summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/_updown/_updown.in31
-rw-r--r--src/charon-cmd/charon-cmd.c12
-rw-r--r--src/charon-nm/charon-nm.c10
-rw-r--r--src/charon-systemd/charon-systemd.c10
-rw-r--r--src/charon-tkm/src/charon-tkm.c14
-rw-r--r--src/charon-tkm/src/tkm/tkm_kernel_ipsec.c7
-rw-r--r--src/charon-tkm/src/tkm/tkm_spi_generator.c98
-rw-r--r--src/charon-tkm/src/tkm/tkm_spi_generator.h36
-rw-r--r--src/charon/charon.c11
-rw-r--r--src/conftest/conftest.c10
-rw-r--r--src/include/Makefile.am2
-rw-r--r--src/include/Makefile.in2
-rw-r--r--src/include/linux/socket.h21
-rw-r--r--src/ipsec/_ipsec.82
-rw-r--r--src/ipsec/_ipsec.in4
-rw-r--r--src/libcharon/Android.mk1
-rw-r--r--src/libcharon/bus/listeners/file_logger.c32
-rw-r--r--src/libcharon/bus/listeners/file_logger.h7
-rw-r--r--src/libcharon/config/peer_cfg.c2
-rw-r--r--src/libcharon/daemon.c46
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c115
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_provider.c32
-rw-r--r--src/libcharon/plugins/error_notify/error_notify_listener.c2
-rw-r--r--src/libcharon/plugins/ha/ha_child.c2
-rw-r--r--src/libcharon/plugins/ha/ha_dispatcher.c2
-rw-r--r--src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c7
-rw-r--r--src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c9
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_ipsec.c5
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c281
-rw-r--r--src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c94
-rw-r--r--src/libcharon/plugins/stroke/stroke_config.c6
-rw-r--r--src/libcharon/plugins/stroke/stroke_control.c71
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c6
-rw-r--r--src/libcharon/plugins/vici/README.md21
-rw-r--r--src/libcharon/plugins/vici/vici_attribute.c28
-rw-r--r--src/libcharon/plugins/vici/vici_cred.c12
-rw-r--r--src/libcharon/plugins/vici/vici_query.c47
-rw-r--r--src/libcharon/processing/jobs/initiate_mediation_job.c4
-rw-r--r--src/libcharon/sa/child_sa.c178
-rw-r--r--src/libcharon/sa/ike_sa_manager.c84
-rw-r--r--src/libcharon/sa/ike_sa_manager.h21
-rw-r--r--src/libcharon/sa/ikev1/keymat_v1.c20
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c110
-rw-r--r--src/libcharon/sa/ikev1/tasks/mode_config.c4
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_delete.c4
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c6
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c10
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c1
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c4
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_delete.c4
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c6
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_natd.c28
-rw-r--r--src/libcharon/sa/shunt_manager.c66
-rw-r--r--src/libcharon/sa/trap_manager.c2
-rw-r--r--src/libfast/fast_dispatcher.c3
-rw-r--r--src/libhydra/Android.mk1
-rw-r--r--src/libhydra/kernel/kernel_interface.c27
-rw-r--r--src/libhydra/kernel/kernel_interface.h53
-rw-r--r--src/libhydra/kernel/kernel_ipsec.c7
-rw-r--r--src/libhydra/kernel/kernel_ipsec.h23
-rw-r--r--src/libhydra/kernel/kernel_net.c7
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c81
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c19
-rw-r--r--src/libimcv/imv/data.sql48
-rw-r--r--src/libipsec/Android.mk1
-rw-r--r--src/libipsec/esp_context.c14
-rw-r--r--src/libstrongswan/Android.mk4
-rw-r--r--src/libstrongswan/Makefile.am14
-rw-r--r--src/libstrongswan/Makefile.in257
-rw-r--r--src/libstrongswan/asn1/oid.c511
-rw-r--r--src/libstrongswan/asn1/oid.h201
-rw-r--r--src/libstrongswan/asn1/oid.txt17
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c6
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c64
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h20
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c75
