_t in, in1, in2, out;
+
+ in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06);
+ in2 = chunk_from_chars(0x07, 0x08);
+ in = chunk_cat("cc", in1, in2);
+
+ entropy = test_rng_create(in);
+ ck_assert(entropy->allocate_bytes(entropy, 6, &out));
+ ck_assert(chunk_equals(in1, out));
+ ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
+ ck_assert(memeq(in2.ptr, out.ptr, in2.len));
+ ck_assert(!entropy->get_bytes(entropy, 4, out.ptr));
+ chunk_free(&out);
+ ck_assert(!entropy->allocate_bytes(entropy, 4, &out));
+ entropy->destroy(entropy);
+ chunk_free(&in);
+}
+END_TEST
+
+
+Suite *test_rng_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("test_rng");
+
+ tc = tcase_create("test_rng");
+ tcase_add_test(tc, test_test_rng);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c
new file mode 100644
index 000000000..844959e46
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_threading.c
@@ -0,0 +1,1466 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <sched.h>
+#include <unistd.h>
+
+#include <threading/thread.h>
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <threading/rwlock.h>
+#include <threading/rwlock_condvar.h>
+#include <threading/spinlock.h>
+#include <threading/semaphore.h>
+#include <threading/thread_value.h>
+
+/*******************************************************************************
+ * recursive mutex test
+ */
+
+#define THREADS 20
+
+/**
+ * Thread barrier data
+ */
+typedef struct {
+ mutex_t *mutex;
+ condvar_t *cond;
+ int count;
+ int current;
+ bool active;
+} barrier_t;
+
+/**
+ * Create a thread barrier for count threads
+ */
+static barrier_t* barrier_create(int count)
+{
+ barrier_t *this;
+
+ INIT(this,
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .cond = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .count = count,
+ );
+
+ return this;
+}
+
+/**
+ * Destroy a thread barrier
+ */
+static void barrier_destroy(barrier_t *this)
+{
+ this->mutex->destroy(this->mutex);
+ this->cond->destroy(this->cond);
+ free(this);
+}
+
+/**
+ * Wait to have configured number of threads in barrier
+ */
+static bool barrier_wait(barrier_t *this)
+{
+ bool winner = FALSE;
+
+ this->mutex->lock(this->mutex);
+ if (!this->active)
+ { /* first, reset */
+ this->active = TRUE;
+ this->current = 0;
+ }
+
+ this->current++;
+ while (this->current < this->count)
+ {
+ this->cond->wait(this->cond, this->mutex);
+ }
+ if (this->active)
+ { /* first, win */
+ winner = TRUE;
+ this->active = FALSE;
+ }
+ this->mutex->unlock(this->mutex);
+ this->cond->broadcast(this->cond);
+ sched_yield();
+
+ return winner;
+}
+
+/**
+ * Barrier for some tests
+ */
+static barrier_t *barrier;
+
+/**
+ * A mutex for tests requiring one
+ */
+static mutex_t *mutex;
+
+/**
+ * A condvar for tests requiring one
+ */
+static condvar_t *condvar;
+
+/**
+ * A counter for signaling
+ */
+static int sigcount;
+
+static void *mutex_run(void *data)
+{
+ int locked = 0;
+ int i;
+
+ /* wait for all threads before getting in action */
+ barrier_wait(barrier);
+
+ for (i = 0; i < 100; i++)
+ {
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ locked++;
+ sched_yield();
+ if (locked > 1)
+ {
+ fail("two threads locked the mutex concurrently");
+ }
+ locked--;
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ }
+ return NULL;
+}
+
+START_TEST(test_mutex)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ barrier = barrier_create(THREADS);
+ mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
+
+ for (i = 0; i < 10; i++)
+ {
+ mutex->lock(mutex);
+ mutex->unlock(mutex);
+ }
+ for (i = 0; i < 10; i++)
+ {
+ mutex->lock(mutex);
+ }
+ for (i = 0; i < 10; i++)
+ {
+ mutex->unlock(mutex);
+ }
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(mutex_run, NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ barrier_destroy(barrier);
+}
+END_TEST
+
+/**
+ * Spinlock for testing
+ */
+static spinlock_t *spinlock;
+
+static void *spinlock_run(void *data)
+{
+ int i, *locked = (int*)data;
+
+ barrier_wait(barrier);
+
+ for (i = 0; i < 1000; i++)
+ {
+ spinlock->lock(spinlock);
+ (*locked)++;
+ ck_assert_int_eq(*locked, 1);
+ (*locked)--;
+ spinlock->unlock(spinlock);
+ }
+ return NULL;
+}
+
+START_TEST(test_spinlock)
+{
+ thread_t *threads[THREADS];
+ int i, locked = 0;
+
+ barrier = barrier_create(THREADS);
+ spinlock = spinlock_create();
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(spinlock_run, &locked);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ spinlock->destroy(spinlock);
+ barrier_destroy(barrier);
+}
+END_TEST
+
+static void *condvar_run(void *data)
+{
+ mutex->lock(mutex);
+ sigcount++;
+ condvar->signal(condvar);
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_run, NULL);
+ }
+
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_recursive_run(void *data)
+{
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ sigcount++;
+ condvar->signal(condvar);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar_recursive)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_recursive_run, NULL);
+ }
+
+ mutex->lock(mutex);
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_run_broad(void *data)
+{
+ mutex->lock(mutex);
+ while (sigcount < 0)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+ return NULL;
+}
+
+START_TEST(test_condvar_broad)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_run_broad, NULL);
+ }
+
+ sched_yield();
+
+ mutex->lock(mutex);
+ sigcount = 1;
+ condvar->broadcast(condvar);
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+START_TEST(test_condvar_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ if (condvar->timed_wait(condvar, mutex, diff.tv_usec / 1000))
+ {
+ break;
+ }
+ }
+ time_monotonic(&end);
+ mutex->unlock(mutex);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(condvar_run, NULL);
+
+ mutex->lock(mutex);
+ while (sigcount == 0)
+ {
+ ck_assert(!condvar->timed_wait(condvar, mutex, 1000));
+ }
+ mutex->unlock(mutex);
+
+ thread->join(thread);
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+START_TEST(test_condvar_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ mutex->lock(mutex);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ if (condvar->timed_wait_abs(condvar, mutex, abso))
+ {
+ break;
+ }
+ }
+ time_monotonic(&end);
+ mutex->unlock(mutex);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(condvar_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ mutex->lock(mutex);
+ while (sigcount == 0)
+ {
+ ck_assert(!condvar->timed_wait_abs(condvar, mutex, abso));
+ }
+ mutex->unlock(mutex);
+
+ thread->join(thread);
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+static void *condvar_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ mutex->lock(mutex);
+
+ sigcount++;
+ condvar->broadcast(condvar);
+
+ thread_cleanup_push((void*)mutex->unlock, mutex);
+ thread_cancelability(TRUE);
+ while (TRUE)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ thread_cleanup_pop(TRUE);
+
+ return NULL;
+}
+
+START_TEST(test_condvar_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(condvar_cancel_run, NULL);
+ }
+
+ /* wait for all threads */
+ mutex->lock(mutex);
+ while (sigcount < THREADS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+}
+END_TEST
+
+/**
+ * RWlock for different tests
+ */
+static rwlock_t *rwlock;
+
+static void *rwlock_run(refcount_t *refs)
+{
+ rwlock->read_lock(rwlock);
+ ref_get(refs);
+ sched_yield();
+ ignore_result(ref_put(refs));
+ rwlock->unlock(rwlock);
+
+ if (rwlock->try_write_lock(rwlock))
+ {
+ ck_assert_int_eq(*refs, 0);
+ sched_yield();
+ rwlock->unlock(rwlock);
+ }
+
+ rwlock->write_lock(rwlock);
+ ck_assert_int_eq(*refs, 0);
+ sched_yield();
+ rwlock->unlock(rwlock);
+
+ rwlock->read_lock(rwlock);
+ rwlock->read_lock(rwlock);
+ ref_get(refs);
+ sched_yield();
+ ignore_result(ref_put(refs));
+ rwlock->unlock(rwlock);
+ rwlock->unlock(rwlock);
+
+ return NULL;
+}
+
+START_TEST(test_rwlock)
+{
+ thread_t *threads[THREADS];
+ refcount_t refs = 0;
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create((void*)rwlock_run, &refs);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+}
+END_TEST
+
+/**
+ * Rwlock condvar
+ */
+static rwlock_condvar_t *rwcond;
+
+static void *rwlock_condvar_run(void *data)
+{
+ rwlock->write_lock(rwlock);
+ sigcount++;
+ rwcond->signal(rwcond);
+ rwlock->unlock(rwlock);
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_run, NULL);
+ }
+
+ rwlock->write_lock(rwlock);
+ while (sigcount < THREADS)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+static void *rwlock_condvar_run_broad(void *data)
+{
+ rwlock->write_lock(rwlock);
+ while (sigcount < 0)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar_broad)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_run_broad, NULL);
+ }
+
+ sched_yield();
+
+ rwlock->write_lock(rwlock);
+ sigcount = 1;
+ rwcond->broadcast(rwcond);
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+START_TEST(test_rwlock_condvar_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ rwlock->write_lock(rwlock);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ if (rwcond->timed_wait(rwcond, rwlock, diff.tv_usec / 1000))
+ {
+ break;
+ }
+ }
+ rwlock->unlock(rwlock);
+ time_monotonic(&end);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(rwlock_condvar_run, NULL);
+
+ rwlock->write_lock(rwlock);
+ while (sigcount == 0)
+ {
+ ck_assert(!rwcond->timed_wait(rwcond, rwlock, 1000));
+ }
+ rwlock->unlock(rwlock);
+
+ thread->join(thread);
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+START_TEST(test_rwlock_condvar_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ rwlock->write_lock(rwlock);
+ while (TRUE)
+ {
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ if (rwcond->timed_wait_abs(rwcond, rwlock, abso))
+ {
+ break;
+ }
+ }
+ rwlock->unlock(rwlock);
+ time_monotonic(&end);
+ ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(rwlock_condvar_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ rwlock->write_lock(rwlock);
+ while (sigcount == 0)
+ {
+ ck_assert(!rwcond->timed_wait_abs(rwcond, rwlock, abso));
+ }
+ rwlock->unlock(rwlock);
+
+ thread->join(thread);
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+static void *rwlock_condvar_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ rwlock->write_lock(rwlock);
+
+ sigcount++;
+ rwcond->broadcast(rwcond);
+
+ thread_cleanup_push((void*)rwlock->unlock, rwlock);
+ thread_cancelability(TRUE);
+ while (TRUE)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ thread_cleanup_pop(TRUE);
+
+ return NULL;
+}
+
+START_TEST(test_rwlock_condvar_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ rwcond = rwlock_condvar_create();
+ sigcount = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(rwlock_condvar_cancel_run, NULL);
+ }
+
+ /* wait for all threads */
+ rwlock->write_lock(rwlock);
+ while (sigcount < THREADS)
+ {
+ rwcond->wait(rwcond, rwlock);
+ }
+ rwlock->unlock(rwlock);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ rwlock->destroy(rwlock);
+ rwcond->destroy(rwcond);
+}
+END_TEST
+
+/**
+ * Semaphore for different tests
+ */
+static semaphore_t *semaphore;
+
+static void *semaphore_run(void *data)
+{
+ semaphore->post(semaphore);
+ return NULL;
+}
+
+START_TEST(test_semaphore)
+{
+ thread_t *threads[THREADS];
+ int i, initial = 5;
+
+ semaphore = semaphore_create(initial);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(semaphore_run, NULL);
+ }
+ for (i = 0; i < THREADS + initial; i++)
+ {
+ semaphore->wait(semaphore);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+START_TEST(test_semaphore_timed)
+{
+ thread_t *thread;
+ timeval_t start, end, diff = { .tv_usec = 50000 };
+
+ semaphore = semaphore_create(0);
+
+ time_monotonic(&start);
+ ck_assert(semaphore->timed_wait(semaphore, diff.tv_usec / 1000));
+ time_monotonic(&end);
+ timersub(&end, &start, &end);
+ ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
+ end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+
+ thread = thread_create(semaphore_run, NULL);
+
+ ck_assert(!semaphore->timed_wait(semaphore, 1000));
+
+ thread->join(thread);
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+START_TEST(test_semaphore_timed_abs)
+{
+ thread_t *thread;
+ timeval_t start, end, abso, diff = { .tv_usec = 50000 };
+
+ semaphore = semaphore_create(0);
+
+ time_monotonic(&start);
+ timeradd(&start, &diff, &abso);
+ ck_assert(semaphore->timed_wait_abs(semaphore, abso));
+ time_monotonic(&end);
+ ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
+ end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+
+ thread = thread_create(semaphore_run, NULL);
+
+ time_monotonic(&start);
+ diff.tv_sec = 1;
+ timeradd(&start, &diff, &abso);
+ ck_assert(!semaphore->timed_wait_abs(semaphore, abso));
+
+ thread->join(thread);
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+static void *semaphore_cancel_run(void *data)
+{
+ refcount_t *ready = (refcount_t*)data;
+
+ thread_cancelability(FALSE);
+ ref_get(ready);
+
+ thread_cancelability(TRUE);
+ semaphore->wait(semaphore);
+
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_semaphore_cancel)
+{
+ thread_t *threads[THREADS];
+ refcount_t ready = 0;
+ int i;
+
+ semaphore = semaphore_create(0);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(semaphore_cancel_run, &ready);
+ }
+ while (ready < THREADS)
+ {
+ sched_yield();
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+
+ semaphore->destroy(semaphore);
+}
+END_TEST
+
+static void *join_run(void *data)
+{
+ /* force some context switches */
+ sched_yield();
+ return (void*)((uintptr_t)data + THREADS);
+}
+
+START_TEST(test_join)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(join_run, (void*)(uintptr_t)i);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS);
+ }
+}
+END_TEST
+
+static void *exit_join_run(void *data)
+{
+ sched_yield();
+ thread_exit((void*)((uintptr_t)data + THREADS));
+ /* not reached */
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_join_exit)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(exit_join_run, (void*)(uintptr_t)i);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS);
+ }
+}
+END_TEST
+
+static void *detach_run(void *data)
+{
+ refcount_t *running = (refcount_t*)data;
+
+ ignore_result(ref_put(running));
+ return NULL;
+}
+
+START_TEST(test_detach)
+{
+ thread_t *threads[THREADS];
+ int i;
+ refcount_t running = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ref_get(&running);
+ threads[i] = thread_create(detach_run, &running);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->detach(threads[i]);
+ }
+ while (running > 0)
+ {
+ sched_yield();
+ }
+ /* no checks done here, but we check that thread state gets cleaned
+ * up with leak detective. */
+}
+END_TEST
+
+static void *detach_exit_run(void *data)
+{
+ refcount_t *running = (refcount_t*)data;
+
+ ignore_result(ref_put(running));
+ thread_exit(NULL);
+ /* not reached */
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_detach_exit)
+{
+ thread_t *threads[THREADS];
+ int i;
+ refcount_t running = 0;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ref_get(&running);
+ threads[i] = thread_create(detach_exit_run, &running);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->detach(threads[i]);
+ }
+ while (running > 0)
+ {
+ sched_yield();
+ }
+ /* no checks done here, but we check that thread state gets cleaned
+ * up with leak detective. */
+}
+END_TEST
+
+static void *cancel_run(void *data)
+{
+ /* default cancellability should be TRUE, so don't change it */
+ while (TRUE)
+ {
+ sleep(10);
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(cancel_run, NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+}
+END_TEST
+
+static void *cancel_onoff_run(void *data)
+{
+ bool *cancellable = (bool*)data;
+
+ thread_cancelability(FALSE);
+ *cancellable = FALSE;
+
+ /* we should not get cancelled here */
+ usleep(50000);
+
+ *cancellable = TRUE;
+ thread_cancelability(TRUE);
+
+ /* but here */
+ while (TRUE)
+ {
+ sleep(10);
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel_onoff)
+{
+ thread_t *threads[THREADS];
+ bool cancellable[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ cancellable[i] = TRUE;
+ threads[i] = thread_create(cancel_onoff_run, &cancellable[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ /* wait until thread has cleared its cancellability */
+ while (cancellable[i])
+ {
+ sched_yield();
+ }
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert(cancellable[i]);
+ }
+}
+END_TEST
+
+static void *cancel_point_run(void *data)
+{
+ thread_cancelability(FALSE);
+ while (TRUE)
+ {
+ /* implicitly enables cancellability */
+ thread_cancellation_point();
+ }
+ return NULL;
+}
+
+START_TEST(test_cancel_point)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(cancel_point_run, NULL);
+ }
+ sched_yield();
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ }
+}
+END_TEST
+
+static void cleanup1(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 1);
+ (*value)++;
+}
+
+static void cleanup2(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 2);
+ (*value)++;
+}
+
+static void cleanup3(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ ck_assert_int_eq(*value, 3);
+ (*value)++;
+}
+
+static void *cleanup_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+ return NULL;
+}
+
+START_TEST(test_cleanup)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_exit_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+ thread_exit(NULL);
+ ck_assert(FALSE);
+ return NULL;
+}
+
+START_TEST(test_cleanup_exit)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_exit_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_cancel_run(void *data)
+{
+ thread_cancelability(FALSE);
+
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+
+ thread_cancelability(TRUE);
+
+ while (TRUE)
+ {
+ sleep(1);
+ }
+ return NULL;
+}
+
+START_TEST(test_cleanup_cancel)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_cancel_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->cancel(threads[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static void *cleanup_pop_run(void *data)
+{
+ thread_cleanup_push(cleanup3, data);
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_push(cleanup1, data);
+
+ thread_cleanup_push(cleanup2, data);
+ thread_cleanup_pop(FALSE);
+
+ thread_cleanup_pop(TRUE);
+ return NULL;
+}
+
+START_TEST(test_cleanup_pop)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS];
+ int i;
+
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = 1;
+ threads[i] = thread_create(cleanup_pop_run, &values[i]);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 4);
+ }
+}
+END_TEST
+
+static thread_value_t *tls[10];
+
+static void *tls_run(void *data)
+{
+ uintptr_t value = (uintptr_t)data;
+ int i, j;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ ck_assert(tls[i]->get(tls[i]) == NULL);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], (void*)(value * i));
+ }
+ for (j = 0; j < 1000; j++)
+ {
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], (void*)(value * i));
+ ck_assert(tls[i]->get(tls[i]) == (void*)(value * i));
+ }
+ sched_yield();
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ ck_assert(tls[i]->get(tls[i]) == (void*)(value * i));
+ }
+ return (void*)(value + 1);
+}
+
+START_TEST(test_tls)
+{
+ thread_t *threads[THREADS];
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i] = thread_value_create(NULL);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i] = thread_create(tls_run, (void*)(uintptr_t)i);
+ }
+
+ ck_assert_int_eq((uintptr_t)tls_run((void*)(uintptr_t)(THREADS + 1)),
+ THREADS + 2);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + 1);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->destroy(tls[i]);
+ }
+}
+END_TEST
+
+static void tls_cleanup(void *data)
+{
+ uintptr_t *value = (uintptr_t*)data;
+
+ (*value)--;
+}
+
+static void *tls_cleanup_run(void *data)
+{
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->set(tls[i], data);
+ }
+ return NULL;
+}
+
+START_TEST(test_tls_cleanup)
+{
+ thread_t *threads[THREADS];
+ uintptr_t values[THREADS], main_value = countof(tls);
+ int i;
+
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i] = thread_value_create(tls_cleanup);
+ }
+ for (i = 0; i < THREADS; i++)
+ {
+ values[i] = countof(tls);
+ threads[i] = thread_create(tls_cleanup_run, &values[i]);
+ }
+
+ tls_cleanup_run(&main_value);
+
+ for (i = 0; i < THREADS; i++)
+ {
+ threads[i]->join(threads[i]);
+ ck_assert_int_eq(values[i], 0);
+ }
+ for (i = 0; i < countof(tls); i++)
+ {
+ tls[i]->destroy(tls[i]);
+ }
+ ck_assert_int_eq(main_value, 0);
+}
+END_TEST
+
+Suite *threading_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("threading");
+
+ tc = tcase_create("recursive mutex");
+ tcase_add_test(tc, test_mutex);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("spinlock");
+ tcase_add_test(tc, test_spinlock);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("condvar");
+ tcase_add_test(tc, test_condvar);
+ tcase_add_test(tc, test_condvar_recursive);
+ tcase_add_test(tc, test_condvar_broad);
+ tcase_add_test(tc, test_condvar_timed);
+ tcase_add_test(tc, test_condvar_timed_abs);
+ tcase_add_test(tc, test_condvar_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("rwlock");
+ tcase_add_test(tc, test_rwlock);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("rwlock condvar");
+ tcase_add_test(tc, test_rwlock_condvar);
+ tcase_add_test(tc, test_rwlock_condvar_broad);
+ tcase_add_test(tc, test_rwlock_condvar_timed);
+ tcase_add_test(tc, test_rwlock_condvar_timed_abs);
+ tcase_add_test(tc, test_rwlock_condvar_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("semaphore");