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h4
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen.c5
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_null.c63
-rw-r--r--src/libstrongswan/crypto/iv/iv_gen_null.h32
-rw-r--r--src/libstrongswan/plugins/bliss/bliss_plugin.c24
-rw-r--r--src/libstrongswan/plugins/bliss/bliss_private_key.c12
-rw-r--r--src/libstrongswan/plugins/bliss/bliss_public_key.c12
-rw-r--r--src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c10
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c6
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c1
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c1
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c1
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c1
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.c1
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c17
-rw-r--r--src/libstrongswan/plugins/random/random_rng.c1
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c2
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.in774
-rw-r--r--src/libstrongswan/plugins/sha3/sha3_hasher.c527
-rw-r--r--src/libstrongswan/plugins/sha3/sha3_hasher.h48
-rw-r--r--src/libstrongswan/plugins/sha3/sha3_plugin.c79
-rw-r--r--src/libstrongswan/plugins/sha3/sha3_plugin.h42
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am1
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h24
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c328
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c4
-rw-r--r--src/libstrongswan/selectors/traffic_selector.c9
-rw-r--r--src/libstrongswan/settings/settings.c25
-rw-r--r--src/libstrongswan/settings/settings.h9
-rw-r--r--src/libstrongswan/tests/suites/test_hasher.c137
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c1
-rw-r--r--src/libstrongswan/tests/suites/test_settings.c24
-rw-r--r--src/libstrongswan/tests/suites/test_traffic_selector.c6
-rw-r--r--src/libstrongswan/tests/suites/test_utils.c6
-rw-r--r--src/libstrongswan/utils/compat/android.h (renamed from src/libstrongswan/AndroidConfigLocal.h)13
-rw-r--r--src/libstrongswan/utils/compat/windows.h5
-rw-r--r--src/libstrongswan/utils/utils.c25
-rw-r--r--src/libstrongswan/utils/utils.h19
-rw-r--r--src/libtnccs/plugins/tnc_imc/tnc_imc.c8
-rw-r--r--src/libtnccs/plugins/tnc_imv/tnc_imv.c8
-rw-r--r--src/medsrv/Makefile.am4
-rw-r--r--src/medsrv/Makefile.in4
-rw-r--r--src/medsrv/templates/peer/add.cs2
-rw-r--r--src/medsrv/templates/peer/edit.cs2
-rw-r--r--src/medsrv/templates/static/mootools.js341
-rw-r--r--src/medsrv/templates/static/script.js13
-rw-r--r--src/medsrv/templates/static/style.css28
-rw-r--r--src/medsrv/templates/user/add.cs2
-rw-r--r--src/medsrv/templates/user/login.cs2
-rw-r--r--src/pki/commands/acert.c3
-rw-r--r--src/pki/commands/issue.c3
-rw-r--r--src/pki/commands/req.c3
-rw-r--r--src/pki/commands/self.c3
-rw-r--r--src/pki/commands/signcrl.c2
-rw-r--r--src/scepclient/scepclient.89
-rw-r--r--src/swanctl/commands/list_pools.c32
-rw-r--r--src/swanctl/commands/list_sas.c12
135 files changed, 4353 insertions, 1557 deletions
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index 6e7abca09..e549e9597 100644
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -427,6 +427,14 @@ up-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed)
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection setup
if [ $VPN_LOGGING ]
then
@@ -451,6 +459,13 @@ down-host-v6:iptables)
-s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec host connection teardown
if [ $VPN_LOGGING ]
then
@@ -490,6 +505,15 @@ up-client-v6:iptables)
-d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # allow IP6IP6 traffic because of the implicit SA created by the kernel if
+ # IPComp is used (for small inbound packets that are not compressed).
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection setup
if [ $VPN_LOGGING ]
then
@@ -533,6 +557,13 @@ down-client-v6:iptables)
$IPSEC_POLICY_OUT -j ACCEPT
fi
#
+ # IP6IP6 exception teardown
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+ ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
# log IPsec client connection teardown
if [ $VPN_LOGGING ]
then
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index 6f2b6f178..b8f943f51 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -17,14 +17,13 @@
*/
#include <stdio.h>
-#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
#include <signal.h>
-#undef _POSIX_PTHREAD_SEMANTICS
#include <pthread.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <unistd.h>
#include <getopt.h>
+#include <errno.h>
#include <library.h>
#include <hydra.h>
@@ -112,12 +111,11 @@ static int run()
while (TRUE)
{
int sig;
- int error;
- error = sigwait(&set, &sig);
- if (error)
+ sig = sigwaitinfo(&set, NULL);
+ if (sig == -1)
{
- DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
return 1;
}
switch (sig)
@@ -382,7 +380,7 @@ int main(int argc, char *argv[])
lib->plugins->status(lib->plugins, LEVEL_CTRL);
/* add handler for SEGV and ILL,
- * INT, TERM and HUP are handled by sigwait() in run() */
+ * INT, TERM and HUP are handled by sigwaitinfo() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 80551f853..1773e7c39 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -18,6 +18,7 @@
#include <signal.h>
#include <sys/types.h>
#include <unistd.h>
+#include <errno.h>
#include <hydra.h>
#include <daemon.h>
@@ -80,12 +81,11 @@ static void run()
while (TRUE)
{
int sig;
- int error;
- error = sigwait(&set, &sig);
- if (error)
+ sig = sigwaitinfo(&set, NULL);
+ if (sig == -1)
{
- DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
return;
}
switch (sig)
@@ -237,7 +237,7 @@ int main(int argc, char *argv[])
}
/* add handler for SEGV and ILL,
- * INT and TERM are handled by sigwait() in run() */
+ * INT and TERM are handled by sigwaitinfo() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index e391a5397..f302d4527 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -249,12 +249,12 @@ static int run()
while (TRUE)
{
- int sig, error;
+ int sig;
- error = sigwait(&set, &sig);
- if (error)
+ sig = sigwaitinfo(&set, NULL);
+ if (sig == -1)
{
- DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(error));
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
return SS_RC_INITIALIZATION_FAILED;
}
switch (sig)
@@ -393,7 +393,7 @@ int main(int argc, char *argv[])
}
/* add handler for SEGV and ILL,
- * INT, TERM and HUP are handled by sigwait() in run() */
+ * INT, TERM and HUP are handled by sigwaitinfo() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 7c60f0ca8..52d82f3ad 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -24,6 +24,7 @@
#include <sys/types.h>
#include <unistd.h>
#include <libgen.h>
+#include <errno.h>
#include <hydra.h>
#include <daemon.h>
@@ -42,6 +43,7 @@
#include "tkm_public_key.h"
#include "tkm_cred.h"
#include "tkm_encoder.h"
+#include "tkm_spi_generator.h"
/**
* TKM bus listener for IKE authorize events.
@@ -98,12 +100,11 @@ static void run()
while (TRUE)
{
int sig;
- int error;
- error = sigwait(&set, &sig);
- if (error)
+ sig = sigwaitinfo(&set, NULL);
+ if (sig == -1)
{
- DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
return;
}
switch (sig)
@@ -298,6 +299,9 @@ int main(int argc, char *argv[])
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+ PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "tkm-spi-generator"),
+ PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
countof(features), TRUE, NULL, NULL);
@@ -358,7 +362,7 @@ int main(int argc, char *argv[])
lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode);
/* add handler for SEGV and ILL,
- * INT and TERM are handled by sigwait() in run() */
+ * INT and TERM are handled by sigwaitinfo() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index 7a0672aa8..2d22fbdc3 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -281,9 +281,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
- mark_t mark, policy_priority_t prio)
+ private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
+ mark_t mark, policy_priority_t priority)
{
return SUCCESS;
}
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c
new file mode 100644
index 000000000..eff0ca91e
--- /dev/null
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2015 Reto Buerki
+ * Copyright (C) 2015 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <inttypes.h>
+#include <library.h>
+#include <daemon.h>
+
+#include "tkm_spi_generator.h"
+
+/**
+ * Get SPI callback arguments
+ */
+typedef struct {
+ rng_t *rng;
+ u_int64_t spi_mask;
+ u_int64_t spi_label;
+} get_spi_args_t;
+
+static get_spi_args_t *spi_args;
+
+/**
+ * Callback called to generate an IKE SPI.