+ tcase_add_test(tc, test_semaphore);
+ tcase_add_test(tc, test_semaphore_timed);
+ tcase_add_test(tc, test_semaphore_timed_abs);
+ tcase_add_test(tc, test_semaphore_cancel);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread joining");
+ tcase_add_test(tc, test_join);
+ tcase_add_test(tc, test_join_exit);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread detaching");
+ tcase_add_test(tc, test_detach);
+ tcase_add_test(tc, test_detach_exit);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread cancellation");
+ tcase_add_test(tc, test_cancel);
+ tcase_add_test(tc, test_cancel_onoff);
+ tcase_add_test(tc, test_cancel_point);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread cleanup");
+ tcase_add_test(tc, test_cleanup);
+ tcase_add_test(tc, test_cleanup_exit);
+ tcase_add_test(tc, test_cleanup_cancel);
+ tcase_add_test(tc, test_cleanup_pop);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("thread local storage");
+ tcase_add_test(tc, test_tls);
+ tcase_add_test(tc, test_tls_cleanup);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 3ca0412b4..0260726b2 100644
--- a/src/libstrongswan/tests/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -346,6 +346,46 @@ START_TEST(test_memstr)
END_TEST
/*******************************************************************************
+ * utils_memrchr
+ */
+
+static struct {
+ char *s;
+ int c;
+ size_t n;
+ int offset;
+} memrchr_data[] = {
+ {NULL, 'f', 0, -1},
+ {NULL, 'f', 3, -1},
+ {"", 'f', 0, -1},
+ {"", '\0', 1, 0},
+ {"foo", '\0', 3, -1},
+ {"foo", '\0', 4, 3},
+ {"foo", 'f', 3, 0},
+ {"foo", 'o', 3, 2},
+ {"foo", 'o', 2, 1},
+ {"foo", 'o', 1, -1},
+ {"foo", 'o', 0, -1},
+ {"foo", 'x', 3, -1},
+};
+
+START_TEST(test_utils_memrchr)
+{
+ void *ret;
+
+ ret = utils_memrchr(memrchr_data[_i].s, memrchr_data[_i].c, memrchr_data[_i].n);
+ if (memrchr_data[_i].offset >= 0)
+ {
+ ck_assert(ret == memrchr_data[_i].s + memrchr_data[_i].offset);
+ }
+ else
+ {
+ ck_assert(ret == NULL);
+ }
+}
+END_TEST
+
+/*******************************************************************************
* translate
*/
@@ -385,6 +425,140 @@ START_TEST(test_translate)
END_TEST
/*******************************************************************************
+ * strreplace
+ */
+
+static struct {
+ char *in;
+ char *out;
+ char *search;
+ char *replace;
+ bool allocated;
+} strreplace_data[] = {
+ /* invalid arguments */
+ {NULL, NULL, NULL, NULL, FALSE},
+ {"", "", NULL, NULL, FALSE},
+ {"", "", "", NULL, FALSE},
+ {"", "", NULL, "", FALSE},
+ {"", "", "", "", FALSE},
+ {"", "", "", "asdf", FALSE},
+ {"", "", "asdf", "", FALSE},
+ {"asdf", "asdf", NULL, NULL, FALSE},
+ {"asdf", "asdf", "", NULL, FALSE},
+ {"asdf", "asdf", NULL, "", FALSE},
+ {"asdf", "asdf", "", "", FALSE},
+ {"asdf", "asdf", "", "asdf", FALSE},
+ {"asdf", "asdf", "asdf", NULL, FALSE},
+ {"qwer", "qwer", "", "asdf", FALSE},
+ /* replacement shorter */
+ {"asdf", "", "asdf", "", TRUE},
+ {"asdfasdf", "", "asdf", "", TRUE},
+ {"asasdfdf", "asdf", "asdf", "", TRUE},
+ {"asdf", "df", "as", "", TRUE},
+ {"asdf", "as", "df", "", TRUE},
+ {"qwer", "qwer", "asdf", "", FALSE},
+ /* replacement same length */
+ {"a", "b", "a", "b", TRUE},
+ {"aaa", "bbb", "a", "b", TRUE},
+ {"aaa", "bbb", "aaa", "bbb", TRUE},
+ {"asdf", "asdf", "asdf", "asdf", TRUE},
+ {"qwer", "qwer", "asdf", "asdf", FALSE},
+ /* replacement longer */
+ {"asdf", "asdf", "", "asdf", FALSE},
+ {"asdf", "asdfasdf", "asdf", "asdfasdf", TRUE},
+ {"asdf", "asdfsdf", "a", "asdf", TRUE},
+ {"asdf", "asdasdf", "f", "asdf", TRUE},
+ {"aaa", "asdfasdfasdf", "a", "asdf", TRUE},
+ {"qwer", "qwer", "asdf", "asdfasdf", FALSE},
+ /* real examples */
+ {"http://x.org/no/spaces", "http://x.org/no/spaces", " ", "%20", FALSE},
+ {"http://x.org/end ", "http://x.org/end%20", " ", "%20", TRUE},
+ {" http://x.org/start", "%20http://x.org/start", " ", "%20", TRUE},
+ {" http://x.org/both ", "%20http://x.org/both%20", " ", "%20", TRUE},
+ {"http://x.org/ /slash", "http://x.org/%20/slash", " ", "%20", TRUE},
+ {"http://x.org/ /three", "http://x.org/%20%20%20/three", " ", "%20", TRUE},
+ {"http://x.org/ ", "http://x.org/%20%20%20%20%20%20", " ", "%20", TRUE},
+ {"http://x.org/%20/encoded", "http://x.org/%20/encoded", " ", "%20", FALSE},
+};
+
+START_TEST(test_strreplace)
+{
+ char *ret;
+
+ ret = strreplace(strreplace_data[_i].in, strreplace_data[_i].search,
+ strreplace_data[_i].replace);
+ if (ret && strreplace_data[_i].out)
+ {
+ ck_assert_str_eq(ret, strreplace_data[_i].out);
+ }
+ else
+ {
+ ck_assert(ret == strreplace_data[_i].out);
+ }
+ if (strreplace_data[_i].allocated)
+ {
+ ck_assert(ret != strreplace_data[_i].in);
+ free(ret);
+ }
+ else
+ {
+ ck_assert(ret == strreplace_data[_i].in);
+ }
+}
+END_TEST
+
+/*******************************************************************************
+ * path_dirname/basename
+ */
+
+static struct {
+ char *path;
+ char *dir;
+ char *base;
+} path_data[] = {
+ {NULL, ".", "."},
+ {"", ".", "."},
+ {".", ".", "."},
+ {"..", ".", ".."},
+ {"/", "/", "/"},
+ {"//", "/", "/"},
+ {"foo", ".", "foo"},
+ {"f/", ".", "f"},
+ {"foo/", ".", "foo"},
+ {"foo//", ".", "foo"},
+ {"/f", "/", "f"},
+ {"/f/", "/", "f"},
+ {"/foo", "/", "foo"},
+ {"/foo/", "/", "foo"},
+ {"//foo/", "/", "foo"},
+ {"foo/bar", "foo", "bar"},
+ {"foo//bar", "foo", "bar"},
+ {"/foo/bar", "/foo", "bar"},
+ {"/foo/bar/", "/foo", "bar"},
+ {"/foo/bar/baz", "/foo/bar", "baz"},
+};
+
+START_TEST(test_path_dirname)
+{
+ char *dir;
+
+ dir = path_dirname(path_data[_i].path);
+ ck_assert_str_eq(path_data[_i].dir, dir);
+ free(dir);
+}
+END_TEST
+
+START_TEST(test_path_basename)
+{
+ char *base;
+
+ base = path_basename(path_data[_i].path);
+ ck_assert_str_eq(path_data[_i].base, base);
+ free(base);
+}
+END_TEST
+
+/*******************************************************************************
* time_printf_hook
*/
@@ -539,10 +713,23 @@ Suite *utils_suite_create()
tcase_add_loop_test(tc, test_memstr, 0, countof(memstr_data));
suite_add_tcase(s, tc);
+ tc = tcase_create("utils_memrchr");
+ tcase_add_loop_test(tc, test_utils_memrchr, 0, countof(memrchr_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("translate");
tcase_add_loop_test(tc, test_translate, 0, countof(translate_data));
suite_add_tcase(s, tc);
+ tc = tcase_create("strreplace");
+ tcase_add_loop_test(tc, test_strreplace, 0, countof(strreplace_data));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("path_dirname/basename");
+ tcase_add_loop_test(tc, test_path_dirname, 0, countof(path_data));
+ tcase_add_loop_test(tc, test_path_basename, 0, countof(path_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("printf_hooks");
tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data));
tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data));
diff --git a/src/libstrongswan/tests/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c
index f2817d314..242ac9d09 100644
--- a/src/libstrongswan/tests/test_vectors.c
+++ b/src/libstrongswan/tests/suites/test_vectors.c
@@ -21,7 +21,8 @@
START_TEST(test_vectors)
{
- fail_if(lib->crypto->get_test_vector_failures(lib->crypto));
+ u_int failed = lib->crypto->get_test_vector_failures(lib->crypto);
+ fail_if(failed > 0, "%u test vectors failed", failed);
}
END_TEST
diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c
new file mode 100644
index 000000000..9415bead9
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_watcher.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <library.h>
+
+#include <sched.h>
+#include <unistd.h>
+#include <errno.h>
+
+static char testbuf[1] = "";
+
+static bool readcb(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(*(int*)data, fd);
+ ck_assert_int_eq(event, WATCHER_READ);
+
+ if (recv(fd, testbuf, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_read)
+{
+ int fd[2];
+ char c;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1);
+
+ lib->watcher->add(lib->watcher, fd[0], WATCHER_READ, readcb, &fd[0]);
+
+ for (c = 'a'; c <= 'z'; c++)
+ {
+ ck_assert_int_eq(write(fd[1], &c, 1), 1);
+ while (testbuf[0] != c)
+ {
+ sched_yield();
+ }
+ }
+
+ lib->watcher->remove(lib->watcher, fd[0]);
+ close(fd[0]);
+ close(fd[1]);
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool writecb(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_WRITE);
+ if (send(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_write)
+{
+ int fd[2];
+ char in = 'x', out;
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1);
+
+ lib->watcher->add(lib->watcher, fd[1], WATCHER_WRITE, writecb, &in);
+
+ ck_assert_int_eq(read(fd[0], &out, 1), 1);
+ ck_assert_int_eq(out, in);
+
+ lib->watcher->remove(lib->watcher, fd[1]);
+ close(fd[1]);
+ close(fd[0]);
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool multiread(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_READ);
+ if (recv(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_multiread)
+{
+ int fd[10][2], i;
+ char in, out[countof(fd)];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1);
+ lib->watcher->add(lib->watcher, fd[i][0],
+ WATCHER_READ, multiread, &out[i]);
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ for (in = 'a'; in <= 'z'; in++)
+ {
+ ck_assert_int_eq(write(fd[i][1], &in, 1), 1);
+ while (out[i] != in)
+ {
+ sched_yield();
+ }
+ }
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ lib->watcher->remove(lib->watcher, fd[i][0]);
+ close(fd[i][1]);
+ close(fd[i][0]);
+ }
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+static bool multiwrite(void *data, int fd, watcher_event_t event)
+{
+ ck_assert_int_eq(event, WATCHER_WRITE);
+ if (send(fd, data, 1, MSG_DONTWAIT) != 1)
+ {
+ ck_assert(errno == EAGAIN || errno == EWOULDBLOCK);
+ }
+ return TRUE;
+}
+
+START_TEST(test_multiwrite)
+{
+ int fd[10][2], i, j;
+ u_char out, in[countof(fd)];
+
+ lib->processor->set_threads(lib->processor, 8);
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1);
+ in[i] = i;
+ lib->watcher->add(lib->watcher, fd[i][1],
+ WATCHER_WRITE, multiwrite, &in[i]);
+ }
+
+ for (j = 0; j < 10; j++)
+ {
+ for (i = 0; i < countof(fd); i++)
+ {
+ ck_assert_int_eq(read(fd[i][0], &out, 1), 1);
+ ck_assert_int_eq(out, i);
+ }
+ }
+
+ for (i = 0; i < countof(fd); i++)
+ {
+ lib->watcher->remove(lib->watcher, fd[i][1]);
+ close(fd[i][1]);
+ close(fd[i][0]);
+ }
+
+ lib->processor->cancel(lib->processor);
+}
+END_TEST
+
+Suite *watcher_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("watcher");
+
+ tc = tcase_create("read");
+ tcase_add_test(tc, test_read);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("write");
+ tcase_add_test(tc, test_write);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("multiread");
+ tcase_add_test(tc, test_multiread);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("multiwrite");
+ tcase_add_test(tc, test_multiwrite);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index f85858504..0b26ee128 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,48 +15,170 @@
* for more details.
*/
-#include <unistd.h>
-
#include "test_runner.h"
#include <library.h>
#include <plugins/plugin_feature.h>
+#include <collections/array.h>
+#include <utils/test.h>
#include <dirent.h>
+#include <unistd.h>
+#include <limits.h>
+
+/**
+ * Get a tty color escape character for stderr
+ */
+#define TTY(color) tty_escape_get(2, TTY_FG_##color)
/**
- * Load plugins from builddir
+ * Initialize the lookup table for testable functions (defined in libstrongswan)
*/
-static bool load_plugins()
+static void testable_functions_create() __attribute__ ((constructor(1000)));
+static void testable_functions_create()
{
- enumerator_t *enumerator;
- char *name, path[PATH_MAX], dir[64];
+ testable_functions = hashtable_create(hashtable_hash_str,
+ hashtable_equals_str, 8);
+}
+
+/**
+ * Destroy the lookup table for testable functions
+ */
+static void testable_functions_destroy() __attribute__ ((destructor(1000)));
+static void testable_functions_destroy()
+{
+ testable_functions->destroy(testable_functions);
+ /* if leak detective is enabled plugins are not actually unloaded, which
+ * means their destructor is called AFTER this one when the process
+ * terminates, even though the priority says differently, make sure this
+ * does not crash */
+ testable_functions = NULL;
+}
+
+/**
+ * Load all available test suites
+ */
+static array_t *load_suites(test_configuration_t configs[],
+ test_runner_init_t init)
+{
+ array_t *suites;
+ bool old = FALSE;
+ int i;
- enumerator = enumerator_create_token(PLUGINS, " ", "");
- while (enumerator->enumerate(enumerator, &name))
+ library_init(NULL, "test-runner");
+
+ test_setup_handler();
+
+ if (init && !init(TRUE))
{
- snprintf(dir, sizeof(dir), "%s", name);
- translate(dir, "-", "_");
- snprintf(path, sizeof(path), "%s/%s/.libs", PLUGINDIR, dir);
- lib->plugins->add_path(lib->plugins, path);
+ library_deinit();
+ return NULL;
}
- enumerator->destroy(enumerator);
+ lib->plugins->status(lib->plugins, LEVEL_CTRL);
- return lib->plugins->load(lib->plugins, PLUGINS);
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+
+ suites = array_create(0, 0);
+
+ for (i = 0; configs[i].suite; i++)
+ {
+ if (configs[i].feature.type == 0 ||
+ lib->plugins->has_feature(lib->plugins, configs[i].feature))
+ {
+ array_insert(suites, -1, configs[i].suite());
+ }
+ }
+
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+
+ if (init)
+ {
+ init(FALSE);
+ }
+ library_deinit();
+
+ return suites;
}
-int main()
+/**
+ * Unload and destroy test suites and associated data
+ */
+static void unload_suites(array_t *suites)
{
- SRunner *sr;
- int nf;
+ test_suite_t *suite;
+ test_case_t *tcase;
- /* test cases are forked and there is no cleanup, so disable leak detective.
- * if test_suite.h is included leak detective is enabled in test cases */
- setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
- /* redirect all output to stderr (to redirect make's stdout to /dev/null) */
- dup2(2, 1);
+ while (array_remove(suites, 0, &suite))
+ {
+ while (array_remove(suite->tcases, 0, &tcase))
+ {
+ array_destroy(tcase->functions);
+ array_destroy(tcase->fixtures);
+ }
+ free(suite);
+ }
+ array_destroy(suites);
+}
- library_init(NULL);
+/**
+ * Run a single test function, return FALSE on failure
+ */
+static bool run_test(test_function_t *tfun, int i)
+{
+ if (test_restore_point())
+ {
+ tfun->cb(i);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Invoke fixture setup/teardown
+ */
+static bool call_fixture(test_case_t *tcase, bool up)
+{
+ enumerator_t *enumerator;
+ test_fixture_t *fixture;
+ bool failure = FALSE;
+
+ enumerator = array_create_enumerator(tcase->fixtures);
+ while (enumerator->enumerate(enumerator, &fixture))
+ {
+ if (test_restore_point())
+ {
+ if (up)
+ {
+ fixture->setup();
+ }
+ else
+ {
+ fixture->teardown();
+ }
+ }
+ else
+ {
+ failure = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return !failure;
+}
+
+/**
+ * Test initialization, initializes libstrongswan for the next run
+ */
+static bool pre_test(test_runner_init_t init)
+{
+ library_init(NULL, "test-runner");
/* use non-blocking RNG to generate keys fast */
lib->settings->set_default_str(lib->settings,
@@ -62,45 +186,305 @@ int main()
lib->settings->get_str(lib->settings,
"libstrongswan.plugins.random.urandom", "/dev/urandom"));
- if (!load_plugins())
+ if (lib->leak_detective)
+ {
+ /* disable leak reports during testing */
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ NULL, NULL, NULL);
+ }
+ if (init && !init(TRUE))
{
library_deinit();
- return EXIT_FAILURE;
+ return FALSE;
}
- lib->plugins->status(lib->plugins, LEVEL_CTRL);
+ dbg_default_set_level(LEVEL_SILENT);
+ return TRUE;
+}
+
+/**
+ * Failure description
+ */
+typedef struct {
+ char *name;
+ char msg[512 - sizeof(char*) - 2 * sizeof(int)];
+ const char *file;
+ int line;
+ int i;
+ backtrace_t *bt;
+} failure_t;
+
+/**
+ * Data passed to leak report callbacks
+ */
+typedef struct {
+ array_t *failures;
+ char *name;
+ int i;
+ int leaks;
+} report_data_t;
+
+/**
+ * Leak report callback, build failures from leaks
+ */
+static void report_leaks(report_data_t *data, int count, size_t bytes,
+ backtrace_t *bt, bool detailed)
+{
+ failure_t failure = {
+ .name = data->name,
+ .i = data->i,
+ .bt = bt->clone(bt),
+ };
+
+ snprintf(failure.msg, sizeof(failure.msg),
+ "Leak detected: %d allocations using %zu bytes", count, bytes);
+
+ array_insert(data->failures, -1, &failure);
+}
+
+/**
+ * Leak summary callback, check if any leaks found
+ */
+static void sum_leaks(report_data_t *data, int count, size_t bytes,
+ int whitelisted)
+{
+ data->leaks = count;
+}
+
+/**
+ * Do library cleanup and optionally check for memory leaks
+ */
+static bool post_test(test_runner_init_t init, bool check_leaks,
+ array_t *failures, char *name, int i)
+{
+ report_data_t data = {
+ .failures = failures,
+ .name = name,
+ .i = i,
+ };
- sr = srunner_create(NULL);
- srunner_add_suite(sr, bio_reader_suite_create());
- srunner_add_suite(sr, bio_writer_suite_create());
- srunner_add_suite(sr, chunk_suite_create());
- srunner_add_suite(sr, enum_suite_create());
- srunner_add_suite(sr, enumerator_suite_create());
- srunner_add_suite(sr, linked_list_suite_create());
- srunner_add_suite(sr, linked_list_enumerator_suite_create());
- srunner_add_suite(sr, hashtable_suite_create());
- srunner_add_suite(sr, array_suite_create());
- srunner_add_suite(sr, identification_suite_create());
- srunner_add_suite(sr, threading_suite_create());
- srunner_add_suite(sr, utils_suite_create());
- srunner_add_suite(sr, host_suite_create());
- srunner_add_suite(sr, vectors_suite_create());
- srunner_add_suite(sr, printf_suite_create());
- if (lib->plugins->has_feature(lib->plugins,
- PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_RSA)))
- {
- srunner_add_suite(sr, rsa_suite_create());
- }
- if (lib->plugins->has_feature(lib->plugins,
- PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_ECDSA)))
- {
- srunner_add_suite(sr, ecdsa_suite_create());
- }
-
- srunner_run_all(sr, CK_NORMAL);
- nf = srunner_ntests_failed(sr);
-
- srunner_free(sr);
+ if (init)
+ {
+ init(FALSE);
+ }
+ if (check_leaks && lib->leak_detective)
+ {
+ lib->leak_detective->set_report_cb(lib->leak_detective,
+ (leak_detective_report_cb_t)report_leaks,
+ (leak_detective_summary_cb_t)sum_leaks, &data);
+ }
library_deinit();
- return (nf == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+ return data.leaks != 0;
+}
+
+/**
+ * Collect failure information, add failure_t to array
+ */
+static void collect_failure_info(array_t *failures, char *name, int i)
+{
+ failure_t failure = {
+ .name = name,
+ .i = i,
+ .bt = test_failure_backtrace(),
+ };
+
+ failure.line = test_failure_get(failure.msg, sizeof(failure.msg),
+ &failure.file);
+
+ array_insert(failures, -1, &failure);
+}
+
+/**
+ * Print array of collected failure_t to stderr
+ */
+static void print_failures(array_t *failures)
+{
+ failure_t failure;
+
+ backtrace_init();
+
+ while (array_remove(failures, 0, &failure))
+ {
+ fprintf(stderr, " %sFailure in '%s': %s (",
+ TTY(RED), failure.name, failure.msg);
+ if (failure.line)
+ {
+ fprintf(stderr, "%s:%d, ", failure.file, failure.line);
+ }
+ fprintf(stderr, "i = %d)%s\n", failure.i, TTY(DEF));
+ if (failure.bt)
+ {
+ failure.bt->log(failure.bt, stderr, TRUE);
+ failure.bt->destroy(failure.bt);
+ }
+ }
+
+ backtrace_deinit();
+}
+
+/**
+ * Run a single test case with fixtures
+ */
+static bool run_case(test_case_t *tcase, test_runner_init_t init)
+{
+ enumerator_t *enumerator;
+ test_function_t *tfun;
+ int passed = 0;
+ array_t *failures;
+
+ failures = array_create(sizeof(failure_t), 0);
+
+ fprintf(stderr, " Running case '%s': ", tcase->name);
+ fflush(stderr);
+
+ enumerator = array_create_enumerator(tcase->functions);
+ while (enumerator->enumerate(enumerator, &tfun))
+ {
+ int i, rounds = 0;
+
+ for (i = tfun->start; i < tfun->end; i++)
+ {
+ if (pre_test(init))
+ {
+ bool ok = FALSE, leaks = FALSE;
+
+ test_setup_timeout(tcase->timeout);
+
+ if (call_fixture(tcase, TRUE))
+ {
+ if (run_test(tfun, i))
+ {
+ if (call_fixture(tcase, FALSE))
+ {
+ ok = TRUE;
+ }
+ }
+ else
+ {
+ call_fixture(tcase, FALSE);
+ }
+
+ }
+ leaks = post_test(init, ok, failures, tfun->name, i);
+
+ test_setup_timeout(0);
+
+ if (ok)
+ {
+ if (!leaks)
+ {
+ rounds++;
+ fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF));
+ }
+ }
+ else
+ {
+ collect_failure_info(failures, tfun->name, i);
+ }
+ if (!ok || leaks)
+ {
+ fprintf(stderr, "%s-%s", TTY(RED), TTY(DEF));
+ }
+ }
+ else
+ {
+ fprintf(stderr, "!");
+ }
+ }
+ fflush(stderr);
+ if (rounds == tfun->end - tfun->start)
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ fprintf(stderr, "\n");
+
+ print_failures(failures);
+ array_destroy(failures);
+
+ return passed == array_count(tcase->functions);
+}
+
+/**
+ * Run a single test suite
+ */
+static bool run_suite(test_suite_t *suite, test_runner_init_t init)
+{
+ enumerator_t *enumerator;
+ test_case_t *tcase;
+ int passed = 0;
+
+ fprintf(stderr, " Running suite '%s':\n", suite->name);
+
+ enumerator = array_create_enumerator(suite->tcases);
+ while (enumerator->enumerate(enumerator, &tcase))
+ {
+ if (run_case(tcase, init))
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (passed == array_count(suite->tcases))
+ {
+ fprintf(stderr, " %sPassed all %u '%s' test cases%s\n",
+ TTY(GREEN), array_count(suite->tcases), suite->name, TTY(DEF));
+ return TRUE;
+ }
+ fprintf(stderr, " %sPassed %u/%u '%s' test cases%s\n",
+ TTY(RED), passed, array_count(suite->tcases), suite->name, TTY(DEF));
+ return FALSE;
+}
+
+/**
+ * See header.