+ *
+ * @param this Callback args containing rng_t and spi mask & label
+ * @return labeled SPI
+ */
+CALLBACK(tkm_get_spi, u_int64_t,
+ const get_spi_args_t const *this)
+{
+ u_int64_t spi;
+
+ if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
+ {
+ return 0;
+ }
+
+ return (spi & ~this->spi_mask) | this->spi_label;
+}
+
+bool tkm_spi_generator_register(plugin_t *plugin,
+ plugin_feature_t *feature,
+ bool reg, void *cb_data)
+{
+ u_int64_t spi_mask, spi_label;
+ char *spi_val;
+ rng_t *rng;
+
+ if (reg)
+ {
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!rng)
+ {
+ return FALSE;
+ }
+
+ spi_val = lib->settings->get_str(lib->settings, "%s.spi_mask", NULL,
+ lib->ns);
+ spi_mask = settings_value_as_uint64(spi_val, 0);
+
+ spi_val = lib->settings->get_str(lib->settings, "%s.spi_label", NULL,
+ lib->ns);
+ spi_label = settings_value_as_uint64(spi_val, 0);
+
+ INIT(spi_args,
+ .rng = rng,
+ .spi_mask = spi_mask,
+ .spi_label = spi_label,
+ );
+
+ charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager,
+ tkm_get_spi, spi_args);
+ DBG1(DBG_IKE, "using SPI label 0x%.16"PRIx64" and mask 0x%.16"PRIx64,
+ spi_label, spi_mask);
+ }
+ else
+ {
+ if (spi_args)
+ {
+ DESTROY_IF(spi_args->rng);
+ free(spi_args);
+ }
+ }
+
+ return TRUE;
+}
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.h b/src/charon-tkm/src/tkm/tkm_spi_generator.h
new file mode 100644
index 000000000..5f9ff03c6
--- /dev/null
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2015 Reto Buerki
+ * Copyright (C) 2015 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tkm-spi-generator spi generator
+ * @{ @ingroup tkm
+ */
+
+#ifndef TKM_SPI_GENERATOR_H_
+#define TKM_SPI_GENERATOR_H_
+
+#include <plugins/plugin.h>
+
+/**
+ * Register the TKM SPI generator callback.
+ *
+ * @return TRUE on success
+ */
+bool tkm_spi_generator_register(plugin_t *plugin,
+ plugin_feature_t *feature,
+ bool reg, void *cb_data);
+
+#endif /** TKM_SPI_GENERATOR_H_ @}*/
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 081e49490..f03b6e1ba 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -17,9 +17,7 @@
*/
#include <stdio.h>
-#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
#include <signal.h>
-#undef _POSIX_PTHREAD_SEMANTICS
#include <pthread.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -110,12 +108,11 @@ static void run()
while (TRUE)
{
int sig;
- int error;
- error = sigwait(&set, &sig);
- if (error)
+ sig = sigwaitinfo(&set, NULL);
+ if (sig == -1)
{
- DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
return;
}
switch (sig)
@@ -434,7 +431,7 @@ int main(int argc, char *argv[])
}
/* add handler for SEGV and ILL,
- * INT, TERM and HUP are handled by sigwait() in run() */
+ * INT, TERM and HUP are handled by sigwaitinfo() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index 584a2698a..9348b64e1 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -382,15 +382,17 @@ static void load_log_levels(file_logger_t *logger, char *section)
*/
static void load_logger_options(file_logger_t *logger, char *section)
{
- bool ike_name;
char *time_format;
+ bool add_ms, ike_name;
time_format = conftest->test->get_str(conftest->test,
"log.%s.time_format", NULL, section);
+ add_ms = conftest->test->get_bool(conftest->test,
+ "log.%s.time_add_ms", FALSE, section);
ike_name = conftest->test->get_bool(conftest->test,
"log.%s.ike_name", FALSE, section);
- logger->set_options(logger, time_format, ike_name);