+ */
+int test_runner_run(const char *name, test_configuration_t configs[],
+ test_runner_init_t init)
+{
+ array_t *suites;
+ test_suite_t *suite;
+ enumerator_t *enumerator;
+ int passed = 0, result;
+
+ /* redirect all output to stderr (to redirect make's stdout to /dev/null) */
+ dup2(2, 1);
+
+ suites = load_suites(configs, init);
+ if (!suites)
+ {
+ return EXIT_FAILURE;
+ }
+
+ fprintf(stderr, "Running %u '%s' test suites:\n", array_count(suites), name);
+
+ enumerator = array_create_enumerator(suites);
+ while (enumerator->enumerate(enumerator, &suite))
+ {
+ if (run_suite(suite, init))
+ {
+ passed++;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (passed == array_count(suites))
+ {
+ fprintf(stderr, "%sPassed all %u '%s' suites%s\n",
+ TTY(GREEN), array_count(suites), name, TTY(DEF));
+ result = EXIT_SUCCESS;
+ }
+ else
+ {
+ fprintf(stderr, "%sPassed %u of %u '%s' suites%s\n",
+ TTY(RED), passed, array_count(suites), name, TTY(DEF));
+ result = EXIT_FAILURE;
+ }
+
+ unload_suites(suites);
+
+ return result;
}
diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h
index 6315abba7..643b622e5 100644
--- a/src/libstrongswan/tests/test_runner.h
+++ b/src/libstrongswan/tests/test_runner.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,27 +13,65 @@
* for more details.
*/
+/**
+ * @defgroup libtest libtest
+ *
+ * @defgroup test_utils test_utils
+ * @ingroup libtest
+ *
+ * @defgroup test_runner test_runner
+ * @{ @ingroup libtest
+ */
+
#ifndef TEST_RUNNER_H_
#define TEST_RUNNER_H_
-#include <check.h>
-
-Suite *bio_reader_suite_create();
-Suite *bio_writer_suite_create();
-Suite *chunk_suite_create();
-Suite *enum_suite_create();
-Suite *enumerator_suite_create();
-Suite *linked_list_suite_create();
-Suite *linked_list_enumerator_suite_create();
-Suite *hashtable_suite_create();
-Suite *array_suite_create();
-Suite *identification_suite_create();
-Suite *threading_suite_create();
-Suite *utils_suite_create();
-Suite *vectors_suite_create();
-Suite *ecdsa_suite_create();
-Suite *rsa_suite_create();
-Suite *host_suite_create();
-Suite *printf_suite_create();
-
-#endif /** TEST_RUNNER_H_ */
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+typedef struct test_configuration_t test_configuration_t;
+
+/**
+ * Callback called before and after each test case to de-/initialize the
+ * environment (e.g. to load plugins). It is also called before and after the
+ * test suites are loaded.
+ *
+ * It is called after libstrongswan has been initialized and likewise before it
+ * gets deinitialized.
+ *
+ * @param init TRUE during initialization
+ * @return FALSE if de-/init failed
+ */
+typedef bool (*test_runner_init_t)(bool init);
+
+/**
+ * Test configuration, suite constructor with plugin dependency
+ */
+struct test_configuration_t {
+
+ /**
+ * Constructor function to create suite.
+ */
+ test_suite_t *(*suite)();
+
+ /**
+ * Plugin feature this test suite depends on
+ */
+ plugin_feature_t feature;
+};
+
+/**
+ * Run test configuration.
+ *
+ * The configs array must be terminated with a NULL element.
+ *
+ * @param name name of test runner
+ * @param config test suite constructors with dependencies
+ * @param init_cb init/deinit callback
+ * @return test result, EXIT_SUCCESS if all tests passed
+ */
+int test_runner_run(const char *name, test_configuration_t config[],
+ test_runner_init_t init_cb);
+
+#endif /** TEST_RUNNER_H_ @}*/
diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c
new file mode 100644
index 000000000..0f2e74b7c
--- /dev/null
+++ b/src/libstrongswan/tests/test_suite.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <signal.h>
+#include <unistd.h>
+
+#include <pthread.h>
+
+/**
+ * Failure message buf
+ */
+static char failure_buf[512];
+
+/**
+ * Source file failure occurred
+ */
+static const char *failure_file;
+
+/**
+ * Line of source file failure occurred
+ */
+static int failure_line;
+
+/**
+ * Backtrace of failure, if any
+ */
+static backtrace_t *failure_backtrace;
+
+/**
+ * Longjump restore point when failing
+ */
+sigjmp_buf test_restore_point_env;
+
+/**
+ * See header.
+ */
+test_suite_t* test_suite_create(const char *name)
+{
+ test_suite_t *suite;
+
+ INIT(suite,
+ .name = name,
+ .tcases = array_create(0, 0),
+ );
+ return suite;
+}
+
+/**
+ * See header.
+ */
+test_case_t* test_case_create(const char *name)
+{
+ test_case_t *tcase;
+
+ INIT(tcase,
+ .name = name,
+ .functions = array_create(sizeof(test_function_t), 0),
+ .fixtures = array_create(sizeof(test_fixture_t), 0),
+ .timeout = TEST_FUNCTION_DEFAULT_TIMEOUT,
+ );
+ return tcase;
+}
+
+/**
+ * See header.
+ */
+void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup,
+ test_fixture_cb_t teardown)
+{
+ test_fixture_t fixture = {
+ .setup = setup,
+ .teardown = teardown,
+ };
+ array_insert(tcase->fixtures, -1, &fixture);
+}
+
+/**
+ * See header.
+ */
+void test_case_add_test_name(test_case_t *tcase, char *name,
+ test_function_cb_t cb, int start, int end)
+{
+ test_function_t fun = {
+ .name = name,
+ .cb = cb,
+ .start = start,
+ .end = end,
+ };
+ array_insert(tcase->functions, -1, &fun);
+}
+
+/**
+ * See header.
+ */
+void test_case_set_timeout(test_case_t *tcase, int s)
+{
+ tcase->timeout = s;
+}
+
+/**
+ * See header.
+ */
+void test_suite_add_case(test_suite_t *suite, test_case_t *tcase)
+{
+ array_insert(suite->tcases, -1, tcase);
+}
+
+/**
+ * Main thread performing tests
+ */
+static pthread_t main_thread;
+
+/**
+ * Let test case fail
+ */
+static inline void test_failure()
+{
+ if (pthread_self() == main_thread)
+ {
+ siglongjmp(test_restore_point_env, 1);
+ }
+ else
+ {
+ pthread_kill(main_thread, SIGUSR1);
+ /* how can we stop just the thread? longjmp to a restore point? */
+ }
+}
+
+/**
+ * See header.
+ */
+void test_fail_vmsg(const char *file, int line, char *fmt, va_list args)
+{
+ vsnprintf(failure_buf, sizeof(failure_buf), fmt, args);
+ failure_line = line;
+ failure_file = file;
+
+ test_failure();
+}
+
+/**
+ * See header.
+ */
+void test_fail_msg(const char *file, int line, char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vsnprintf(failure_buf, sizeof(failure_buf), fmt, args);
+ failure_line = line;
+ failure_file = file;
+ va_end(args);
+
+ test_failure();
+}
+
+/**
+ * Signal handler catching critical and alarm signals
+ */
+static void test_sighandler(int signal)
+{
+ char *signame;
+ bool old = FALSE;
+
+ switch (signal)
+ {
+ case SIGUSR1:
+ /* a different thread failed, abort test */
+ return test_failure();
+ case SIGSEGV:
+ signame = "SIGSEGV";
+ break;
+ case SIGILL:
+ signame = "SIGILL";
+ break;
+ case SIGBUS:
+ signame = "SIGBUS";
+ break;
+ case SIGALRM:
+ signame = "timeout";
+ break;
+ default:
+ signame = "SIG";
+ break;
+ }
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+ failure_backtrace = backtrace_create(3);
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+ test_fail_msg(NULL, 0, "%s(%d)", signame, signal);
+ /* unable to restore a valid context for that thread, terminate */
+ fprintf(stderr, "\n%s(%d) outside of main thread:\n", signame, signal);
+ failure_backtrace->log(failure_backtrace, stderr, TRUE);
+ fprintf(stderr, "terminating...\n");
+ abort();
+}
+
+/**
+ * See header.
+ */
+void test_setup_handler()
+{
+ struct sigaction action = {
+ .sa_handler = test_sighandler,
+ };
+
+ main_thread = pthread_self();
+
+ /* signal handler inherited by all threads */
+ sigaction(SIGSEGV, &action, NULL);
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ /* ignore ALRM/USR1, these are catched by main thread only */
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGALRM, &action, NULL);
+ sigaction(SIGUSR1, &action, NULL);
+}
+
+/**
+ * See header.
+ */
+void test_setup_timeout(int s)
+{
+ struct sigaction action = {
+ .sa_handler = test_sighandler,
+ };
+
+ /* This called by main thread only. Setup handler for timeout and
+ * failure cross-thread signaling. */
+ sigaction(SIGALRM, &action, NULL);
+ sigaction(SIGUSR1, &action, NULL);
+
+ alarm(s);
+}
+
+/**
+ * See header.
+ */
+int test_failure_get(char *msg, int len, const char **file)
+{
+ strncpy(msg, failure_buf, len - 1);
+ msg[len - 1] = 0;
+ *file = failure_file;
+ return failure_line;
+}
+
+/**
+ * See header.
+ */
+backtrace_t *test_failure_backtrace()
+{
+ backtrace_t *bt;
+
+ bt = failure_backtrace;
+ failure_backtrace = NULL;
+
+ return bt;
+}
diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h
index 2a2861323..c44f149f5 100644
--- a/src/libstrongswan/tests/test_suite.h
+++ b/src/libstrongswan/tests/test_suite.h
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,98 +15,318 @@
* for more details.
*/
-#ifndef TEST_UTILS_H_
-#define TEST_UTILS_H_
+/**
+ * @defgroup test_suite test_suite
+ * @{ @ingroup libtest
+ */
+
+#ifndef TEST_SUITE_H_
+#define TEST_SUITE_H_
+
+#define _GNU_SOURCE
+#include <setjmp.h>
-#include <check.h>
#include <library.h>
#include <utils/debug.h>
+#include <utils/backtrace.h>
+#include <collections/array.h>
+
+typedef struct test_suite_t test_suite_t;
+typedef struct test_case_t test_case_t;
+typedef struct test_function_t test_function_t;
+typedef struct test_fixture_t test_fixture_t;
/**
- * Used to mark test cases that use test fixtures.
+ * Default timeout for a single test function
*/
-#define UNIT_TEST_FIXTURE_USED "UNIT_TEST_FIXTURE_USED"
+#define TEST_FUNCTION_DEFAULT_TIMEOUT 2
/**
- * Check for memory leaks and fail if any are encountered.
+ * Test function implementation
*/
-#define CHECK_FOR_LEAKS() do \
-{ \
- if (lib->leak_detective) \
- { \
- if (lib->leak_detective->leaks(lib->leak_detective)) { \
- lib->leak_detective->report(lib->leak_detective, TRUE); \
- } \
- ck_assert_int_eq(lib->leak_detective->leaks(lib->leak_detective), 0); \
- } \
-} \
-while(0)
+typedef void (*test_function_cb_t)(int);
+
+/**
+ * Fixture for a test case.
+ */
+typedef void (*test_fixture_cb_t)(void);
+
+/**
+ * A test suite; a collection of test cases with fixtures
+ */
+struct test_suite_t {
+ /** name of the test suite */
+ const char *name;
+ /** test cases registered, as test_case_t* */
+ array_t *tcases;
+};
/**
- * Extended versions of the START|END_TEST macros that use leak detective.
+ * A test case; multiple test functions using the same fixtures
+ */
+struct test_case_t {
+ /** name of the test case */
+ const char *name;
+ /** tests registered, as test_function_t */
+ array_t *functions;
+ /** fixture for tests, as test_fixture_t */
+ array_t *fixtures;
+ /** timeout for each function, in s */
+ int timeout;
+};
+
+/**
+ * A test function, with optional loop setup
+ */
+struct test_function_t {
+ /** name of test function */
+ char *name;
+ /** tests function registered, test_function_t* */
+ test_function_cb_t cb;
+ /** start for loop test */
+ int start;
+ /** end for loop test */
+ int end;
+};
+
+/**
+ * Registered fixture for a test case
+ */
+struct test_fixture_t {
+ test_fixture_cb_t setup;
+ test_fixture_cb_t teardown;
+};
+
+/**
+ * Create a new test suite
*
- * Since each test case runs in its own fork of the test runner the stuff
- * allocated before the test starts is not freed, so leak detective is disabled
- * by default to prevent false positives. By enabling it right when the test
- * starts we at least capture leaks created by the tested objects/functions and
- * the test case itself. This allows writing test cases for cleanup functions.
+ * @param name name of the test suite
+ * @return test suite
+ */
+test_suite_t* test_suite_create(const char *name);
+
+/**
+ * Create a new test case
*
- * To define test fixture with possibly allocated/destroyed memory that is
- * allocated/freed in a test case use the START|END_SETUP|TEARDOWN macros.
+ * @param name name of test case
+ * @return test case
*/
-#undef START_TEST
-#define START_TEST(name) \
-static void name (int _i CK_ATTRIBUTE_UNUSED) \
-{ \
- tcase_fn_start(""#name, __FILE__, __LINE__); \
- dbg_default_set_level(LEVEL_SILENT); \
- if (lib->leak_detective) \
- { \
- lib->leak_detective->set_state(lib->leak_detective, TRUE); \
- }
+test_case_t* test_case_create(const char *name);
-#undef END_TEST
-#define END_TEST \
- if (!lib->get(lib, UNIT_TEST_FIXTURE_USED)) \
- { \
- CHECK_FOR_LEAKS(); \
- } \
-}
+/**
+ * Add a setup/teardown function to the test case
+ *
+ * @param tcase test case to add a fixture to
+ * @param setup setup function called before each test
+ * @param teardown cleanup function called after each test
+ */
+void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup,
+ test_fixture_cb_t teardown);
+
+/**
+ * Add a test function to a test case, with a name, looped several times
+ *
+ * @param name name of the test case
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ * @param start start of loop counter
+ * @param end end of loop counter
+ */
+void test_case_add_test_name(test_case_t *tcase, char *name,
+ test_function_cb_t cb, int start, int end);
+
+/**
+ * Add a test function to a test case
+ *
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ */
+#define test_case_add_test(tcase, cb) \
+ test_case_add_test_name(tcase, #cb, cb, 0, 1)
+
+/**
+ * Add a test function to a test case, looped several times
+ *
+ * @param tcase test case to add test function to
+ * @param cb callback function to invoke for test
+ * @param start start of loop counter
+ * @param end end of loop counter
+ */
+#define test_case_add_loop_test(tcase, cb, start, end) \
+ test_case_add_test_name(tcase, #cb, cb, start, end)
+
+/**
+ * Set a custom timeout for test functions in a test case
+ *
+ * @param tcase test case to set timeout for
+ * @param s test timeout in s
+ */
+void test_case_set_timeout(test_case_t *tcase, int s);
+
+/**
+ * Add a test function to a test case, looped several times
+ *
+ * @param suite test suite to add test case to
+ * @param tcase test case to add
+ */
+void test_suite_add_case(test_suite_t *suite, test_case_t *tcase);
/**
- * Define a function to setup a test fixture that can be used with the above
- * macros.
+ * sigjmp restore point used by test_restore_point
+ */
+extern sigjmp_buf test_restore_point_env;
+
+/**
+ * Set or return from an execution restore point
+ *
+ * This call sets a restore execution point and returns TRUE after it has
+ * been set up. On test failure, the execution is returned to the restore point
+ * and FALSE is returned to indicate test failure.
+ *
+ * @return TRUE if restore point set, FALSE when restored
*/
-#define START_SETUP(name) \
-static void name() \
-{ \
- lib->set(lib, UNIT_TEST_FIXTURE_USED, (void*)TRUE); \
- if (lib->leak_detective) \
+#define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0)
+
+/**
+ * Set up signal handlers for test cases
+ */
+void test_setup_handler();
+
+/**
+ * Set up a timeout to let a test fail
+ *
+ * @param s timeout, 0 to disable timeout
+ */
+void test_setup_timeout(int s);
+
+/**
+ * Get info about a test failure
+ *
+ * @param msg buffer receiving failure info
+ * @param len size of msg buffer
+ * @param file pointer receiving source code file
+ * @return source code line number
+ */
+int test_failure_get(char *msg, int len, const char **file);
+
+/**
+ * Get a backtrace for a failure.
+ *
+ * @return allocated backtrace of test failure, if any
+ */
+backtrace_t *test_failure_backtrace();
+
+/**
+ * Let a test fail and set a message using vprintf style arguments.
+ *
+ * @param file source code file name
+ * @param line source code line number
+ * @param fmt printf format string
+ * @param args argument list for fmt
+ */
+void test_fail_vmsg(const char *file, int line, char *fmt, va_list args);
+
+/**
+ * Let a test fail and set a message using printf style arguments.
+ *
+ * @param file source code file name
+ * @param line source code line number
+ * @param fmt printf format string
+ * @param ... arguments for fmt
+ */
+void test_fail_msg(const char *file, int line, char *fmt, ...);
+
+/**
+ * Check if two integers equal, fail test if not
+ *
+ * @param a first integer
+ * @param b second integer
+ */
+#define test_int_eq(a, b) \
+({ \
+ typeof(a) _a = a; \
+ typeof(b) _b = b; \
+ if (_a != _b) \
{ \
- lib->leak_detective->set_state(lib->leak_detective, TRUE); \
- }
+ test_fail_msg(__FILE__, __LINE__, #a " != " #b " (%d != %d)", _a, _b); \
+ } \
+})
/**
- * End a setup function
+ * Check if two strings equal, fail test if not
+ *
+ * @param a first string
+ * @param b second string
*/
-#define END_SETUP }
+#define test_str_eq(a, b) \
+({ \
+ char* _a = (char*)a; \
+ char* _b = (char*)b; \
+ if (!_a || !_b || !streq(_a, _b)) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, \
+ #a " != " #b " (\"%s\" != \"%s\")", _a, _b); \
+ } \
+})
/**
- * Define a function to teardown a test fixture that can be used with the above
- * macros.