+ logger->set_options(logger, time_format, add_ms, ike_name);
}
/**
@@ -463,7 +465,7 @@ int main(int argc, char *argv[])
lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
logger = file_logger_create("stdout");
- logger->set_options(logger, NULL, FALSE);
+ logger->set_options(logger, NULL, FALSE, FALSE);
logger->open(logger, FALSE, FALSE);
logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
charon->bus->add_logger(charon->bus, &logger->logger);
@@ -563,7 +565,7 @@ int main(int argc, char *argv[])
sigaddset(&set, SIGTERM);
sigprocmask(SIG_BLOCK, &set, NULL);
- while (sigwait(&set, &sig) == 0)
+ while ((sig = sigwaitinfo(&set, NULL)) != -1)
{
switch (sig)
{
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 0284c094a..8e6db88a4 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -1,2 +1,2 @@
EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
- linux/pfkeyv2.h linux/udp.h linux/xfrm.h sys/queue.h
+ linux/pfkeyv2.h linux/udp.h linux/socket.h linux/xfrm.h sys/queue.h
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index e2c3cd0c3..5740544ca 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -343,7 +343,7 @@ urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
- linux/pfkeyv2.h linux/udp.h linux/xfrm.h sys/queue.h
+ linux/pfkeyv2.h linux/udp.h linux/socket.h linux/xfrm.h sys/queue.h
all: all-am
diff --git a/src/include/linux/socket.h b/src/include/linux/socket.h
new file mode 100644
index 000000000..76ab0c685
--- /dev/null
+++ b/src/include/linux/socket.h
@@ -0,0 +1,21 @@
+#ifndef _UAPI_LINUX_SOCKET_H
+#define _UAPI_LINUX_SOCKET_H
+
+/*
+ * Desired design of maximum size and alignment (see RFC2553)
+ */
+#define _K_SS_MAXSIZE 128 /* Implementation specific max size */
+#define _K_SS_ALIGNSIZE (__alignof__ (struct sockaddr *))
+ /* Implementation specific desired alignment */
+
+typedef unsigned short __kernel_sa_family_t;
+
+struct __kernel_sockaddr_storage {
+ __kernel_sa_family_t ss_family; /* address family */
+ /* Following field(s) are implementation specific */
+ char __data[_K_SS_MAXSIZE - sizeof(unsigned short)];
+ /* space to achieve desired size, */
+ /* _SS_MAXSIZE value minus size of ss_family */
+} __attribute__ ((aligned(_K_SS_ALIGNSIZE))); /* force desired alignment */
+
+#endif /* _UAPI_LINUX_SOCKET_H */
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 9795451e8..bc7b633b0 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.3.3dr5" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.3.4dr1" "strongSwan"
.
.SH NAME
.
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index 0798830cf..89c7ef753 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -256,10 +256,10 @@ stop)
if [ -n "$spid" ]
then
kill $spid 2>/dev/null
- loop=11
+ loop=110
while [ $loop -gt 0 ] ; do
kill -0 $spid 2>/dev/null || break
- sleep 1
+ sleep 0.1
loop=$(($loop - 1))
done
if [ $loop -eq 0 ]
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index 5eef6fdc6..10085794b 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -228,7 +228,6 @@ endif
# build libcharon --------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libhydra \
$(strongswan_PATH)/src/libstrongswan
diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index e3661bde6..7a53e9338 100644
--- a/src/libcharon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -65,6 +65,11 @@ struct private_file_logger_t {
char *time_format;
/**
+ * Add milliseconds after the time string
+ */
+ bool add_ms;
+
+ /**
* Print the name/# of the IKE_SA?