+ * Check if a statement evaluates to TRUE, fail test if not
+ *
+ * @param x statement to evaluate
*/
-#define START_TEARDOWN(name) \
-static void name() \
-{
+#define test_assert(x) \
+({ \
+ if (!(x)) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, #x); \
+ } \
+})
/**
- * End a teardown function
+ * Check if a statement evaluates to TRUE, fail and print a message if not
+ *
+ * @param x statement to evaluate
+ * @param fmt message format string
+ * @param ... fmt printf arguments
*/
-#define END_TEARDOWN \
- if (lib->get(lib, UNIT_TEST_FIXTURE_USED)) \
+#define test_assert_msg(x, fmt, ...) \
+({ \
+ if (!(x)) \
{ \
- CHECK_FOR_LEAKS(); \
+ test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \
} \
-}
+})
+
+
+
+/* "check unit testing" compatibility */
+#define Suite test_suite_t
+#define TCase test_case_t
+#define ck_assert_int_eq test_int_eq
+#define ck_assert test_assert
+#define ck_assert_msg test_assert_msg
+#define ck_assert_str_eq test_str_eq
+#define fail(fmt, ...) test_fail_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__)
+#define fail_if(x, fmt, ...) \
+({ \
+ if (x) \
+ { \
+ test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \
+ } \
+})
+#define fail_unless test_assert_msg
+#define suite_create test_suite_create
+#define tcase_create test_case_create
+#define tcase_add_checked_fixture test_case_add_checked_fixture
+#define tcase_add_test test_case_add_test
+#define tcase_add_loop_test test_case_add_loop_test
+#define tcase_set_timeout test_case_set_timeout
+#define suite_add_tcase test_suite_add_case
+#define START_TEST(name) static void name (int _i) {
+#define END_TEST }
+#define START_SETUP(name) static void name() {
+#define END_SETUP }
+#define START_TEARDOWN(name) static void name() {
+#define END_TEARDOWN }
-#endif /** TEST_UTILS_H_ */
+#endif /** TEST_SUITE_H_ @}*/
diff --git a/src/libstrongswan/tests/test_threading.c b/src/libstrongswan/tests/test_threading.c
deleted file mode 100644
index 0c768b3e2..000000000
--- a/src/libstrongswan/tests/test_threading.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 2013 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sched.h>
-#include <pthread.h>
-
-#include "test_suite.h"
-
-#include <threading/mutex.h>
-
-/*******************************************************************************
- * recursive mutex test
- */
-
-#define THREADS 20
-
-static mutex_t *mutex;
-
-static pthread_barrier_t mutex_barrier;
-
-static int mutex_locked = 0;
-
-static void *mutex_run(void *data)
-{
- int i;
-
- /* wait for all threads before getting in action */
- pthread_barrier_wait(&mutex_barrier);
-
- for (i = 0; i < 100; i++)
- {
- mutex->lock(mutex);
- mutex->lock(mutex);
- mutex->lock(mutex);
- mutex_locked++;
- sched_yield();
- if (mutex_locked > 1)
- {
- fail("two threads locked the mutex concurrently");
- }
- mutex_locked--;
- mutex->unlock(mutex);
- mutex->unlock(mutex);
- mutex->unlock(mutex);
- }
- return NULL;
-}
-
-START_TEST(test_mutex)
-{
- pthread_t threads[THREADS];
- int i;
-
- mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
-
- for (i = 0; i < 10; i++)
- {
- mutex->lock(mutex);
- mutex->unlock(mutex);
- }
- for (i = 0; i < 10; i++)
- {
- mutex->lock(mutex);
- }
- for (i = 0; i < 10; i++)
- {
- mutex->unlock(mutex);
- }
-
- pthread_barrier_init(&mutex_barrier, NULL, THREADS);
- for (i = 0; i < THREADS; i++)
- {
- pthread_create(&threads[i], NULL, mutex_run, NULL);
- }
- for (i = 0; i < THREADS; i++)
- {
- pthread_join(threads[i], NULL);
- }
- pthread_barrier_destroy(&mutex_barrier);
-
- mutex->destroy(mutex);
-}
-END_TEST
-
-Suite *threading_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("threading");
-
- tc = tcase_create("recursive mutex");
- tcase_add_test(tc, test_mutex);
- suite_add_tcase(s, tc);
-
- return s;
-}
diff --git a/src/libstrongswan/tests/tests.c b/src/libstrongswan/tests/tests.c
new file mode 100644
index 000000000..9f2adfd15
--- /dev/null
+++ b/src/libstrongswan/tests/tests.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, args) \
+ { .suite = x, .feature = PLUGIN_DEPENDS(type, args) },
+#include "tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (init)
+ {
+ plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+ if (!lib->plugins->load(lib->plugins, PLUGINS))
+ {
+ return FALSE;
+ }
+ }
+ else
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ lib->plugins->unload(lib->plugins);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("libstrongswan", tests, test_runner_init);
+}
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
new file mode 100644
index 000000000..82a5137c1
--- /dev/null
+++ b/src/libstrongswan/tests/tests.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(bio_reader_suite_create)
+TEST_SUITE(bio_writer_suite_create)
+TEST_SUITE(chunk_suite_create)
+TEST_SUITE(enum_suite_create)
+TEST_SUITE(enumerator_suite_create)
+TEST_SUITE(linked_list_suite_create)
+TEST_SUITE(linked_list_enumerator_suite_create)
+TEST_SUITE(hashtable_suite_create)
+TEST_SUITE(array_suite_create)
+TEST_SUITE(identification_suite_create)
+TEST_SUITE(threading_suite_create)
+TEST_SUITE(watcher_suite_create)
+TEST_SUITE(stream_suite_create)
+TEST_SUITE(utils_suite_create)
+TEST_SUITE(settings_suite_create)
+TEST_SUITE(vectors_suite_create)
+TEST_SUITE_DEPEND(ecdsa_suite_create, PRIVKEY_GEN, KEY_ECDSA)
+TEST_SUITE_DEPEND(rsa_suite_create, PRIVKEY_GEN, KEY_RSA)
+TEST_SUITE(host_suite_create)
+TEST_SUITE(printf_suite_create)
+TEST_SUITE(hasher_suite_create)
+TEST_SUITE(crypter_suite_create)
+TEST_SUITE(pen_suite_create)
+TEST_SUITE(asn1_suite_create)
+TEST_SUITE(asn1_parser_suite_create)
+TEST_SUITE(test_rng_suite_create)
+TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
+TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c
new file mode 100644
index 000000000..01569509b
--- /dev/null
+++ b/src/libstrongswan/tests/utils/test_rng.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_rng.h"
+
+typedef struct private_rng_t private_rng_t;
+
+/**
+ * Private data.
+ */
+struct private_rng_t {
+
+ /**
+ * Public interface.
+ */
+ rng_t public;
+
+ /**
+ * Entropy string.
+ */
+ chunk_t entropy;
+};
+
+METHOD(rng_t, get_bytes, bool,
+ private_rng_t *this, size_t bytes, u_int8_t *buffer)
+{
+ if (bytes > this->entropy.len)
+ {
+ return FALSE;
+ }
+ memcpy(buffer, this->entropy.ptr, bytes);
+ this->entropy = chunk_skip(this->entropy, bytes);
+ return TRUE;
+}
+
+METHOD(rng_t, allocate_bytes, bool,
+ private_rng_t *this, size_t bytes, chunk_t *chunk)
+{
+ if (bytes > this->entropy.len)
+ {
+ *chunk = chunk_empty;
+ return FALSE;
+ }
+
+ *chunk = chunk_alloc(bytes);
+ memcpy(chunk->ptr, this->entropy.ptr, bytes);
+ this->entropy = chunk_skip(this->entropy, bytes);
+ return TRUE;
+}
+
+METHOD(rng_t, destroy, void,
+ private_rng_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+rng_t *test_rng_create(chunk_t entropy)
+{
+ private_rng_t *this;
+
+ INIT(this,
+ .public = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ .entropy = entropy,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/tests/utils/test_rng.h b/src/libstrongswan/tests/utils/test_rng.h
new file mode 100644
index 000000000..e588f3be7
--- /dev/null
+++ b/src/libstrongswan/tests/utils/test_rng.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * rng_t providing NIST SP 800-90A entropy test vectors
+ *
+ * @defgroup test_rng test_rng
+ * @{ @ingroup test_utils
+ */
+
+#ifndef TEST_RNG_H_
+#define TEST_RNG_H_
+
+#include <library.h>
+
+/**
+ * Creates a test_rng_t instance.
+ *
+ * @param entropy entropy test vector
+ * @return created test_rng_t
+ */
+rng_t *test_rng_create(chunk_t entropy);
+
+#endif /** TEST_RNG_H_ @} */
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 31b9e1b3a..8d3c30e9b 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -71,7 +71,6 @@ typedef void *(*thread_main_t)(void *arg);
*/
typedef void (*thread_cleanup_t)(void *arg);
-
/**
* Thread wrapper implements simple, portable and advanced thread functions.
*
@@ -110,10 +109,8 @@ struct thread_t {
* a call to exit.
*/
void *(*join)(thread_t *this);
-
};
-
/**
* Create a new thread instance.
*
@@ -168,6 +165,10 @@ bool thread_cancelability(bool enable);
/**
* Force creation of a cancellation point in the calling thread.
+ *
+ * This temporarily enables thread cancelability, tests for a pending
+ * cancellation request and then disables cancelability again if it was
+ * disabled before the call to thread_cancellation_point().
*/
void thread_cancellation_point();
@@ -188,6 +189,4 @@ void threads_init();
*/
void threads_deinit();
-
#endif /** THREADING_THREAD_H_ @} */
-
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index fb2c4d1e8..f1584620b 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -314,7 +314,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base)
bool old = FALSE;
bfd_mutex->lock(bfd_mutex);
- if (lib->leak_detective)
+ if (lib && lib->leak_detective)
{
old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
}
@@ -324,7 +324,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base)
data.entry = entry;
bfd_map_over_sections(entry->abfd, (void*)find_addr, &data);
}
- if (lib->leak_detective)
+ if (lib && lib->leak_detective)
{
lib->leak_detective->set_state(lib->leak_detective, old);
}
diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h
index 416f58898..16e84c4d9 100644
--- a/src/libstrongswan/utils/backtrace.h
+++ b/src/libstrongswan/utils/backtrace.h
@@ -21,12 +21,12 @@
#ifndef BACKTRACE_H_
#define BACKTRACE_H_
+typedef struct backtrace_t backtrace_t;
+
#include <stdio.h>
#include <library.h>
-typedef struct backtrace_t backtrace_t;
-
/**
* A backtrace registers the frames on the stack during creation.
*/
diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h
index fe11a4dfc..20c18554b 100644
--- a/src/libstrongswan/utils/capabilities.h
+++ b/src/libstrongswan/utils/capabilities.h
@@ -44,6 +44,9 @@ typedef struct capabilities_t capabilities_t;
#ifndef CAP_NET_RAW
# define CAP_NET_RAW 13
#endif
+#ifndef CAP_DAC_OVERRIDE
+# define CAP_DAC_OVERRIDE 1
+#endif
/**
* POSIX capability dropping abstraction layer.
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index 644b8060f..47181719a 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -18,6 +18,9 @@
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_MMAP
+# include <sys/mman.h>
+#endif
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
@@ -25,7 +28,6 @@
#include <ctype.h>
#include "chunk.h"
-#include "debug.h"
/**
* Empty chunk.
@@ -206,15 +208,16 @@ void chunk_split(chunk_t chunk, const char *mode, ...)
/**
* Described in header.
*/
-bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force)
+bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
{
mode_t oldmask;
FILE *fd;
bool good = FALSE;
+ int tmp = 0;
if (!force && access(path, F_OK) == 0)
{
- DBG1(DBG_LIB, " %s file '%s' already exists", label, path);
+ errno = EEXIST;
return FALSE;
}
oldmask = umask(mask);
@@ -223,58 +226,206 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
{
if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
{
- DBG1(DBG_LIB, " written %s file '%s' (%d bytes)",
- label, path, chunk.len);
good = TRUE;
}
else
{
- DBG1(DBG_LIB, " writing %s file '%s' failed: %s",
- label, path, strerror(errno));
+ tmp = errno;
}
fclose(fd);
}
else
{
- DBG1(DBG_LIB, " could not open %s file '%s': %s", label, path,
- strerror(errno));
+ tmp = errno;
}
umask(oldmask);
+ errno = tmp;
return good;
}
/**
* Described in header.
*/
-chunk_t chunk_from_fd(int fd)
+bool chunk_from_fd(int fd, chunk_t *out)
{
- char buf[8096];
- char *pos = buf;
- ssize_t len, total = 0;
+ struct stat sb;
+ char *buf, *tmp;
+ ssize_t len, total = 0, bufsize;
+
+ if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode))
+ {
+ bufsize = sb.st_size;
+ }
+ else
+ {
+ bufsize = 256;
+ }
+ buf = malloc(bufsize);
+ if (!buf)
+ { /* for huge files */
+ return FALSE;
+ }
while (TRUE)
{
- len = read(fd, pos, buf + sizeof(buf) - pos);
+ len = read(fd, buf + total, bufsize - total);
if (len < 0)
{
- DBG1(DBG_LIB, "reading from file descriptor failed: %s",
- strerror(errno));
- return chunk_empty;
+ free(buf);
+ return FALSE;
}
if (len == 0)
{
break;
}
total += len;
- if (total == sizeof(buf))
+ if (total == bufsize)
+ {
+ bufsize *= 2;
+ tmp = realloc(buf, bufsize);
+ if (!tmp)
+ {
+ free(buf);
+ return FALSE;
+ }
+ buf = tmp;
+ }
+ }
+ if (total == 0)
+ {
+ free(buf);
+ buf = NULL;
+ }
+ else if (total < bufsize)
+ {
+ buf = realloc(buf, total);
+ }
+ *out = chunk_create(buf, total);
+ return TRUE;
+}
+
+/**
+ * Implementation for mmap()ed chunks
+ */
+typedef struct {
+ /* public chunk interface */
+ chunk_t public;
+ /* FD of open file */
+ int fd;
+ /* mmap() address */
+ void *map;
+ /* size of map */
+ size_t len;
+ /* do we write? */
+ bool wr;
+} mmaped_chunk_t;
+
+/**
+ * See header.
+ */
+chunk_t *chunk_map(char *path, bool wr)
+{
+ mmaped_chunk_t *chunk;
+ struct stat sb;
+ int tmp;
+
+ INIT(chunk,
+ .fd = open(path, wr ? O_RDWR : O_RDONLY),
+ .wr = wr,
+ );
+
+ if (chunk->fd == -1)
+ {
+ free(chunk);
+ return NULL;
+ }
+ if (fstat(chunk->fd, &sb) == -1)
+ {
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
+ }
+#ifdef HAVE_MMAP
+ chunk->len = sb.st_size;
+ /* map non-empty files only, as mmap() complains otherwise */
+ if (chunk->len)
+ {
+ /* in read-only mode, we allow writes, but don't sync to disk */
+ chunk->map = mmap(NULL, chunk->len, PROT_READ | PROT_WRITE,
+ wr ? MAP_SHARED : MAP_PRIVATE, chunk->fd, 0);
+ if (chunk->map == MAP_FAILED)
{
- DBG1(DBG_LIB, "buffer too small to read from file descriptor");
- return chunk_empty;
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
}
}
- return chunk_clone(chunk_create(buf, total));
+ chunk->public = chunk_create(chunk->map, chunk->len);
+#else /* !HAVE_MMAP */
+ if (!chunk_from_fd(chunk->fd, &chunk->public))
+ {
+ tmp = errno;
+ chunk_unmap(&chunk->public);
+ errno = tmp;
+ return NULL;
+ }
+ chunk->map = chunk->public.ptr;
+ chunk->len = chunk->public.len;
+#endif /* !HAVE_MMAP */
+ return &chunk->public;
}
+/**
+ * See header.
+ */
+bool chunk_unmap(chunk_t *public)
+{
+ mmaped_chunk_t *chunk;
+ bool ret = FALSE;
+ int tmp = 0;
+
+ chunk = (mmaped_chunk_t*)public;
+#ifdef HAVE_MMAP
+ if (chunk->map && chunk->map != MAP_FAILED)
+ {
+ ret = munmap(chunk->map, chunk->len) == 0;
+ tmp = errno;
+ }
+#else /* !HAVE_MMAP */
+ if (chunk->wr)
+ {
+ if (lseek(chunk->fd, 0, SEEK_SET) != -1)
+ {
+ int len, total = 0;
+
+ ret = TRUE;
+ while (total < chunk->len)
+ {
+ len = write(chunk->fd, chunk->map + total, chunk->len - total);
+ if (len <= 0)
+ {
+ ret = FALSE;
+ break;
+ }
+ total += len;
+ }
+ }
+ tmp = errno;
+ }
+ else
+ {
+ ret = TRUE;
+ }
+ free(chunk->map);
+#endif /* !HAVE_MMAP */
+ close(chunk->fd);
+ free(chunk);
+ errno = tmp;
+
+ return ret;
+}
/** hex conversion digits */
static char hexdig_upper[] = "0123456789ABCDEF";
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index d3751da70..33f66caec 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -90,22 +90,52 @@ void chunk_split(chunk_t chunk, const char *mode, ...);
/**
* Write the binary contents of a chunk_t to a file
*
+ * If the write fails, errno is set appropriately.
+ *
* @param chunk contents to write to file
* @param path path where file is written to
- * @param label label specifying file type
* @param mask file mode creation mask
* @param force overwrite existing file by force
* @return TRUE if write operation was successful
*/
-bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force);
+bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
/**
* Store data read from FD into a chunk
*
+ * On error, errno is set appropriately.
+ *
* @param fd file descriptor to read from
- * @return chunk or chunk_empty on failure
+ * @param chunk chunk receiving allocated buffer
+ * @return TRUE if successful, FALSE on failure
+ */
+bool chunk_from_fd(int fd, chunk_t *chunk);
+
+/**
+ * mmap() a file to a chunk
+ *
+ * The returned chunk structure is allocated from heap, but it must be freed
+ * through chunk_unmap(). A user may alter the chunk ptr or len, but must pass
+ * the chunk pointer returned from chunk_map() to chunk_unmap() after use.
+ *
+ * On error, errno is set appropriately.
+ *
+ * @param path path of file to map
+ * @param wr TRUE to sync writes to disk
+ * @return mapped chunk, NULL on error
+ */
+chunk_t *chunk_map(char *path, bool wr);
+
+/**
+ * munmap() a chunk previously mapped with chunk_map()
+ *
+ * When unmapping a writeable map, the return value should be checked to
+ * ensure changes landed on disk.
+ *
+ * @param chunk pointer returned from chunk_map()
+ * @return TRUE of changes written back to file
*/
-chunk_t chunk_from_fd(int fd);
+bool chunk_unmap(chunk_t *chunk);
/**
* Convert a chunk of data to hex encoding.
@@ -191,17 +221,17 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Initialize a chunk using a char array
*/
-#define chunk_from_chars(...) ((chunk_t){(char[]){__VA_ARGS__}, sizeof((char[]){__VA_ARGS__})})
+#define chunk_from_chars(...) ((chunk_t){(u_char[]){__VA_ARGS__}, sizeof((u_char[]){__VA_ARGS__})})
/**
* Initialize a chunk to point to a thing
*/
-#define chunk_from_thing(thing) chunk_create((char*)&(thing), sizeof(thing))
+#define chunk_from_thing(thing) chunk_create((u_char*)&(thing), sizeof(thing))
/**
* Initialize a chunk from a string, not containing 0-terminator
*/
-#define chunk_from_str(str) ({char *x = (str); chunk_create(x, strlen(x));})
+#define chunk_from_str(str) ({char *x = (str); chunk_create((u_char*)x, strlen(x));})
/**
* Allocate a chunk on the heap
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 9c43ad570..e7eb63bc6 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -332,8 +332,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len)
buf += written;
len -= written;
+ written = 0;
chunk_printable(data, &printable, '?');
- written = snprintf(buf, len, "%.*s", (int)printable.len, printable.ptr);
+ if (printable.ptr)
+ {
+ written = snprintf(buf, len, "%.*s", (int)printable.len,
+ printable.ptr);
+ }
chunk_free(&printable);
if (written < 0 || written >= len)
{
diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c
index d59a76232..b66df02e7 100644
--- a/src/libstrongswan/utils/integrity_checker.c
+++ b/src/libstrongswan/utils/integrity_checker.c
@@ -22,7 +22,6 @@
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
-#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -61,40 +60,17 @@ METHOD(integrity_checker_t, build_file, u_int32_t,
private_integrity_checker_t *this, char *file, size_t *len)
{
u_int32_t checksum;
- chunk_t contents;
- struct stat sb;
- void *addr;
- int fd;
+ chunk_t *contents;
- fd = open(file, O_RDONLY);
- if (fd == -1)
+ contents = chunk_map(file, FALSE);
+ if (!contents)
{
DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno));
return 0;
}
-
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file,
- strerror(errno));
- close(fd);
- return 0;
- }
-
- addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno));
- close(fd);
- return 0;
- }
-
- *len = sb.st_size;
- contents = chunk_create(addr, sb.st_size);
- checksum = chunk_hash_static(contents);
-
- munmap(addr, sb.st_size);
- close(fd);
+ *len = contents->len;
+ checksum = chunk_hash_static(*contents);
+ chunk_unmap(contents);
return checksum;
}
@@ -318,4 +294,3 @@ integrity_checker_t *integrity_checker_create(char *checksum_library)
}
return &this->public;
}
-
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 725e04f7c..82eadcb97 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -59,6 +59,21 @@ struct private_leak_detective_t {
* public functions
*/
leak_detective_t public;
+
+ /**
+ * Registered report() function
+ */
+ leak_detective_report_cb_t report_cb;
+
+ /**
+ * Registered report() summary function
+ */
+ leak_detective_summary_cb_t report_scb;
+
+ /**
+ * Registered user data for callbacks
+ */
+ void *report_data;
};
/**
@@ -318,9 +333,16 @@ HOOK(size_t, size, const void *ptr)
*/
static bool register_hooks()
{
+ static bool once = FALSE;
malloc_zone_t *zone;
void *page;
+ if (once)
+ {
+ return TRUE;
+ }
+ once = TRUE;
+
zone = malloc_default_zone();
if (zone->version != MALLOC_ZONE_VERSION)
{
@@ -461,7 +483,7 @@ static void* real_realloc(void *ptr, size_t size)
static bool register_hooks()
{
void *buf = real_malloc(8);
- real_realloc(buf, 16);
+ buf = real_realloc(buf, 16);
real_free(buf);
return TRUE;
}
@@ -477,7 +499,7 @@ static bool register_hooks()
char *whitelist[] = {
/* backtraces, including own */
"backtrace_create",
- "safe_strerror",
+ "strerror_safe",
/* pthread stuff */
"pthread_create",
"pthread_setspecific",
@@ -565,7 +587,12 @@ char *whitelist[] = {
*/
static void init_static_allocations()
{
+ struct tm tm;
+ time_t t = 0;
+
tzset();
+ gmtime_r(&t, &tm);
+ localtime_r(&t, &tm);
}
/**
@@ -599,7 +626,8 @@ static bool equals(backtrace_t *a, backtrace_t *b)
* Summarize and print backtraces
*/
static int print_traces(private_leak_detective_t *this,
- FILE *out, int thresh, int thresh_count,
+ leak_detective_report_cb_t cb, void *user,
+ int thresh, int thresh_count,
bool detailed, int *whitelisted, size_t *sum)
{
int leaks = 0;
@@ -652,16 +680,20 @@ static int print_traces(private_leak_detective_t *this,
leaks++;
}
lock->unlock(lock);
+
enumerator = entries->create_enumerator(entries);
while (enumerator->enumerate(enumerator, NULL, &entry))
{
- if (out &&
- (!thresh || entry->bytes >= thresh) &&
- (!thresh_count || entry->count >= thresh_count))
+ if (cb)
{
- fprintf(out, "%d bytes total, %d allocations, %d bytes average:\n",
- entry->bytes, entry->count, entry->bytes / entry->count);
- entry->backtrace->log(entry->backtrace, out, detailed);
+ if (!thresh || entry->bytes >= thresh)
+ {
+ if (!thresh_count || entry->count >= thresh_count)
+ {
+ this->report_cb(this->report_data, entry->count,
+ entry->bytes, entry->backtrace, detailed);
+ }
+ }
}
entry->backtrace->destroy(entry->backtrace);
free(entry);
@@ -681,38 +713,30 @@ METHOD(leak_detective_t, report, void,
int leaks, whitelisted = 0;
size_t sum = 0;
- leaks = print_traces(this, stderr, 0, 0, detailed, &whitelisted, &sum);
- switch (leaks)
+ leaks = print_traces(this, this->report_cb, this->report_data,
+ 0, 0, detailed, &whitelisted, &sum);
+ if (this->report_scb)
{
- case 0:
- fprintf(stderr, "No leaks detected");
- break;
- case 1:
- fprintf(stderr, "One leak detected");
- break;
- default:
- fprintf(stderr, "%d leaks detected, %zu bytes", leaks, sum);
- break;
+ this->report_scb(this->report_data, leaks, sum, whitelisted);
}
- fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
- }
- else
- {
- fprintf(stderr, "Leak detective disabled\n");
}
}
+METHOD(leak_detective_t, set_report_cb, void,
+ private_leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user)
+{
+ this->report_cb = cb;
+ this->report_scb = scb;
+ this->report_data = user;
+}
+
METHOD(leak_detective_t, leaks, int,
private_leak_detective_t *this)
{
- if (lib->leak_detective)
- {
- int leaks, whitelisted = 0;
+ int whitelisted = 0;
- leaks = print_traces(this, NULL, 0, 0, FALSE, &whitelisted, NULL);
- return leaks;
- }
- return 0;
+ return print_traces(this, NULL, NULL, 0, 0, FALSE, &whitelisted, NULL);
}
METHOD(leak_detective_t, set_state, bool,
@@ -722,22 +746,26 @@ METHOD(leak_detective_t, set_state, bool,
}
METHOD(leak_detective_t, usage, void,
- private_leak_detective_t *this, FILE *out)
+ private_leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user)
{
bool detailed;
- int thresh, thresh_count;
+ int thresh, thresh_count, leaks, whitelisted = 0;
size_t sum = 0;
thresh = lib->settings->get_int(lib->settings,
- "libstrongswan.leak_detective.usage_threshold", 10240);
+ "%s.leak_detective.usage_threshold", 10240, lib->ns);
thresh_count = lib->settings->get_int(lib->settings,
- "libstrongswan.leak_detective.usage_threshold_count", 0);
+ "%s.leak_detective.usage_threshold_count", 0, lib->ns);
detailed = lib->settings->get_bool(lib->settings,
- "libstrongswan.leak_detective.detailed", TRUE);
+ "%s.leak_detective.detailed", TRUE, lib->ns);
- print_traces(this, out, thresh, thresh_count, detailed, NULL, &sum);
-
- fprintf(out, "Total memory usage: %zu\n", sum);
+ leaks = print_traces(this, cb, user, thresh, thresh_count,
+ detailed, &whitelisted, &sum);
+ if (scb)
+ {
+ scb(user, leaks, sum, whitelisted);
+ }
}
/**
@@ -924,6 +952,7 @@ METHOD(leak_detective_t, destroy, void,
lock->destroy(lock);
thread_disabled->destroy(thread_disabled);
free(this);
+ first_header.next = NULL;
}
/*
@@ -936,8 +965,9 @@ leak_detective_t *leak_detective_create()
INIT(this,
.public = {
.report = _report,
- .leaks = _leaks,
+ .set_report_cb = _set_report_cb,
.usage = _usage,
+ .leaks = _leaks,
.set_state = _set_state,
.destroy = _destroy,
},
diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h
index 7a29e81d7..3fd0b8c93 100644
--- a/src/libstrongswan/utils/leak_detective.h
+++ b/src/libstrongswan/utils/leak_detective.h
@@ -24,6 +24,30 @@
typedef struct leak_detective_t leak_detective_t;
#include <library.h>
+#include <utils/backtrace.h>
+
+/**
+ * Callback function to report leak/usage information
+ *
+ * @param user user specific data
+ * @param count number of allocations
+ * @param bytes total size of allocations
+ * @param bt backtrace of allocation
+ * @param detailed TRUE to show a detailed backtrace
+ */
+typedef void (*leak_detective_report_cb_t)(void *user, int count, size_t bytes,
+ backtrace_t *bt, bool detailed);
+
+/**
+ * Callback function to report leak/usage summary information
+ *
+ * @param user user specific data
+ * @param count total number of allocations
+ * @param bytes total size of all reported allocations
+ * @param whitelisted number of allocations suppressed by whitelist
+ */
+typedef void (*leak_detective_summary_cb_t)(void* user, int count, size_t bytes,
+ int whitelisted);
/**
* Leak detective finds leaks and bad frees using malloc hooks.