*/
bool ike_name;
@@ -87,7 +92,9 @@ METHOD(logger_t, log_, void,
char timestr[128], namestr[128] = "";
const char *current = message, *next;
struct tm tm;
- time_t t;
+ timeval_t tv;
+ time_t s;
+ u_int ms = 0;
this->lock->read_lock(this->lock);
if (!this->out)
@@ -97,8 +104,10 @@ METHOD(logger_t, log_, void,
}
if (this->time_format)
{
- t = time(NULL);
- localtime_r(&t, &tm);
+ gettimeofday(&tv, NULL);
+ s = tv.tv_sec;
+ ms = tv.tv_usec / 1000;
+ localtime_r(&s, &tm);
strftime(timestr, sizeof(timestr), this->time_format, &tm);
}
if (this->ike_name && ike_sa)
@@ -126,8 +135,16 @@ METHOD(logger_t, log_, void,
next = strchr(current, '\n');
if (this->time_format)
{
- fprintf(this->out, "%s %.2d[%N]%s ",
- timestr, thread, debug_names, group, namestr);
+ if (this->add_ms)
+ {
+ fprintf(this->out, "%s.%03u %.2d[%N]%s ",
+ timestr, ms, thread, debug_names, group, namestr);
+ }
+ else
+ {
+ fprintf(this->out, "%s %.2d[%N]%s ",
+ timestr, thread, debug_names, group, namestr);
+ }
}
else
{
@@ -182,11 +199,12 @@ METHOD(file_logger_t, set_level, void,
}
METHOD(file_logger_t, set_options, void,
- private_file_logger_t *this, char *time_format, bool ike_name)
+ private_file_logger_t *this, char *time_format, bool add_ms, bool ike_name)
{
this->lock->write_lock(this->lock);
free(this->time_format);
this->time_format = strdupnull(time_format);
+ this->add_ms = add_ms;
this->ike_name = ike_name;
this->lock->unlock(this->lock);
}
diff --git a/src/libcharon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h
index 9e5aed50b..1bcfec150 100644
--- a/src/libcharon/bus/listeners/file_logger.h
+++ b/src/libcharon/bus/listeners/file_logger.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -48,9 +48,12 @@ struct file_logger_t {
* Set options used by this logger
*
* @param time_format format of timestamp prefix, as in strftime(), cloned
+ * @param add_ms TRUE to add the number of milliseconds within the
+ * current second after the timestamp
* @param ike_name TRUE to prefix the name of the IKE_SA
*/
- void (*set_options) (file_logger_t *this, char *time_format, bool ike_name);
+ void (*set_options) (file_logger_t *this, char *time_format, bool add_ms,
+ bool ike_name);
/**
* Open (or reopen) the log file according to the given parameters
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index ce9301006..aa2a39ce5 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -302,7 +302,7 @@ METHOD(peer_cfg_t, select_child_cfg, child_cfg_t*,
enumerator_t *enumerator;
int best = 0;
- DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts);
+ DBG2(DBG_CFG, "looking for a child config for %#R === %#R", my_ts, other_ts);
enumerator = create_child_cfg_enumerator(this);
while (enumerator->enumerate(enumerator, &current))
{
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index 316be7611..dce2a7144 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -324,11 +324,13 @@ static void load_file_logger(private_daemon_t *this, char *filename,
file_logger_t *file_logger;
debug_t group;
level_t def;
- bool ike_name, flush_line, append;
+ bool add_ms, ike_name, flush_line, append;
char *time_format;
time_format = lib->settings->get_str(lib->settings,
"%s.filelog.%s.time_format", NULL, lib->ns, filename);
+ add_ms = lib->settings->get_bool(lib->settings,
+ "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename);
ike_name = lib->settings->get_bool(lib->settings,
"%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
flush_line = lib->settings->get_bool(lib->settings,
@@ -337,7 +339,7 @@ static void load_file_logger(private_daemon_t *this, char *filename,
"%s.filelog.%s.append", TRUE, lib->ns, filename);
file_logger = add_file_logger(this, filename, current_loggers);
- file_logger->set_options(file_logger, time_format, ike_name);