@@ -36,25 +60,39 @@ typedef struct leak_detective_t leak_detective_t;
struct leak_detective_t {
/**
- * Report leaks to stderr.
+ * Report leaks to the registered callback functions.
*
* @param detailed TRUE to resolve line/filename of leak (slow)
*/
void (*report)(leak_detective_t *this, bool detailed);
/**
- * Number of detected leaks.
+ * Report current memory usage to out.
+ * Set callback functions invoked during a report().
*
- * @return number of leaks
+ * @param cb callback invoked for each detected leak
+ * @param scb summary callback invoked at end of report
+ * @param user user data to supply to callbacks
*/
- int (*leaks)(leak_detective_t *this);
+ void (*set_report_cb)(leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user);
/**
- * Report current memory usage to out.
+ * Report current memory usage using a callbacks.
+ *
+ * @param cb callback invoked for each allocation
+ * @param scb summary callback invoked at end of usage report
+ * @param user user data supplied to callbacks
+ */
+ void (*usage)(leak_detective_t *this, leak_detective_report_cb_t cb,
+ leak_detective_summary_cb_t scb, void *user);
+
+ /**
+ * Number of detected leaks.
*
- * @param out target to write usage report to
+ * @return number of leaks
*/
- void (*usage)(leak_detective_t *this, FILE *out);
+ int (*leaks)(leak_detective_t *this);
/**
* Enable/disable leak detective hooks for the current thread.
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
index d00abef20..c79d4b87a 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c
@@ -122,10 +122,14 @@ size_t print_in_hook(printf_hook_data_t *data, char *fmt, ...)
if (written > data->n)
{
- written = data->n;
+ data->q += data->n;
+ data->n = 0;
+ }
+ else
+ {
+ data->q += written;
+ data->n -= written;
}
- data->q += written;
- data->n += written;
return written;
}
@@ -725,12 +729,6 @@ int builtin_vsnprintf(char *buffer, size_t n, const char *format, va_list ap)
switch (ch)
{
- case 'P':
- {
- /* Upper case pointer */
- flags |= FL_UPPER;
- /* fall through */
- }
case 'p':
{
/* Pointer */
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
index 8fd1aed4a..5efe1d990 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
@@ -19,10 +19,10 @@
#include <utils/utils.h>
#include <utils/debug.h>
-#include <printf.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
+#include <printf.h>
typedef struct private_printf_hook_t private_printf_hook_t;
typedef struct printf_hook_handler_t printf_hook_handler_t;
diff --git a/src/libstrongswan/utils/settings.c b/src/libstrongswan/utils/settings.c
index 809ca10ab..490490a1e 100644
--- a/src/libstrongswan/utils/settings.c
+++ b/src/libstrongswan/utils/settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -20,7 +20,6 @@
#include <stdio.h>
#include <errno.h>
#include <limits.h>
-#include <libgen.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
@@ -31,6 +30,8 @@
#include "settings.h"
+#include "collections/array.h"
+#include "collections/hashtable.h"
#include "collections/linked_list.h"
#include "threading/rwlock.h"
#include "utils/debug.h"
@@ -78,14 +79,19 @@ struct section_t {
char *name;
/**
+ * fallback sections, as section_t
+ */
+ array_t *fallbacks;
+
+ /**
* subsections, as section_t
*/
- linked_list_t *sections;
+ array_t *sections;
/**
* key value pairs, as kv_t
*/
- linked_list_t *kv;
+ array_t *kv;
};
/**
@@ -134,8 +140,6 @@ static section_t *section_create(char *name)
section_t *this;
INIT(this,
.name = strdupnull(name),
- .sections = linked_list_create(),
- .kv = linked_list_create(),
);
return this;
}
@@ -145,37 +149,73 @@ static section_t *section_create(char *name)
*/
static void section_destroy(section_t *this)
{
- this->kv->destroy_function(this->kv, (void*)kv_destroy);
- this->sections->destroy_function(this->sections, (void*)section_destroy);
+ array_destroy_function(this->sections, (void*)section_destroy, NULL);
+ array_destroy_function(this->kv, (void*)kv_destroy, NULL);
+ array_destroy(this->fallbacks);
free(this->name);
free(this);
}
/**
- * Purge contents of a section
+ * Purge contents of a section, returns if section can be safely removed.
*/
-static void section_purge(section_t *this)
+static bool section_purge(section_t *this)
{
- this->kv->destroy_function(this->kv, (void*)kv_destroy);
- this->kv = linked_list_create();
- this->sections->destroy_function(this->sections, (void*)section_destroy);
- this->sections = linked_list_create();
+ section_t *current;
+ int i;
+
+ array_destroy_function(this->kv, (void*)kv_destroy, NULL);
+ this->kv = NULL;
+ /* we ensure sections used as fallback, or configured with fallbacks (or
+ * having any such subsections) are not removed */
+ for (i = array_count(this->sections) - 1; i >= 0; i--)
+ {
+ array_get(this->sections, i, &current);
+ if (section_purge(current))
+ {
+ array_remove(this->sections, i, NULL);
+ section_destroy(current);
+ }
+ }
+ return !this->fallbacks && !array_count(this->sections);
}
/**
* callback to find a section by name
*/
-static bool section_find(section_t *this, char *name)
+static int section_find(const void *a, const void *b)
{
- return streq(this->name, name);
+ const char *key = a;
+ const section_t *item = b;
+ return strcmp(key, item->name);
+}
+
+/**
+ * callback to sort sections by name
+ */
+static int section_sort(const void *a, const void *b, void *user)
+{
+ const section_t *sa = a, *sb = b;
+ return strcmp(sa->name, sb->name);
}
/**
* callback to find a kv pair by key
*/
-static bool kv_find(kv_t *this, char *key)
+static int kv_find(const void *a, const void *b)
+{
+ const char *key = a;
+ const kv_t *item = b;
+ return strcmp(key, item->key);
+}
+
+/**
+ * callback to sort kv pairs by key
+ */
+static int kv_sort(const void *a, const void *b, void *user)
{
- return streq(this->key, key);
+ const kv_t *kva = a, *kvb = b;
+ return strcmp(kva->key, kvb->key);
}
/**
@@ -184,17 +224,16 @@ static bool kv_find(kv_t *this, char *key)
static bool print_key(char *buf, int len, char *start, char *key, va_list args)
{
va_list copy;
+ char *pos = start;
bool res;
- char *pos;
va_copy(copy, args);
- while (start < key)
+ while (TRUE)
{
- pos = strchr(start, '%');
+ pos = memchr(pos, '%', key - pos);
if (!pos)
{
- start += strlen(start) + 1;
- continue;
+ break;
}
pos++;
switch (*pos)
@@ -215,11 +254,7 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args)
DBG1(DBG_CFG, "settings with %%%c not supported!", *pos);
break;
}
- start = pos;
- if (*start)
- {
- start++;
- }
+ pos++;
}
res = vsnprintf(buf, len, key, copy) < len;
va_end(copy);
@@ -251,14 +286,17 @@ static section_t *find_section_buffered(section_t *section,
{
return NULL;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&found, buf) != SUCCESS)
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else if (array_bsearch(section->sections, buf, section_find, &found) == -1)
{
if (ensure)
{
found = section_create(buf);
- section->sections->insert_last(section->sections, found);
+ array_insert_create(&section->sections, ARRAY_TAIL, found);
+ array_sort(section->sections, section_sort, NULL);
}
}
if (found && pos)
@@ -269,10 +307,74 @@ static section_t *find_section_buffered(section_t *section,
}
/**
- * Find a section by a given key (thread-safe).
+ * Find all sections via a given key considering fallbacks, using buffered key,
+ * reusable buffer.
+ */
+static void find_sections_buffered(section_t *section, char *start, char *key,
+ va_list args, char *buf, int len, array_t **sections)
+{
+ section_t *found = NULL, *fallback;
+ char *pos;
+ int i;
+
+ if (!section)
+ {
+ return;
+ }
+ pos = strchr(key, '.');
+ if (pos)
+ {
+ *pos = '\0';
+ }
+ if (!print_key(buf, len, start, key, args))
+ {
+ return;
+ }
+ if (pos)
+ { /* restore so we can follow fallbacks */
+ *pos = '.';
+ }
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else
+ {
+ array_bsearch(section->sections, buf, section_find, &found);
+ }
+ if (found)
+ {
+ if (pos)
+ {
+ find_sections_buffered(found, start, pos+1, args, buf, len,
+ sections);
+ }
+ else
+ {
+ array_insert_create(sections, ARRAY_TAIL, found);
+ for (i = 0; i < array_count(found->fallbacks); i++)
+ {
+ array_get(found->fallbacks, i, &fallback);
+ array_insert_create(sections, ARRAY_TAIL, fallback);
+ }
+ }
+ }
+ if (section->fallbacks)
+ {
+ for (i = 0; i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &fallback);
+ find_sections_buffered(fallback, start, key, args, buf, len,
+ sections);
+ }
+ }
+}
+
+/**
+ * Ensure that the section with the given key exists (thread-safe).
*/
-static section_t *find_section(private_settings_t *this, section_t *section,
- char *key, va_list args)
+static section_t *ensure_section(private_settings_t *this, section_t *section,
+ const char *key, va_list args)
{
char buf[128], keybuf[512];
section_t *found;
@@ -281,42 +383,101 @@ static section_t *find_section(private_settings_t *this, section_t *section,
{
return NULL;
}
- this->lock->read_lock(this->lock);
+ /* we might have to change the tree */
+ this->lock->write_lock(this->lock);
found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), FALSE);
+ sizeof(buf), TRUE);
this->lock->unlock(this->lock);
return found;
}
/**
- * Ensure that the section with the given key exists (thread-safe).
+ * Find a section by a given key with its fallbacks (not thread-safe!).
+ * Sections are returned in depth-first order (array is allocated). NULL is
+ * returned if no sections are found.
*/
-static section_t *ensure_section(private_settings_t *this, section_t *section,
- char *key, va_list args)
+static array_t *find_sections(private_settings_t *this, section_t *section,
+ char *key, va_list args)
{
char buf[128], keybuf[512];
- section_t *found;
+ array_t *sections = NULL;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- /* we might have to change the tree */
+ find_sections_buffered(section, keybuf, keybuf, args, buf,
+ sizeof(buf), &sections);
+ return sections;
+}
+
+/**
+ * Check if the given fallback section already exists
+ */
+static bool fallback_exists(section_t *section, section_t *fallback)
+{
+ if (section == fallback)
+ {
+ return TRUE;
+ }
+ else if (section->fallbacks)
+ {
+ section_t *existing;
+ int i;
+
+ for (i = 0; i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &existing);
+ if (existing == fallback)
+ {
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+/**
+ * Ensure that the section with the given key exists and add the given fallback
+ * section (thread-safe).
+ */
+static void add_fallback_to_section(private_settings_t *this,
+ section_t *section, const char *key, va_list args,
+ section_t *fallback)
+{
+ char buf[128], keybuf[512];
+ section_t *found;
+
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
+ {
+ return;
+ }
this->lock->write_lock(this->lock);
found = find_section_buffered(section, keybuf, keybuf, args, buf,
sizeof(buf), TRUE);
+ if (!fallback_exists(found, fallback))
+ {
+ /* to ensure sections referred to as fallback are not purged, we create
+ * the array there too */
+ if (!fallback->fallbacks)
+ {
+ fallback->fallbacks = array_create(0, 0);
+ }
+ array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback);
+ }
this->lock->unlock(this->lock);
- return found;
}
/**
* Find the key/value pair for a key, using buffered key, reusable buffer
* If "ensure" is TRUE, the sections (and key/value pair) are created if they
* don't exist.
+ * Fallbacks are only considered if "ensure" is FALSE.
*/
static kv_t *find_value_buffered(section_t *section, char *start, char *key,
va_list args, char *buf, int len, bool ensure)
{
+ int i;
char *pos;
kv_t *kv = NULL;
section_t *found = NULL;
@@ -330,25 +491,40 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
if (pos)
{
*pos = '\0';
- pos++;
-
if (!print_key(buf, len, start, key, args))
{
return NULL;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&found, buf) != SUCCESS)
+ /* restore so we can retry for fallbacks */
+ *pos = '.';
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ else if (array_bsearch(section->sections, buf, section_find,
+ &found) == -1)
{
- if (!ensure)
+ if (ensure)
{
- return NULL;
+ found = section_create(buf);
+ array_insert_create(&section->sections, ARRAY_TAIL, found);
+ array_sort(section->sections, section_sort, NULL);
+ }
+ }
+ if (found)
+ {
+ kv = find_value_buffered(found, start, pos+1, args, buf, len,
+ ensure);
+ }
+ if (!kv && !ensure && section->fallbacks)
+ {
+ for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &found);
+ kv = find_value_buffered(found, start, key, args, buf, len,
+ ensure);
}
- found = section_create(buf);
- section->sections->insert_last(section->sections, found);
}
- return find_value_buffered(found, start, pos, args, buf, len,
- ensure);
}
else
{
@@ -356,13 +532,22 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
{
return NULL;
}
- if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find,
- (void**)&kv, buf) != SUCCESS)
+ if (array_bsearch(section->kv, buf, kv_find, &kv) == -1)
{
if (ensure)
{
kv = kv_create(buf, NULL);
- section->kv->insert_last(section->kv, kv);
+ array_insert_create(&section->kv, ARRAY_TAIL, kv);
+ array_sort(section->kv, kv_sort, NULL);
+ }
+ else if (section->fallbacks)
+ {
+ for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ {
+ array_get(section->fallbacks, i, &found);
+ kv = find_value_buffered(found, start, key, args, buf, len,
+ ensure);
+ }
}
}
}
@@ -429,7 +614,7 @@ static void set_value(private_settings_t *this, section_t *section,
}
METHOD(settings_t, get_str, char*,
- private_settings_t *this, char *key, char *def, ...)
+ private_settings_t *this, char *key, char *def, ...)
{
char *value;
va_list args;
@@ -470,7 +655,7 @@ inline bool settings_value_as_bool(char *value, bool def)
}
METHOD(settings_t, get_bool, bool,
- private_settings_t *this, char *key, bool def, ...)
+ private_settings_t *this, char *key, bool def, ...)
{
char *value;
va_list args;
@@ -500,7 +685,7 @@ inline int settings_value_as_int(char *value, int def)
}
METHOD(settings_t, get_int, int,
- private_settings_t *this, char *key, int def, ...)
+ private_settings_t *this, char *key, int def, ...)
{
char *value;
va_list args;
@@ -530,7 +715,7 @@ inline double settings_value_as_double(char *value, double def)
}
METHOD(settings_t, get_double, double,
- private_settings_t *this, char *key, double def, ...)
+ private_settings_t *this, char *key, double def, ...)
{
char *value;
va_list args;
@@ -576,7 +761,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def)
}
METHOD(settings_t, get_time, u_int32_t,
- private_settings_t *this, char *key, u_int32_t def, ...)
+ private_settings_t *this, char *key, u_int32_t def, ...)
{
char *value;
va_list args;
@@ -588,7 +773,7 @@ METHOD(settings_t, get_time, u_int32_t,
}
METHOD(settings_t, set_str, void,
- private_settings_t *this, char *key, char *value, ...)
+ private_settings_t *this, char *key, char *value, ...)
{
va_list args;
va_start(args, value);
@@ -597,7 +782,7 @@ METHOD(settings_t, set_str, void,
}
METHOD(settings_t, set_bool, void,
- private_settings_t *this, char *key, bool value, ...)
+ private_settings_t *this, char *key, bool value, ...)
{
va_list args;
va_start(args, value);
@@ -606,7 +791,7 @@ METHOD(settings_t, set_bool, void,
}
METHOD(settings_t, set_int, void,
- private_settings_t *this, char *key, int value, ...)
+ private_settings_t *this, char *key, int value, ...)
{
char val[16];
va_list args;
@@ -619,7 +804,7 @@ METHOD(settings_t, set_int, void,
}
METHOD(settings_t, set_double, void,
- private_settings_t *this, char *key, double value, ...)
+ private_settings_t *this, char *key, double value, ...)
{
char val[64];
va_list args;
@@ -632,7 +817,7 @@ METHOD(settings_t, set_double, void,
}
METHOD(settings_t, set_time, void,
- private_settings_t *this, char *key, u_int32_t value, ...)
+ private_settings_t *this, char *key, u_int32_t value, ...)
{
char val[16];
va_list args;
@@ -645,7 +830,7 @@ METHOD(settings_t, set_time, void,
}
METHOD(settings_t, set_default_str, bool,
- private_settings_t *this, char *key, char *value, ...)
+ private_settings_t *this, char *key, char *value, ...)
{
char *old;
va_list args;
@@ -665,63 +850,143 @@ METHOD(settings_t, set_default_str, bool,
}
/**
+ * Data for enumerators
+ */
+typedef struct {
+ /** settings_t instance */
+ private_settings_t *settings;
+ /** sections to enumerate */
+ array_t *sections;
+ /** sections/keys that were already enumerated */
+ hashtable_t *seen;
+} enumerator_data_t;
+
+/**
+ * Destroy enumerator data
+ */
+static void enumerator_destroy(enumerator_data_t *this)
+{
+ this->settings->lock->unlock(this->settings->lock);
+ this->seen->destroy(this->seen);
+ array_destroy(this->sections);
+ free(this);
+}
+
+/**
* Enumerate section names, not sections
*/
-static bool section_filter(void *null, section_t **in, char **out)
+static bool section_filter(hashtable_t *seen, section_t **in, char **out)
{
*out = (*in)->name;
+ if (seen->get(seen, *out))
+ {
+ return FALSE;
+ }
+ seen->put(seen, *out, *out);
return TRUE;
}
+/**
+ * Enumerate sections of the given section
+ */
+static enumerator_t *section_enumerator(section_t *section,
+ enumerator_data_t *data)
+{
+ return enumerator_create_filter(array_create_enumerator(section->sections),
+ (void*)section_filter, data->seen, NULL);
+}
+
METHOD(settings_t, create_section_enumerator, enumerator_t*,
- private_settings_t *this, char *key, ...)
+ private_settings_t *this, char *key, ...)
{
- section_t *section;
+ enumerator_data_t *data;
+ array_t *sections;
va_list args;
+ this->lock->read_lock(this->lock);
va_start(args, key);
- section = find_section(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args);
va_end(args);
- if (!section)
+ if (!sections)
{
+ this->lock->unlock(this->lock);
return enumerator_create_empty();
}
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(
- section->sections->create_enumerator(section->sections),
- (void*)section_filter, this->lock, (void*)this->lock->unlock);
+ INIT(data,
+ .settings = this,
+ .sections = sections,
+ .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8),
+ );
+ return enumerator_create_nested(array_create_enumerator(sections),
+ (void*)section_enumerator, data, (void*)enumerator_destroy);
}
/**
* Enumerate key and values, not kv_t entries
*/
-static bool kv_filter(void *null, kv_t **in, char **key,
+static bool kv_filter(hashtable_t *seen, kv_t **in, char **key,
void *none, char **value)
{
*key = (*in)->key;
+ if (seen->get(seen, *key))
+ {
+ return FALSE;
+ }
*value = (*in)->value;
+ seen->put(seen, *key, *key);
return TRUE;
}
+/**
+ * Enumerate key/value pairs of the given section
+ */
+static enumerator_t *kv_enumerator(section_t *section, enumerator_data_t *data)
+{
+ return enumerator_create_filter(array_create_enumerator(section->kv),
+ (void*)kv_filter, data->seen, NULL);
+}
+
METHOD(settings_t, create_key_value_enumerator, enumerator_t*,
- private_settings_t *this, char *key, ...)
+ private_settings_t *this, char *key, ...)
{
- section_t *section;
+ enumerator_data_t *data;
+ array_t *sections;
va_list args;
+ this->lock->read_lock(this->lock);
va_start(args, key);
- section = find_section(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args);
va_end(args);
- if (!section)
+ if (!sections)
{
+ this->lock->unlock(this->lock);
return enumerator_create_empty();
}
- this->lock->read_lock(this->lock);
- return enumerator_create_filter(
- section->kv->create_enumerator(section->kv),
- (void*)kv_filter, this->lock, (void*)this->lock->unlock);
+ INIT(data,
+ .settings = this,
+ .sections = sections,
+ .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8),
+ );
+ return enumerator_create_nested(array_create_enumerator(sections),
+ (void*)kv_enumerator, data, (void*)enumerator_destroy);
+}
+
+METHOD(settings_t, add_fallback, void,
+ private_settings_t *this, const char *key, const char *fallback, ...)
+{
+ section_t *section;
+ va_list args;
+
+ /* find/create the fallback */
+ va_start(args, fallback);
+ section = ensure_section(this, this->top, fallback, args);
+ va_end(args);
+
+ va_start(args, fallback);
+ add_fallback_to_section(this, this->top, key, args, section);
+ va_end(args);
}
/**
@@ -881,15 +1146,15 @@ static bool parse_section(linked_list_t *contents, char *file, int level,
section->name);
continue;
}
- if (section->sections->find_first(section->sections,
- (linked_list_match_t)section_find,
- (void**)&sub, key) != SUCCESS)
+ if (array_bsearch(section->sections, key, section_find,
+ &sub) == -1)
{
sub = section_create(key);
if (parse_section(contents, file, level, &inner, sub))
{
- section->sections->insert_last(section->sections,
- sub);
+ array_insert_create(&section->sections, ARRAY_TAIL,
+ sub);
+ array_sort(section->sections, section_sort, NULL);
continue;
}
section_destroy(sub);
@@ -916,12 +1181,11 @@ static bool parse_section(linked_list_t *contents, char *file, int level,
section->name);
continue;
}
- if (section->kv->find_first(section->kv,
- (linked_list_match_t)kv_find,
- (void**)&kv, key) != SUCCESS)
+ if (array_bsearch(section->kv, key, kv_find, &kv) == -1)
{
kv = kv_create(key, value);
- section->kv->insert_last(section->kv, kv);
+ array_insert_create(&section->kv, ARRAY_TAIL, kv);
+ array_sort(section->kv, kv_sort, NULL);
}
else
{ /* replace with the most recently read value */
@@ -1037,8 +1301,7 @@ static bool parse_files(linked_list_t *contents, char *file, int level,
}
else
{ /* base relative paths to the directory of the current file */
- char *dir = strdup(file);
- dir = dirname(dir);
+ char *dir = path_dirname(file);
if (snprintf(pat, sizeof(pat), "%s/%s", dir, pattern) >= sizeof(pat))
{
DBG1(DBG_LIB, "include pattern too long, ignored");
@@ -1092,37 +1355,37 @@ static void section_extend(section_t *base, section_t *extension)
section_t *sec;
kv_t *kv;
- enumerator = extension->sections->create_enumerator(extension->sections);
+ enumerator = array_create_enumerator(extension->sections);
while (enumerator->enumerate(enumerator, (void**)&sec))
{
section_t *found;
- if (base->sections->find_first(base->sections,
- (linked_list_match_t)section_find, (void**)&found,
- sec->name) == SUCCESS)
+ if (array_bsearch(base->sections, sec->name, section_find,
+ &found) != -1)
{
section_extend(found, sec);
}
else
{
- extension->sections->remove_at(extension->sections, enumerator);
- base->sections->insert_last(base->sections, sec);
+ array_remove_at(extension->sections, enumerator);
+ array_insert_create(&base->sections, ARRAY_TAIL, sec);
+ array_sort(base->sections, section_sort, NULL);
}
}
enumerator->destroy(enumerator);
- enumerator = extension->kv->create_enumerator(extension->kv);
+ enumerator = array_create_enumerator(extension->kv);
while (enumerator->enumerate(enumerator, (void**)&kv))
{
kv_t *found;
- if (base->kv->find_first(base->kv, (linked_list_match_t)kv_find,
- (void**)&found, kv->key) == SUCCESS)
+ if (array_bsearch(base->kv, kv->key, kv_find, &found) != -1)
{
found->value = kv->value;
}
else
{
- extension->kv->remove_at(extension->kv, enumerator);
- base->kv->insert_last(base->kv, kv);
+ array_remove_at(extension->kv, enumerator);
+ array_insert_create(&base->kv, ARRAY_TAIL, kv);
+ array_sort(base->kv, kv_sort, NULL);
}
}
enumerator->destroy(enumerator);
@@ -1179,13 +1442,13 @@ static bool load_files_internal(private_settings_t *this, section_t *parent,
}
METHOD(settings_t, load_files, bool,
- private_settings_t *this, char *pattern, bool merge)
+ private_settings_t *this, char *pattern, bool merge)
{
return load_files_internal(this, this->top, pattern, merge);
}
METHOD(settings_t, load_files_section, bool,
- private_settings_t *this, char *pattern, bool merge, char *key, ...)
+ private_settings_t *this, char *pattern, bool merge, char *key, ...)
{
section_t *section;
va_list args;
@@ -1202,7 +1465,7 @@ METHOD(settings_t, load_files_section, bool,
}
METHOD(settings_t, destroy, void,
- private_settings_t *this)
+ private_settings_t *this)
{
section_destroy(this->top);
this->contents->destroy_function(this->contents, (void*)free);
@@ -1232,6 +1495,7 @@ settings_t *settings_create(char *file)
.set_default_str = _set_default_str,
.create_section_enumerator = _create_section_enumerator,
.create_key_value_enumerator = _create_key_value_enumerator,
+ .add_fallback = _add_fallback,
.load_files = _load_files,
.load_files_section = _load_files_section,
.destroy = _destroy,
diff --git a/src/libstrongswan/utils/settings.h b/src/libstrongswan/utils/settings.h
index df0c534e9..46403c4d3 100644
--- a/src/libstrongswan/utils/settings.h
+++ b/src/libstrongswan/utils/settings.h
@@ -269,6 +269,31 @@ struct settings_t {
char *section, ...);
/**
+ * Add a fallback for the given section.
+ *
+ * Example: When the fallback 'section-two' is configured for
+ * 'section-one.two' any failed lookup for a section or key in
+ * 'section-one.two' will result in a lookup for the same section/key
+ * in 'section-two'.
+ *
+ * @note Lookups are depth-first and currently strictly top-down.
+ * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as
+ * fallback the keys/sections in lib2.sec would not be considered. But if
+ * app had lib3 as fallback the contents of lib3.sec would (as app is passed
+ * during the initial lookup). In the last example the order during
+ * enumerations would be app.sec, lib1.sec, lib3.sec.
+ *
+ * @note Additional arguments will be applied to both section format
+ * strings so they must be compatible.
+ *
+ * @param section section for which a fallback is configured, printf style
+ * @param fallback fallback section, printf style
+ * @param ... argument list for section and fallback
+ */
+ void (*add_fallback)(settings_t *this, const char *section,
+ const char *fallback, ...);
+
+ /**
* Load settings from the files matching the given pattern.
*
* If merge is TRUE, existing sections are extended, existing values
diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c
new file mode 100644
index 000000000..7de5a7661
--- /dev/null
+++ b/src/libstrongswan/utils/test.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test.h"
+
+#include <library.h>
+
+/**
+ * A collection of testable functions
+ */
+hashtable_t *testable_functions;
+
+/*
+ * Described in header.
+ */
+void testable_function_register(char *name, void *fn)
+{
+ if (testable_functions)
+ {
+ bool old = FALSE;
+ if (lib->leak_detective)
+ {
+ old = lib->leak_detective->set_state(lib->leak_detective, FALSE);
+ }
+ if (fn)
+ {
+ testable_functions->put(testable_functions, name, fn);
+ }
+ else
+ {
+ testable_functions->remove(testable_functions, name);
+ }
+ if (lib->leak_detective)
+ {
+ lib->leak_detective->set_state(lib->leak_detective, old);
+ }
+ }
+}
diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h
new file mode 100644
index 000000000..5b7289244
--- /dev/null
+++ b/src/libstrongswan/utils/test.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup test test
+ * @{ @ingroup utils
+ */
+
+#ifndef TEST_H_
+#define TEST_H_
+
+#include "collections/hashtable.h"
+
+/**
+ * Collection of testable functions.
+ *
+ * @note Is initialized only if libtest is loaded.
+ */
+extern hashtable_t *testable_functions;
+
+/**
+ * Register a (possibly static) function so that it can be called from tests.
+ *
+ * @param name name (namespace/function)
+ * @param fn function to register (set to NULL to unregister)
+ */
+void testable_function_register(char *name, void *fn);
+
+/**
+ * Macro to automatically register/unregister a function that can be called
+ * from tests.
+ *
+ * @note The constructor has a priority set so that it runs after the
+ * constructor that creates the hashtable. The destructor, on the other hand,
+ * does not have a priority set, as test coverage would report that function as
+ * untested otherwise.
+ *
+ * @param ns namespace
+ * @param fn function to register
+ */
+#define EXPORT_FUNCTION_FOR_TESTS(ns, fn) \
+static void testable_function_register_##fn() __attribute__ ((constructor(2000))); \
+static void testable_function_register_##fn() \
+{ \
+ testable_function_register(#ns "/" #fn, fn); \
+} \
+static void testable_function_unregister_##fn() __attribute__ ((destructor)); \
+static void testable_function_unregister_##fn() \
+{ \
+ testable_function_register(#ns "/" #fn, NULL); \
+}
+
+/**
+ * Import a registered function so that it can be called from tests.
+ *
+ * @note If the imported function is static (or no conflicting header files
+ * are included) ret can be prefixed with static to declare the function static.
+ *
+ * @note We allocate an arbitrary amount of stack space, hopefully enough for
+ * all arguments.
+ *
+ * @param ns namespace of the function
+ * @param name name of the function
+ * @param ret return type of the function
+ * @param ... arguments of the function
+ */
+#define IMPORT_FUNCTION_FOR_TESTS(ns, name, ret, ...) \
+ret name(__VA_ARGS__) \
+{ \
+ void (*fn)() = NULL; \
+ if (testable_functions) \
+ { \
+ fn = testable_functions->get(testable_functions, #ns "/" #name); \
+ } \
+ if (fn) \
+ { \
+ void *args = __builtin_apply_args(); \
+ __builtin_return(__builtin_apply(fn, args, 16*sizeof(void*))); \
+ } \
+ test_fail_msg(__FILE__, __LINE__, "function " #name " (" #ns ") not found"); \
+ __builtin_return(NULL); \
+}
+
+#endif /** TEST_H_ @}*/
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 266fb4357..fe80edb82 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -14,8 +14,7 @@
* for more details.
*/
-#include "utils.h"
-
+#define _GNU_SOURCE /* for memrchr */
#include <sys/stat.h>
#include <string.h>
#include <stdio.h>
@@ -27,6 +26,8 @@
#include <time.h>
#include <pthread.h>
+#include "utils.h"
+
#include "collections/enumerator.h"
#include "utils/debug.h"
#include "utils/chunk.h"
@@ -102,7 +103,7 @@ void memwipe_noinline(void *ptr, size_t n)
*/
void *memstr(const void *haystack, const char *needle, size_t n)
{
- unsigned const char *pos = haystack;
+ const u_char *pos = haystack;
size_t l;
if (!haystack || !needle || (l = strlen(needle)) == 0)
@@ -122,6 +123,28 @@ void *memstr(const void *haystack, const char *needle, size_t n)
/**
* Described in header.
*/
+void *utils_memrchr(const void *s, int c, size_t n)
+{
+ const u_char *pos;
+
+ if (!s || !n)
+ {
+ return NULL;
+ }
+
+ for (pos = s + n - 1; pos >= (u_char*)s; pos--)
+ {
+ if (*pos == (u_char)c)
+ {
+ return (void*)pos;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Described in header.
+ */
char* translate(char *str, const char *from, const char *to)
{
char *pos = str;
@@ -144,6 +167,115 @@ char* translate(char *str, const char *from, const char *to)
/**
* Described in header.
*/
+char* strreplace(const char *str, const char *search, const char *replace)
+{
+ size_t len, slen, rlen, count = 0;
+ char *res, *pos, *found, *dst;
+
+ if (!str || !*str || !search || !*search || !replace)
+ {
+ return (char*)str;
+ }
+ slen = strlen(search);
+ rlen = strlen(replace);
+ if (slen != rlen)
+ {
+ for (pos = (char*)str; (pos = strstr(pos, search)); pos += slen)
+ {
+ found = pos;
+ count++;
+ }
+ if (!count)
+ {
+ return (char*)str;
+ }
+ len = (found - str) + strlen(found) + count * (rlen - slen);
+ }
+ else
+ {
+ len = strlen(str);
+ }
+ found = strstr(str, search);
+ if (!found)
+ {
+ return (char*)str;
+ }
+ dst = res = malloc(len + 1);
+ pos = (char*)str;
+ do
+ {
+ len = found - pos;
+ memcpy(dst, pos, len);
+ dst += len;
+ memcpy(dst, replace, rlen);
+ dst += rlen;
+ pos = found + slen;
+ }
+ while ((found = strstr(pos, search)));
+ strcpy(dst, pos);
+ return res;
+}
+
+/**
+ * Described in header.
+ */
+char* path_dirname(const char *path)
+{
+ char *pos;
+
+ pos = path ? strrchr(path, '/') : NULL;
+
+ if (pos && !pos[1])
+ { /* if path ends with slashes we have to look beyond them */
+ while (pos > path && *pos == '/')
+ { /* skip trailing slashes */
+ pos--;
+ }
+ pos = memrchr(path, '/', pos - path + 1);
+ }
+ if (!pos)
+ {
+ return strdup(".");
+ }
+ while (pos > path && *pos == '/')
+ { /* skip superfluous slashes */
+ pos--;
+ }
+ return strndup(path, pos - path + 1);
+}
+
+/**
+ * Described in header.
+ */
+char* path_basename(const char *path)
+{
+ char *pos, *trail = NULL;
+
+ if (!path || !*path)
+ {
+ return strdup(".");
+ }
+ pos = strrchr(path, '/');
+ if (pos && !pos[1])
+ { /* if path ends with slashes we have to look beyond them */
+ while (pos > path && *pos == '/')
+ { /* skip trailing slashes */
+ pos--;
+ }
+ if (pos == path && *pos == '/')
+ { /* contains only slashes */
+ return strdup("/");
+ }
+ trail = pos + 1;
+ pos = memrchr(path, '/', trail - path);
+ }
+ pos = pos ? pos + 1 : (char*)path;
+ return trail ? strndup(pos, trail - pos) : strdup(pos);
+}
+
+/**
+ * Described in header.
+ */
bool mkdir_p(const char *path, mode_t mode)
{
int len;
@@ -251,84 +383,6 @@ char* tty_escape_get(int fd, tty_escape_t escape)
return "";
}
-/**
- * The size of the thread-specific error buffer
- */
-#define STRERROR_BUF_LEN 256
-
-/**
- * Key to store thread-specific error buffer
- */
-static pthread_key_t strerror_buf_key;
-
-/**
- * Only initialize the key above once
- */
-static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT;
-
-/**
- * Create the key used for the thread-specific error buffer
- */
-static void create_strerror_buf_key()
-{
- pthread_key_create(&strerror_buf_key, free);
-}
-
-/**
- * Retrieve the error buffer assigned to the current thread (or create it)
- */
-static inline char *get_strerror_buf()
-{
- char *buf;
-
- pthread_once(&strerror_buf_key_once, create_strerror_buf_key);
- buf = pthread_getspecific(strerror_buf_key);
- if (!buf)
- {
- buf = malloc(STRERROR_BUF_LEN);
- pthread_setspecific(strerror_buf_key, buf);
- }
- return buf;
-}
-
-#ifdef HAVE_STRERROR_R
-/*
- * Described in header.
- */
-const char *safe_strerror(int errnum)
-{
- char *buf = get_strerror_buf(), *msg;
-
-#ifdef STRERROR_R_CHAR_P
- /* char* version which may or may not return the original buffer */
- msg = strerror_r(errnum, buf, STRERROR_BUF_LEN);
-#else
- /* int version returns 0 on success */
- msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf;
-#endif
- return msg;
-}
-#else /* HAVE_STRERROR_R */
-/* we actually wan't to call strerror(3) below */
-#undef strerror
-/*
- * Described in header.
- */
-const char *safe_strerror(int errnum)
-{
- static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
- char *buf = get_strerror_buf();
-
- /* use a mutex to ensure calling strerror(3) is thread-safe */
- pthread_mutex_lock(&mutex);
- strncpy(buf, strerror(errnum), STRERROR_BUF_LEN);
- pthread_mutex_unlock(&mutex);
- buf[STRERROR_BUF_LEN - 1] = '\0';
- return buf;
-}
-#endif /* HAVE_STRERROR_R */
-
-
#ifndef HAVE_CLOSEFROM
/**
* Described in header.
@@ -570,7 +624,7 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
time_t *time = *((time_t**)(args[0]));
- bool utc = *((bool*)(args[1]));;
+ bool utc = *((int*)(args[1]));
struct tm t;
if (*time == UNDEFINED_TIME)
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index cda7edf08..a55e7d831 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -30,6 +30,7 @@
#include <string.h>
#include "enum.h"
+#include "utils/strerror.h"
/**
* strongSwan program return codes
@@ -464,6 +465,20 @@ static inline void memwipe(void *ptr, size_t n)
void *memstr(const void *haystack, const char *needle, size_t n);
/**
+ * Replacement for memrchr(3) if it is not provided by the C library.
+ *
+ * @param s start of the memory area to search
+ * @param c character to search
+ * @param n length of memory area to search
+ * @return pointer to the found character or NULL
+ */
+void *utils_memrchr(const void *s, int c, size_t n);
+
+#ifndef HAVE_MEMRCHR
+#define memrchr(s,c,n) utils_memrchr(s,c,n)
+#endif
+
+/**
* Translates the characters in the given string, searching for characters
* in 'from' and mapping them to characters in 'to'.
* The two characters sets 'from' and 'to' must contain the same number of
@@ -472,36 +487,59 @@ void *memstr(const void *haystack, const char *needle, size_t n);
char *translate(char *str, const char *from, const char *to);
/**
- * Creates a directory and all required parent directories.
+ * Replaces all occurrences of search in the given string with replace.
*
- * @param path path to the new directory
- * @param mode permissions of the new directory/directories
- * @return TRUE on success
+ * Allocates memory only if anything is replaced in the string. The original
+ * string is also returned if any of the arguments are invalid (e.g. if search
+ * is empty or any of them are NULL).
+ *
+ * @param str original string
+ * @param search string to search for and replace
+ * @param replace string to replace found occurrences with
+ * @return allocated string, if anything got replaced, str otherwise
*/
-bool mkdir_p(const char *path, mode_t mode);
+char *strreplace(const char *str, const char *search, const char *replace);
/**
- * Thread-safe wrapper around strerror and strerror_r.
+ * Like dirname(3) returns the directory part of the given null-terminated
+ * pathname, up to but not including the final '/' (or '.' if no '/' is found).
+ * Trailing '/' are not counted as part of the pathname.
*
- * This is required because the first is not thread-safe (on some platforms)
- * and the second uses two different signatures (POSIX/GNU) and is impractical
- * to use anyway.
+ * The difference is that it does this in a thread-safe manner (i.e. it does not
+ * use static buffers) and does not modify the original path.
*
- * @param errnum error code (i.e. errno)
- * @return error message
+ * @param path original pathname
+ * @return allocated directory component
*/
-const char *safe_strerror(int errnum);
+char *path_dirname(const char *path);
/**
- * Replace usages of strerror(3) with thread-safe variant.
+ * Like basename(3) returns the filename part of the given null-terminated path,
+ * i.e. the part following the final '/' (or '.' if path is empty or NULL).
+ * Trailing '/' are not counted as part of the pathname.
+ *
+ * The difference is that it does this in a thread-safe manner (i.e. it does not
+ * use static buffers) and does not modify the original path.
+ *
+ * @param path original pathname
+ * @return allocated filename component
*/
-#define strerror(errnum) safe_strerror(errnum)
+char *path_basename(const char *path);
+
+/**
+ * Creates a directory and all required parent directories.
+ *
+ * @param path path to the new directory
+ * @param mode permissions of the new directory/directories
+ * @return TRUE on success
+ */
+bool mkdir_p(const char *path, mode_t mode);
#ifndef HAVE_CLOSEFROM
/**
* Close open file descriptors greater than or equal to lowfd.
*
- * @param lowfd start closing file descriptoros from here
+ * @param lowfd start closing file descriptors from here
*/
void closefrom(int lowfd);
#endif
diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c
new file mode 100644
index 000000000..95e463f5f
--- /dev/null
+++ b/src/libstrongswan/utils/utils/strerror.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2012-2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <pthread.h>
+
+#include "strerror.h"
+
+/**
+ * The size of the thread-specific error buffer
+ */
+#define STRERROR_BUF_LEN 256
+
+/**
+ * Key to store thread-specific error buffer
+ */
+static pthread_key_t strerror_buf_key;
+
+/**
+ * Only initialize the key above once
+ */
+static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT;
+
+/**
+ * Create the key used for the thread-specific error buffer
+ */
+static void create_strerror_buf_key()
+{
+ pthread_key_create(&strerror_buf_key, free);
+}
+
+/**
+ * Retrieve the error buffer assigned to the current thread (or create it)
+ */
+static inline char *get_strerror_buf()
+{
+ char *buf;
+
+ pthread_once(&strerror_buf_key_once, create_strerror_buf_key);
+ buf = pthread_getspecific(strerror_buf_key);
+ if (!buf)
+ {
+ buf = malloc(STRERROR_BUF_LEN);
+ pthread_setspecific(strerror_buf_key, buf);
+ }
+ return buf;
+}
+
+#ifdef HAVE_STRERROR_R
+/*
+ * Described in header.
+ */
+const char *strerror_safe(int errnum)
+{
+ char *buf = get_strerror_buf(), *msg;
+
+#ifdef STRERROR_R_CHAR_P
+ /* char* version which may or may not return the original buffer */
+ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN);
+#else
+ /* int version returns 0 on success */
+ msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf;
+#endif
+ return msg;
+}
+#else /* HAVE_STRERROR_R */
+/* we actually wan't to call strerror(3) below */
+#undef strerror
+/*
+ * Described in header.
+ */
+const char *strerror_safe(int errnum)
+{
+ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+ char *buf = get_strerror_buf();
+
+ /* use a mutex to ensure calling strerror(3) is thread-safe */
+ pthread_mutex_lock(&mutex);
+ strncpy(buf, strerror(errnum), STRERROR_BUF_LEN);
+ pthread_mutex_unlock(&mutex);
+ buf[STRERROR_BUF_LEN - 1] = '\0';
+ return buf;
+}
+#endif /* HAVE_STRERROR_R */
diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h
new file mode 100644
index 000000000..2cb76f12e
--- /dev/null
+++ b/src/libstrongswan/utils/utils/strerror.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2012-2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @{ @ingroup utils
+ */
+
+#ifndef STRERROR_H_
+#define STRERROR_H_
+
+/**
+ * Thread-safe wrapper around strerror and strerror_r.
+ *
+ * This is required because the first is not thread-safe (on some platforms)
+ * and the second uses two different signatures (POSIX/GNU) and is impractical
+ * to use anyway.
+ *
+ * @param errnum error code (i.e. errno)
+ * @return error message
+ */
+const char *strerror_safe(int errnum);
+
+/**
+ * Replace usages of strerror(3) with thread-safe variant.
+ */
+#define strerror(errnum) strerror_safe(errnum)
+
+#endif /** STRERROR_H_ @}*/
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 5e8660a41..87ae2a63d 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 6d33d843d..6b51e7593 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
.application = application,
.purpose = purpose,
);
+ lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns);
this->crypto = tls_crypto_create(&this->public, cache);
this->alert = tls_alert_create();
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 12aa049a2..cc73ebaeb 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this,
int i, remaining = 0;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.mac", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
@@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this,
int i, remaining = 0, suite;
char *token, *config;
- config = lib->settings->get_str(lib->settings, "libtls.suites", NULL);
+ config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
+ lib->ns);
if (config)
{
for (i = 0; i < *count; i++)
diff --git a/src/libtnccs/Android.mk b/src/libtnccs/Android.mk
index 4d2803a97..68f85c252 100644
--- a/src/libtnccs/Android.mk
+++ b/src/libtnccs/Android.mk
@@ -35,7 +35,6 @@ endif
# build libtncif ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libtls \
$(strongswan_PATH)/src/libtncif \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index bacea4346..745850ac1 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -270,8 +270,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -339,6 +337,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -427,12 +430,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -447,6 +454,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 79f91f72f..1f839853c 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
index 7c52ab384..2d556d9d9 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
@@ -302,7 +302,7 @@ METHOD(imc_t, destroy, void,
private_tnc_imc_t *this)
{
if (this->handle && lib->settings->get_bool(lib->settings,
- "libtnccs.plugins.tnc-imc.dlclose", TRUE))
+ "%s.plugins.tnc-imc.dlclose", TRUE, lib->ns))
{
dlclose(this->handle);
}
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
index 311598fa9..459b6d710 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c
@@ -224,7 +224,7 @@ METHOD(imc_manager_t, get_preferred_language, char*,
private_tnc_imc_manager_t *this)
{
return lib->settings->get_str(lib->settings,
- "libtnccs.plugins.tnc-imc.preferred_language", "en");
+ "%s.plugins.tnc-imc.preferred_language", "en", lib->ns);
}
METHOD(imc_manager_t, notify_connection_change, void,
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 20087a7a2..45c3569ac 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -221,8 +221,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
index ebf904513..ab2e55253 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
@@ -298,7 +298,7 @@ METHOD(imv_t, destroy, void,
private_tnc_imv_t *this)
{
if (this->handle && lib->settings->get_bool(lib->settings,
- "libtnccs.plugins.tnc-imv.dlclose", TRUE))
+ "%s.plugins.tnc-imv.dlclose", TRUE, lib->ns))
{
dlclose(this->handle);
}
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
index b4f131b5d..56245015b 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c
@@ -21,7 +21,6 @@
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
@@ -461,7 +460,8 @@ imv_manager_t* tnc_imv_manager_create(void)
policy = enum_from_name(recommendation_policy_names,
lib->settings->get_str(lib->settings,
- "libtnccs.plugins.tnc-imv.recommendation_policy", "default"));
+ "%s.plugins.tnc-imv.recommendation_policy",
+ "default", lib->ns));
this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT;
DBG1(DBG_TNC, "TNC recommendation policy is '%N'",
recommendation_policy_names, this->policy);
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index 776469098..21ed94de2 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 76b453a0a..7b4d53ed2 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -230,8 +230,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -299,6 +297,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -387,12 +390,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -407,6 +414,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
index 91854b587..28c5e52b7 100644
--- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c
+++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c
@@ -662,7 +662,7 @@ tnccs_t* tnccs_11_create(bool is_server,
.callback = cb,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_msg_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-11.max_message_size", 45000),
+ "%s.plugins.tnccs-11.max_message_size", 45000, lib->ns),
.ref = 1,
);
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 0bb3c7314..63010c301 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -231,8 +231,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index b631ef579..f78b85a68 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -1063,9 +1063,9 @@ tnccs_t* tnccs_20_create(bool is_server,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),
.max_batch_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-20.max_batch_size", 65522),
+ "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns),
.max_msg_len = lib->settings->get_int(lib->settings,
- "libtnccs.plugins.tnccs-20.max_message_size", 65490),
+ "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns),
.ref = 1,
);
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index d38aa13cc..6a99188ef 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -220,8 +220,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c
index 3a5b84596..e002b10e0 100644
--- a/src/libtnccs/tnc/tnc.c
+++ b/src/libtnccs/tnc/tnc.c
@@ -13,14 +13,15 @@
* for more details.
*/
-#include "tnc.h"
-
+#define _GNU_SOURCE /* for stdndup() */
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
+#include <string.h>
+
+#include "tnc.h"
#include <utils/lexparser.h>
#include <utils/debug.h>
@@ -71,8 +72,10 @@ void libtnccs_init(void)
},
.ref = 1,
);
-
tnc = &this->public;
+ lib->settings->add_fallback(lib->settings, "%s.tnc", "libtnccs", lib->ns);
+ lib->settings->add_fallback(lib->settings, "%s.plugins", "libtnccs.plugins",
+ lib->ns);
}
/**
@@ -94,10 +97,8 @@ void libtnccs_deinit(void)
static bool load_imcvs_from_config(char *filename, bool is_imc)
{
bool success = FALSE;
- int fd, line_nr = 0;
- chunk_t src, line;
- struct stat sb;
- void *addr;
+ int line_nr = 0;
+ chunk_t *src, line;
char *label;
if (!filename || !*filename)
@@ -108,30 +109,15 @@ static bool load_imcvs_from_config(char *filename, bool is_imc)
label = is_imc ? "IMC" : "IMV";
DBG1(DBG_TNC, "loading %ss from '%s'", label, filename);
- fd = open(filename, O_RDONLY);
- if (fd == -1)
+ src = chunk_map(filename, FALSE);
+ if (!src)
{
DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename,
strerror(errno));
return FALSE;
}
- if (fstat(fd, &sb) == -1)
- {
- DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename,
- strerror(errno));
- close(fd);
- return FALSE;
- }
- addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
- if (addr == MAP_FAILED)
- {
- DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno));
- close(fd);
- return FALSE;
- }
- src = chunk_create(addr, sb.st_size);
- while (fetchline(&src, &line))
+ while (fetchline(src, &line))
{
char *name, *path;
chunk_t token;
@@ -201,8 +187,7 @@ static bool load_imcvs_from_config(char *filename, bool is_imc)
break;
}
}
- munmap(addr, sb.st_size);
- close(fd);
+ chunk_unmap(src);
return success;
}
@@ -266,10 +251,9 @@ bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature,
{
load_imcvs_from_config(
lib->settings->get_str(lib->settings,
- "libtnccs.tnc_config", "/etc/tnc_config"),
+ "%s.tnc.tnc_config", "/etc/tnc_config", lib->ns),
is_imc);
}
}
return TRUE;
}
-
diff --git a/src/libtncif/Android.mk b/src/libtncif/Android.mk
index 13ce6e11a..36d3f4c33 100644
--- a/src/libtncif/Android.mk
+++ b/src/libtncif/Android.mk
@@ -13,7 +13,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libtncif_la_SOURCES))
# build libtncif ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index b8c83491f..66ac31127 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -182,8 +182,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -251,6 +249,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -339,12 +342,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -359,6 +366,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 244df091f..08033c461 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -234,8 +234,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -303,6 +301,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -391,12 +394,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -411,6 +418,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/manager/main.c b/src/manager/main.c
index 5c845b157..b6169082f 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -34,7 +34,7 @@ int main (int arc, char *argv[])
bool debug;
int threads, timeout;
- library_init(NULL);
+ library_init(NULL, "manager");
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "manager.load", PLUGINS)))
{
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 385bb8e70..5452a419a 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -223,8 +223,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/medsrv/main.c b/src/medsrv/main.c
index 6f08b97e5..745fcc359 100644
--- a/src/medsrv/main.c
+++ b/src/medsrv/main.c
@@ -33,7 +33,7 @@ int main(int arc, char *argv[])
char *uri;
int timeout, threads;
- library_init(NULL);
+ library_init(NULL, "medsrv");
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "medsrv.load", PLUGINS)))
{
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index e9023b820..b5e00bee6 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 7074d44be..8862e9ab0 100644
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -29,6 +29,7 @@
#include <getopt.h>
#include <ctype.h>
#include <time.h>
+#include <errno.h>
#include <library.h>
#include <utils/debug.h>
@@ -228,7 +229,7 @@ int main(int argc, char **argv)
/* initialize library */
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "openac"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -515,11 +516,18 @@ int main(int argc, char **argv)
/* write the attribute certificate to file */
if (attr_cert->get_encoding(attr_cert, CERT_ASN1_DER, &attr_chunk))
{
- if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE))
+ if (chunk_write(attr_chunk, outfile, 0022, TRUE))
{
+ DBG1(DBG_APP, " written attribute cert file '%s' (%d bytes)",
+ outfile, attr_chunk.len);
write_serial(serial);
status = 0;
}
+ else
+ {
+ DBG1(DBG_APP, " writing attribute cert file '%s' failed: %s",
+ outfile, strerror(errno));
+ }
}
}
else
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 1101366d1..461d958da 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -231,8 +231,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pki/command.c b/src/pki/command.c
index 984da59b4..b6966ee0b 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -29,7 +29,7 @@
/**
* Registered commands.
*/
-command_t cmds[MAX_COMMANDS];
+static command_t cmds[MAX_COMMANDS];
/**
* active command.
@@ -55,12 +55,12 @@ static options_t *options;
/**
* Global options used by all subcommands
*/
-static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS];
+static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS];
/**
* Global optstring used by all subcommands
*/
-static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS) * 3];
+static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS) * 3];
/**
* Build command_opts/command_optstr for the active command
@@ -140,23 +140,37 @@ void command_register(command_t command)
{
int i;
+ if (registered == MAX_COMMANDS)
+ {
+ fprintf(stderr, "unable to register command, please increase "
+ "MAX_COMMANDS\n");
+ return;
+ }
+
cmds[registered] = command;
/* append default options, but not to --help */
if (!active)
{
for (i = 0; i < countof(cmds[registered].options) - 1; i++)
{
- if (cmds[registered].options[i].name)
+ if (!cmds[registered].options[i].name)
{
- continue;
+ break;
}
+ }
+ if (i > countof(cmds[registered].options) - 3)
+ {
+ fprintf(stderr, "command '%s' registered too many options, please "
+ "increase MAX_OPTIONS\n", command.cmd);
+ }
+ else
+ {
cmds[registered].options[i++] = (command_option_t) {
"debug", 'v', 1, "set debug level, default: 1"
};
cmds[registered].options[i++] = (command_option_t) {
"options", '+', 1, "read command line options from file"
};
- break;
}
}
registered++;
@@ -260,4 +274,3 @@ int command_dispatch(int c, char *v[])
}
return command_usage(c > 1 ? "invalid operation" : NULL);
}
-
diff --git a/src/pki/command.h b/src/pki/command.h
index 1a884fb73..737f4658d 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -22,12 +22,12 @@
#define COMMAND_H_
/**
- * Maximum number of commands.
+ * Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 10
+#define MAX_COMMANDS 11
/**
- * Maximum number of options in a command (+1)
+ * Maximum number of options in a command (+3)
*/
#define MAX_OPTIONS 32
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 000f63d1a..d5c33b89f 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -14,6 +14,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -382,7 +383,12 @@ static int issue()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading certificate request failed";
+ goto end;
+ }
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
BUILD_BLOB, chunk, BUILD_END);
@@ -425,7 +431,12 @@ static int issue()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading public key failed";
+ goto end;
+ }
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -562,4 +573,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 353670e32..64bb3cc2c 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -89,7 +91,11 @@ static int keyid()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -165,4 +171,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 2261e44ff..077c1ef3e 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -22,6 +22,7 @@
#include <selectors/traffic_selector.h>
#include <time.h>
+#include <errno.h>
/**
* Print public key information
@@ -510,7 +511,11 @@ static int print()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 7f88055ef..260044c4e 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -108,7 +110,11 @@ static int pub()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading input failed: %s\n", strerror(errno));
+ return 1;
+ }
cred = lib->creds->create(lib->creds, type, subtype,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
@@ -186,4 +192,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 628463e7b..5b2c128b7 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -16,6 +16,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -118,7 +119,12 @@ static int req()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading private key failed: %s\n", strerror(errno));
+ error = "";
+ goto end;
+ }
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 6bf0b1353..c28c9c291 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -14,6 +14,7 @@
*/
#include <time.h>
+#include <errno.h>
#include "pki.h"
@@ -273,7 +274,12 @@ static int self()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "%s: ", strerror(errno));
+ error = "reading private key failed";
+ goto end;
+ }
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 96b2b5065..f30dda94d 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#include <errno.h>
+
#include "pki.h"
#include <credentials/certificates/certificate.h>
@@ -57,7 +59,11 @@ static int verify()
{
chunk_t chunk;
- chunk = chunk_from_fd(0);
+ if (!chunk_from_fd(0, &chunk))
+ {
+ fprintf(stderr, "reading certificate failed: %s\n", strerror(errno));
+ return 1;
+ }
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB, chunk, BUILD_END);
free(chunk.ptr);
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index ecba4a9b3..edbde85b5 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -170,8 +170,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -239,6 +237,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -327,12 +330,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -347,6 +354,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
index 9effd9b15..3fad1ae8a 100644
--- a/src/pki/man/pki---issue.1.in
+++ b/src/pki/man/pki---issue.1.in
@@ -1,4 +1,4 @@
-.TH "PKI \-\-ISSUE" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-ISSUE" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
diff --git a/src/pki/pki.c b/src/pki/pki.c
index ecc0702cd..eb614dd7f 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -168,7 +168,7 @@ static void remove_callback()
int main(int argc, char *argv[])
{
atexit(library_deinit);
- if (!library_init(NULL))
+ if (!library_init(NULL, "pki"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
diff --git a/src/pool/Makefile.am b/src/pool/Makefile.am
index 8b429a4ba..b8d662e57 100644
--- a/src/pool/Makefile.am
+++ b/src/pool/Makefile.am
@@ -1,3 +1,5 @@
+if USE_ATTR_SQL
+
ipsec_PROGRAMS = pool
pool_SOURCES = \
@@ -14,3 +16,8 @@ AM_CPPFLAGS = \
pool_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libhydra/libhydra.la
+
+endif USE_ATTR_SQL
+
+templatesdir = $(pkgdatadir)/templates/database/sql
+dist_templates_DATA = mysql.sql sqlite.sql
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index f8db9ae33..63489034f 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -14,6 +14,7 @@
@SET_MAKE@
+
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
@@ -78,10 +79,10 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-ipsec_PROGRAMS = pool$(EXEEXT)
+@USE_ATTR_SQL_TRUE@ipsec_PROGRAMS = pool$(EXEEXT)
subdir = src/pool
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
+ $(top_srcdir)/depcomp $(dist_templates_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -99,14 +100,16 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"
PROGRAMS = $(ipsec_PROGRAMS)
-am_pool_OBJECTS = pool.$(OBJEXT) pool_attributes.$(OBJEXT) \
- pool_usage.$(OBJEXT)
+am__pool_SOURCES_DIST = pool.c pool_attributes.c pool_attributes.h \
+ pool_usage.h pool_usage.c
+@USE_ATTR_SQL_TRUE@am_pool_OBJECTS = pool.$(OBJEXT) \
+@USE_ATTR_SQL_TRUE@ pool_attributes.$(OBJEXT) \
+@USE_ATTR_SQL_TRUE@ pool_usage.$(OBJEXT)
pool_OBJECTS = $(am_pool_OBJECTS)
-pool_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libhydra/libhydra.la
+@USE_ATTR_SQL_TRUE@pool_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \
+@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -146,12 +149,40 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(pool_SOURCES)
-DIST_SOURCES = $(pool_SOURCES)
+DIST_SOURCES = $(am__pool_SOURCES_DIST)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+DATA = $(dist_templates_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -186,8 +217,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -255,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -343,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -363,6 +401,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -373,19 +412,21 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-pool_SOURCES = \
- pool.c pool_attributes.c pool_attributes.h \
- pool_usage.h pool_usage.c
+@USE_ATTR_SQL_TRUE@pool_SOURCES = \
+@USE_ATTR_SQL_TRUE@ pool.c pool_attributes.c pool_attributes.h \
+@USE_ATTR_SQL_TRUE@ pool_usage.h pool_usage.c
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libhydra \
- -DPLUGINS=\""${pool_plugins}\""
+@USE_ATTR_SQL_TRUE@AM_CPPFLAGS = \
+@USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libstrongswan \
+@USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libhydra \
+@USE_ATTR_SQL_TRUE@ -DPLUGINS=\""${pool_plugins}\""
-pool_LDADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libhydra/libhydra.la
+@USE_ATTR_SQL_TRUE@pool_LDADD = \
+@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la
+templatesdir = $(pkgdatadir)/templates/database/sql
+dist_templates_DATA = mysql.sql sqlite.sql
all: all-am
.SUFFIXES:
@@ -513,6 +554,27 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+install-dist_templatesDATA: $(dist_templates_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+ done
+
+uninstall-dist_templatesDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -598,9 +660,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -656,7 +718,7 @@ info: info-am
info-am:
-install-data-am: install-ipsecPROGRAMS
+install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS
install-dvi: install-dvi-am
@@ -702,7 +764,7 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
.MAKE: install-am install-strip
@@ -711,17 +773,19 @@ uninstall-am: uninstall-ipsecPROGRAMS
distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
+ install-data-am install-dist_templatesDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+ tags tags-am uninstall uninstall-am \
+ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS
-pool.o : $(top_builddir)/config.status
+@USE_ATTR_SQL_TRUE@pool.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pool/mysql.sql b/src/pool/mysql.sql
new file mode 100644
index 000000000..1b437593d
--- /dev/null
+++ b/src/pool/mysql.sql
@@ -0,0 +1,281 @@
+
+DROP TABLE IF EXISTS `identities`;
+CREATE TABLE `identities` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(4) unsigned NOT NULL,
+ `data` varbinary(64) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE (`type`, `data`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_configs`;
+CREATE TABLE `child_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) collate utf8_unicode_ci NOT NULL,
+ `lifetime` mediumint(8) unsigned NOT NULL default '1500',
+ `rekeytime` mediumint(8) unsigned NOT NULL default '1200',
+ `jitter` mediumint(8) unsigned NOT NULL default '60',
+ `updown` varchar(128) collate utf8_unicode_ci default NULL,
+ `hostaccess` tinyint(1) unsigned NOT NULL default '0',
+ `mode` tinyint(4) unsigned NOT NULL default '2',
+ `start_action` tinyint(4) unsigned NOT NULL default '0',
+ `dpd_action` tinyint(4) unsigned NOT NULL default '0',
+ `close_action` tinyint(4) unsigned NOT NULL default '0',
+ `ipcomp` tinyint(4) unsigned NOT NULL default '0',
+ `reqid` mediumint(8) unsigned NOT NULL default '0',
+ PRIMARY KEY (`id`),
+ INDEX (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_config_traffic_selector`;
+CREATE TABLE `child_config_traffic_selector` (
+ `child_cfg` int(10) unsigned NOT NULL,
+ `traffic_selector` int(10) unsigned NOT NULL,
+ `kind` tinyint(3) unsigned NOT NULL,
+ INDEX (`child_cfg`, `traffic_selector`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `proposals`;
+CREATE TABLE `proposals` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `proposal` varchar(128) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `child_config_proposal`;
+CREATE TABLE `child_config_proposal` (
+ `child_cfg` int(10) unsigned NOT NULL,
+ `prio` smallint(5) unsigned NOT NULL,
+ `prop` int(10) unsigned NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `ike_configs`;
+CREATE TABLE `ike_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `certreq` tinyint(3) unsigned NOT NULL default '1',
+ `force_encap` tinyint(1) NOT NULL default '0',
+ `local` varchar(128) collate utf8_unicode_ci NOT NULL,
+ `remote` varchar(128) collate utf8_unicode_ci NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `ike_config_proposal`;
+CREATE TABLE `ike_config_proposal` (
+ `ike_cfg` int(10) unsigned NOT NULL,
+ `prio` smallint(5) unsigned NOT NULL,
+ `prop` int(10) unsigned NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `peer_configs`;
+CREATE TABLE `peer_configs` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) collate utf8_unicode_ci NOT NULL,
+ `ike_version` tinyint(3) unsigned NOT NULL default '2',
+ `ike_cfg` int(10) unsigned NOT NULL,
+ `local_id` varchar(64) collate utf8_unicode_ci NOT NULL,
+ `remote_id` varchar(64) collate utf8_unicode_ci NOT NULL,
+ `cert_policy` tinyint(3) unsigned NOT NULL default '1',
+ `uniqueid` tinyint(3) unsigned NOT NULL default '0',
+ `auth_method` tinyint(3) unsigned NOT NULL default '1',
+ `eap_type` tinyint(3) unsigned NOT NULL default '0',
+ `eap_vendor` smallint(5) unsigned NOT NULL default '0',
+ `keyingtries` tinyint(3) unsigned NOT NULL default '3',
+ `rekeytime` mediumint(8) unsigned NOT NULL default '7200',
+ `reauthtime` mediumint(8) unsigned NOT NULL default '0',
+ `jitter` mediumint(8) unsigned NOT NULL default '180',
+ `overtime` mediumint(8) unsigned NOT NULL default '300',
+ `mobike` tinyint(1) NOT NULL default '1',
+ `dpd_delay` mediumint(8) unsigned NOT NULL default '120',
+ `virtual` varchar(40) default NULL,
+ `pool` varchar(32) default NULL,
+ `mediation` tinyint(1) NOT NULL default '0',
+ `mediated_by` int(10) unsigned NOT NULL default '0',
+ `peer_id` int(10) unsigned NOT NULL default '0',
+ PRIMARY KEY (`id`),
+ INDEX (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `peer_config_child_config`;
+CREATE TABLE `peer_config_child_config` (
+ `peer_cfg` int(10) unsigned NOT NULL,
+ `child_cfg` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`peer_cfg`, `child_cfg`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS `traffic_selectors`;
+CREATE TABLE `traffic_selectors` (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL default '7',
+ `protocol` smallint(5) unsigned NOT NULL default '0',
+ `start_addr` varbinary(16) default NULL,
+ `end_addr` varbinary(16) default NULL,
+ `start_port` smallint(5) unsigned NOT NULL default '0',
+ `end_port` smallint(5) unsigned NOT NULL default '65535',
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `keytype` tinyint(3) unsigned NOT NULL,
+ `data` BLOB NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_identity;
+CREATE TABLE certificate_identity (
+ `certificate` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`certificate`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `data` BLOB NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS private_key_identity;
+CREATE TABLE private_key_identity (
+ `private_key` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`private_key`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `type` tinyint(3) unsigned NOT NULL,
+ `data` varbinary(256) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS shared_secret_identity;
+CREATE TABLE shared_secret_identity (
+ `shared_secret` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`shared_secret`, `identity`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_authorities;
+CREATE TABLE certificate_authorities (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `certificate` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS certificate_distribution_points;
+CREATE TABLE certificate_distribution_points (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `ca` int(10) unsigned NOT NULL,
+ `type` tinyint(3) unsigned NOT NULL,
+ `uri` varchar(256) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS pools;
+CREATE TABLE pools (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) NOT NULL,
+ `start` varbinary(16) NOT NULL,
+ `end` varbinary(16) NOT NULL,
+ `timeout` int(10) unsigned NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS addresses;
+CREATE TABLE addresses (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `pool` int(10) unsigned NOT NULL,
+ `address` varbinary(16) NOT NULL,
+ `identity` int(10) unsigned NOT NULL DEFAULT 0,
+ `acquired` int(10) unsigned NOT NULL DEFAULT 0,
+ `released` int(10) unsigned NOT NULL DEFAULT 1,
+ PRIMARY KEY (`id`),
+ INDEX (`pool`),
+ INDEX (`identity`),
+ INDEX (`address`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS leases;
+CREATE TABLE leases (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `address` int(10) unsigned NOT NULL,
+ `identity` int(10) unsigned NOT NULL,
+ `acquired` int(10) unsigned NOT NULL,
+ `released` int(10) unsigned DEFAULT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS attribute_pools;
+CREATE TABLE attribute_pools (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `name` varchar(32) NOT NULL,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS attributes;
+CREATE TABLE attributes (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `identity` int(10) unsigned NOT NULL default '0',
+ `pool` int(10) unsigned NOT NULL default '0',
+ `type` int(10) unsigned NOT NULL,
+ `value` varbinary(16) NOT NULL,
+ PRIMARY KEY (`id`),
+ INDEX (`identity`),
+ INDEX (`pool`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+DROP TABLE IF EXISTS ike_sas;
+CREATE TABLE ike_sas (
+ `local_spi` varbinary(8) NOT NULL,
+ `remote_spi` varbinary(8) NOT NULL,
+ `id` int(10) unsigned NOT NULL,
+ `initiator` tinyint(1) NOT NULL,
+ `local_id_type` tinyint(3) NOT NULL,
+ `local_id_data` varbinary(64) DEFAULT NULL,
+ `remote_id_type` tinyint(3) NOT NULL,
+ `remote_id_data` varbinary(64) DEFAULT NULL,
+ `host_family` tinyint(3) NOT NULL,
+ `local_host_data` varbinary(16) NOT NULL,
+ `remote_host_data` varbinary(16) NOT NULL,
+ `lastuse` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (`local_spi`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
+DROP TABLE IF EXISTS logs;
+CREATE TABLE logs (
+ `id` int(10) unsigned NOT NULL auto_increment,
+ `local_spi` varbinary(8) NOT NULL,
+ `signal` tinyint(3) NOT NULL,
+ `level` tinyint(3) NOT NULL,
+ `msg` varchar(256) NOT NULL,
+ `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+
+
diff --git a/src/pool/pool.c b/src/pool/pool.c
index 05043cd8c..265974860 100644
--- a/src/pool/pool.c
+++ b/src/pool/pool.c
@@ -1212,7 +1212,7 @@ int main(int argc, char *argv[])
atexit(library_deinit);
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "pool"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
@@ -1227,11 +1227,16 @@ int main(int argc, char *argv[])
{
exit(SS_RC_INITIALIZATION_FAILED);
}
-
- uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
+ /* TODO: make database URI or setting key configurable via command line */
+ uri = lib->settings->get_str(lib->settings,
+ "pool.database",
+ lib->settings->get_str(lib->settings,
+ "charon.plugins.attr-sql.database",
+ lib->settings->get_str(lib->settings,
+ "libhydra.plugins.attr-sql.database", NULL)));
if (!uri)
{
- fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n");
+ fprintf(stderr, "database URI pool.database not set.\n");
exit(SS_RC_INITIALIZATION_FAILED);
}
db = lib->db->create(lib->db, uri);
diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql
new file mode 100644
index 000000000..78012630b
--- /dev/null
+++ b/src/pool/sqlite.sql
@@ -0,0 +1,283 @@
+
+
+DROP TABLE IF EXISTS identities;
+CREATE TABLE identities (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL,
+ UNIQUE (type, data)
+);
+
+
+DROP TABLE IF EXISTS child_configs;
+CREATE TABLE child_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL,
+ lifetime INTEGER NOT NULL DEFAULT '1500',
+ rekeytime INTEGER NOT NULL DEFAULT '1200',
+ jitter INTEGER NOT NULL DEFAULT '60',
+ updown TEXT DEFAULT NULL,
+ hostaccess INTEGER NOT NULL DEFAULT '0',
+ mode INTEGER NOT NULL DEFAULT '2',
+ start_action INTEGER NOT NULL DEFAULT '0',
+ dpd_action INTEGER NOT NULL DEFAULT '0',
+ close_action INTEGER NOT NULL DEFAULT '0',
+ ipcomp INTEGER NOT NULL DEFAULT '0',
+ reqid INTEGER NOT NULL DEFAULT '0'
+);
+DROP INDEX IF EXISTS child_configs_name;
+CREATE INDEX child_configs_name ON child_configs (
+ name
+);
+
+
+DROP TABLE IF EXISTS child_config_traffic_selector;
+CREATE TABLE child_config_traffic_selector (
+ child_cfg INTEGER NOT NULL,
+ traffic_selector INTEGER NOT NULL,
+ kind INTEGER NOT NULL
+);
+DROP INDEX IF EXISTS child_config_traffic_selector;
+CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector (
+ child_cfg, traffic_selector
+);
+
+DROP TABLE IF EXISTS proposals;
+CREATE TABLE proposals (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ proposal TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS child_config_proposal;
+CREATE TABLE child_config_proposal (
+ child_cfg INTEGER NOT NULL,
+ prio INTEGER NOT NULL,
+ prop INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS ike_configs;
+CREATE TABLE ike_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ certreq INTEGER NOT NULL DEFAULT '1',
+ force_encap INTEGER NOT NULL DEFAULT '0',
+ local TEXT NOT NULL,
+ remote TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS ike_config_proposal;
+CREATE TABLE ike_config_proposal (
+ ike_cfg INTEGER NOT NULL,
+ prio INTEGER NOT NULL,
+ prop INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS peer_configs;
+CREATE TABLE peer_configs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL,
+ ike_version INTEGER NOT NULL DEFAULT '2',
+ ike_cfg INTEGER NOT NULL,
+ local_id TEXT NOT NULL,
+ remote_id TEXT NOT NULL,
+ cert_policy INTEGER NOT NULL DEFAULT '1',
+ uniqueid INTEGER NOT NULL DEFAULT '0',
+ auth_method INTEGER NOT NULL DEFAULT '1',
+ eap_type INTEGER NOT NULL DEFAULT '0',
+ eap_vendor INTEGER NOT NULL DEFAULT '0',
+ keyingtries INTEGER NOT NULL DEFAULT '3',
+ rekeytime INTEGER NOT NULL DEFAULT '7200',
+ reauthtime INTEGER NOT NULL DEFAULT '0',
+ jitter INTEGER NOT NULL DEFAULT '180',
+ overtime INTEGER NOT NULL DEFAULT '300',
+ mobike INTEGER NOT NULL DEFAULT '1',
+ dpd_delay INTEGER NOT NULL DEFAULT '120',
+ virtual TEXT DEFAULT NULL,
+ pool TEXT DEFAULT NULL,
+ mediation INTEGER NOT NULL DEFAULT '0',
+ mediated_by INTEGER NOT NULL DEFAULT '0',
+ peer_id INTEGER NOT NULL DEFAULT '0'
+);
+DROP INDEX IF EXISTS peer_configs_name;
+CREATE INDEX peer_configs_name ON peer_configs (
+ name
+);
+
+
+DROP TABLE IF EXISTS peer_config_child_config;
+CREATE TABLE peer_config_child_config (
+ peer_cfg INTEGER NOT NULL,
+ child_cfg INTEGER NOT NULL,
+ PRIMARY KEY (peer_cfg, child_cfg)
+);
+
+
+DROP TABLE IF EXISTS traffic_selectors;
+CREATE TABLE traffic_selectors (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL DEFAULT '7',
+ protocol INTEGER NOT NULL DEFAULT '0',
+ start_addr BLOB DEFAULT NULL,
+ end_addr BLOB DEFAULT NULL,
+ start_port INTEGER NOT NULL DEFAULT '0',
+ end_port INTEGER NOT NULL DEFAULT '65535'
+);
+
+
+DROP TABLE IF EXISTS certificates;
+CREATE TABLE certificates (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ keytype INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS certificate_identity;
+CREATE TABLE certificate_identity (
+ certificate INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (certificate, identity)
+);
+
+
+DROP TABLE IF EXISTS private_keys;
+CREATE TABLE private_keys (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS private_key_identity;
+CREATE TABLE private_key_identity (
+ private_key INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (private_key, identity)
+);
+
+
+DROP TABLE IF EXISTS shared_secrets;
+CREATE TABLE shared_secrets (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ type INTEGER NOT NULL,
+ data BLOB NOT NULL
+);
+
+
+DROP TABLE IF EXISTS shared_secret_identity;
+CREATE TABLE shared_secret_identity (
+ shared_secret INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ PRIMARY KEY (shared_secret, identity)
+);
+
+
+DROP TABLE IF EXISTS certificate_authorities;
+CREATE TABLE certificate_authorities (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ certificate INTEGER NOT NULL
+);
+
+
+DROP TABLE IF EXISTS certificate_distribution_points;
+CREATE TABLE certificate_distribution_points (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ ca INTEGER NOT NULL,
+ type INTEGER NOT NULL,
+ uri TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS pools;
+CREATE TABLE pools (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL UNIQUE,
+ start BLOB NOT NULL,
+ end BLOB NOT NULL,
+ timeout INTEGER NOT NULL
+);
+
+DROP TABLE IF EXISTS addresses;
+CREATE TABLE addresses (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ pool INTEGER NOT NULL,
+ address BLOB NOT NULL,
+ identity INTEGER NOT NULL DEFAULT 0,
+ acquired INTEGER NOT NULL DEFAULT 0,
+ released INTEGER NOT NULL DEFAULT 1
+);
+DROP INDEX IF EXISTS addresses_pool;
+CREATE INDEX addresses_pool ON addresses (
+ pool
+);
+DROP INDEX IF EXISTS addresses_address;
+CREATE INDEX addresses_address ON addresses (
+ address
+);
+DROP INDEX IF EXISTS addresses_identity;
+CREATE INDEX addresses_identity ON addresses (
+ identity
+);
+
+DROP TABLE IF EXISTS leases;
+CREATE TABLE leases (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ address INTEGER NOT NULL,
+ identity INTEGER NOT NULL,
+ acquired INTEGER NOT NULL,
+ released INTEGER NOT NULL
+);
+
+DROP TABLE IF EXISTS attribute_pools;
+CREATE TABLE attribute_pools (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ name TEXT NOT NULL
+);
+
+DROP TABLE IF EXISTS attributes;
+CREATE TABLE attributes (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ identity INTEGER NOT NULL DEFAULT 0,
+ pool INTEGER NOT NULL DEFAULT 0,
+ type INTEGER NOT NULL,
+ value BLOB NOT NULL
+);
+DROP INDEX IF EXISTS attributes_identity;
+CREATE INDEX attributes_identity ON attributes (
+ identity
+);
+DROP INDEX IF EXISTS attributes_pool;
+CREATE INDEX attributes_pool ON attributes (
+ pool
+);
+
+DROP TABLE IF EXISTS ike_sas;
+CREATE TABLE ike_sas (
+ local_spi BLOB NOT NULL PRIMARY KEY,
+ remote_spi BLOB NOT NULL,
+ id INTEGER NOT NULL,
+ initiator INTEGER NOT NULL,
+ local_id_type INTEGER NOT NULL,
+ local_id_data BLOB DEFAULT NULL,
+ remote_id_type INTEGER NOT NULL,
+ remote_id_data BLOB DEFAULT NULL,
+ host_family INTEGER NOT NULL,
+ local_host_data BLOB NOT NULL,
+ remote_host_data BLOB NOT NULL,
+ created INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+DROP TABLE IF EXISTS logs;
+CREATE TABLE logs (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ local_spi BLOB NOT NULL,
+ signal INTEGER NOT NULL,
+ level INTEGER NOT NULL,
+ msg TEXT NOT NULL,
+ time INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index b82f0f496..61dff904e 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -187,8 +187,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -256,6 +254,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -344,12 +347,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -364,6 +371,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index e7d75f078..90edb0c8e 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -166,7 +166,7 @@ static void init()
PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
- library_init(NULL);
+ library_init(NULL, "pt-tls-client");
libtnccs_init();
dbg = dbg_pt_tls;
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 39b601f8e..06354da5f 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -214,8 +214,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 1267370ba..d7abcb423 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -24,6 +24,7 @@
#include <time.h>
#include <limits.h>
#include <syslog.h>
+#include <errno.h>
#include <library.h>
#include <utils/debug.h>
@@ -486,7 +487,7 @@ int main(int argc, char **argv)
err_t ugh = NULL;
/* initialize library */
- if (!library_init(NULL))
+ if (!library_init(NULL, "scepclient"))
{
library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -975,9 +976,10 @@ int main(int argc, char **argv)
{ /* no PKCS#7 encoded CA+RA certificates, assume simple CA cert */
DBG1(DBG_APP, "unable to parse PKCS#7, assuming plain CA cert");
- if (!chunk_write(scep_response, ca_path, "ca cert", 0022, force))
+ if (!chunk_write(scep_response, ca_path, 0022, force))
{
- exit_scepclient("could not write ca cert file '%s'", ca_path);
+ exit_scepclient("could not write ca cert file '%s': %s",
+ ca_path, strerror(errno));
}
}
else
@@ -1031,10 +1033,10 @@ int main(int argc, char **argv)
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) ||
- !chunk_write(encoding, path,
- ca_cert ? "ca cert" : "ra cert", 0022, force))
+ !chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write cert file '%s'", path);
+ exit_scepclient("could not write cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
}
@@ -1149,9 +1151,10 @@ int main(int argc, char **argv)
join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs10);
- if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force))
+ if (!chunk_write(pkcs10_encoding, path, 0022, force))
{
- exit_scepclient("could not write pkcs10 file '%s'", path);
+ exit_scepclient("could not write pkcs10 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS10; /* delete PKCS10 flag */
}
@@ -1172,9 +1175,10 @@ int main(int argc, char **argv)
DBG2(DBG_APP, "building pkcs1 object:");
if (!private_key->get_encoding(private_key, PRIVKEY_ASN1_DER, &pkcs1) ||
- !chunk_write(pkcs1, path, "pkcs1", 0066, force))
+ !chunk_write(pkcs1, path, 0066, force))
{
- exit_scepclient("could not write pkcs1 file '%s'", path);
+ exit_scepclient("could not write pkcs1 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS1; /* delete PKCS1 flag */
}
@@ -1236,9 +1240,10 @@ int main(int argc, char **argv)
{
exit_scepclient("encoding certificate failed");
}
- if (!chunk_write(encoding, path, "self-signed cert", 0022, force))
+ if (!chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write self-signed cert file '%s'", path);
+ exit_scepclient("could not write self-signed cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */
@@ -1300,9 +1305,10 @@ int main(int argc, char **argv)
join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs7);
- if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force))
+ if (!chunk_write(pkcs7, path, 0022, force))
{
- exit_scepclient("could not write pkcs7 file '%s'", path);
+ exit_scepclient("could not write pkcs7 file '%s': %s",
+ path, strerror(errno));
}
filetype_out &= ~PKCS7; /* delete PKCS7 flag */
}
@@ -1460,9 +1466,10 @@ int main(int argc, char **argv)
exit_scepclient("multiple certs received, only first stored");
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) ||
- !chunk_write(encoding, path, "requested cert", 0022, force))
+ !chunk_write(encoding, path, 0022, force))
{
- exit_scepclient("could not write cert file '%s'", path);
+ exit_scepclient("could not write cert file '%s': %s",
+ path, strerror(errno));
}
chunk_free(&encoding);
stored = TRUE;
diff --git a/src/starter/Android.mk b/src/starter/Android.mk
index 91575c9ba..c2260be51 100644
--- a/src/starter/Android.mk
+++ b/src/starter/Android.mk
@@ -14,7 +14,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(starter_SOURCES))
# build starter ----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libstrongswan \
$(strongswan_PATH)/src/stroke
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 405d92a3f..7a9154d84 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -211,8 +211,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 06eb142bd..33916c95c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -419,10 +419,10 @@ int main (int argc, char **argv)
bool attach_gdb = FALSE;
bool load_warning = FALSE;
- library_init(NULL);
+ library_init(NULL, "starter");
atexit(library_deinit);
- libhydra_init("starter");
+ libhydra_init();
atexit(libhydra_deinit);
/* parse command line */
diff --git a/src/stroke/Android.mk b/src/stroke/Android.mk
index 320314c4d..2accb522d 100644
--- a/src/stroke/Android.mk
+++ b/src/stroke/Android.mk
@@ -10,7 +10,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(stroke_SOURCES))
# build stroke -----------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(libvstr_PATH) \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 8e6ebd572..0b285285b 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -186,8 +186,6 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
@@ -255,6 +253,11 @@ PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
@@ -343,12 +346,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
pki_plugins = @pki_plugins@
plugindir = @plugindir@
pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
@@ -363,6 +370,7 @@ soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 75f014516..69c8ea2a4 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -480,7 +480,7 @@ int main(int argc, char *argv[])
const stroke_token_t *token;
int res = 0;
- library_init(NULL);
+ library_init(NULL, "stroke");
atexit(library_deinit);
if (argc < 2)
diff --git a/src/strongswan.conf b/src/strongswan.conf
deleted file mode 100644
index 0d82dedfa..000000000
--- a/src/strongswan.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# strongswan.conf - strongSwan configuration file
-
-charon {
-
- # number of worker threads in charon
- threads = 16
-
- # send strongswan vendor ID?
- # send_vendor_id = yes
-
- plugins {
-
- sql {
- # loglevel to log into sql database
- loglevel = -1
-
- # URI to the database
- # database = sqlite:///path/to/file.db
- # database = mysql://user:password@localhost/database
- }
- }
-
- # ...
-}
-
-pluto {
-
-}
-
-libstrongswan {
-
- # set to no, the DH exponent size is optimized
- # dh_exponent_ansi_x9_42 = no
-}