+ file_logger->set_options(file_logger, time_format, add_ms, ike_name);
file_logger->open(file_logger, flush_line, append);
def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
@@ -486,8 +488,6 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->kernel_handler);
DESTROY_IF(this->public.traps);
DESTROY_IF(this->public.shunts);
- DESTROY_IF(this->public.child_sa_manager);
- DESTROY_IF(this->public.ike_sa_manager);
DESTROY_IF(this->public.controller);
DESTROY_IF(this->public.eap);
DESTROY_IF(this->public.xauth);
@@ -560,7 +560,6 @@ METHOD(daemon_t, start, void,
run_scripts(this, "start");
}
-
/**
* Initialize/deinitialize sender and receiver
*/
@@ -584,12 +583,36 @@ static bool sender_receiver_cb(void *plugin, plugin_feature_t *feature,
return TRUE;
}
+/**
+ * Initialize/deinitialize IKE_SA/CHILD_SA managers
+ */
+static bool sa_managers_cb(void *plugin, plugin_feature_t *feature,
+ bool reg, private_daemon_t *this)
+{
+ if (reg)
+ {
+ this->public.ike_sa_manager = ike_sa_manager_create();
+ if (!this->public.ike_sa_manager)
+ {
+ return FALSE;
+ }
+ this->public.child_sa_manager = child_sa_manager_create();
+ }
+ else
+ {
+ DESTROY_IF(this->public.ike_sa_manager);
+ DESTROY_IF(this->public.child_sa_manager);
+ }
+ return TRUE;
+}
+
METHOD(daemon_t, initialize, bool,
private_daemon_t *this, char *plugins)
{
plugin_feature_t features[] = {
PLUGIN_PROVIDE(CUSTOM, "libcharon"),
PLUGIN_DEPENDS(NONCE_GEN),
+ PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"),
PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"),
PLUGIN_DEPENDS(CUSTOM, "kernel-ipsec"),
PLUGIN_DEPENDS(CUSTOM, "kernel-net"),
@@ -598,6 +621,10 @@ METHOD(daemon_t, initialize, bool,
PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_DEPENDS(CUSTOM, "socket"),
+ PLUGIN_CALLBACK((plugin_feature_callback_t)sa_managers_cb, this),
+ PLUGIN_PROVIDE(CUSTOM, "libcharon-sa-managers"),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
};
lib->plugins->add_static_features(lib->plugins, lib->ns, features,
countof(features), TRUE, NULL, NULL);
@@ -608,13 +635,6 @@ METHOD(daemon_t, initialize, bool,
return FALSE;
}
- this->public.ike_sa_manager = ike_sa_manager_create();
- if (this->public.ike_sa_manager == NULL)
- {
- return FALSE;
- }
- this->public.child_sa_manager = child_sa_manager_create();
-
/* Queue start_action job */
lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create());
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index f7f39f984..16978f486 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2009-2015 Tobias Brunner
* Copyright (C) 2010 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -81,6 +81,21 @@ struct private_eap_mschapv2_t
* Number of retries
*/
int retries;
+
+ /**
+ * Provide EAP-Identity
+ */
+ auth_cfg_t *auth;
+
+ /**
+ * Current state
+ */
+ enum {
+ S_EXPECT_CHALLENGE,
+ S_EXPECT_RESPONSE,
+ S_EXPECT_SUCCESS,
+ S_DONE,
+ } state;
};
/**
@@ -628,6 +643,7 @@ METHOD(eap_method_t, initiate_server, status_t,
memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1);
*out = eap_payload_create_data(chunk_create((void*) eap, len));
+ this->state = S_EXPECT_RESPONSE;
return NEED_MORE;
}
@@ -747,6 +763,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
memcpy(res->name, userid.ptr, userid.len);
*out = eap_payload_create_data(chunk_create((void*) eap, len));
+ this->state = S_EXPECT_SUCCESS;
return NEED_MORE;
}
@@ -829,6 +846,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
*out = eap_payload_create_data(chunk_create((void*) eap, len));
status = NEED_MORE;
+ this->state = S_DONE;
error:
chunk_free(&auth_string);
@@ -922,6 +940,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
*/
status = FAILED;
+ this->state = S_DONE;
error:
chunk_free(&challenge);
@@ -946,26 +965,38 @@ METHOD(eap_method_t, process_peer, status_t,
eap = (eap_mschapv2_header_t*)data.ptr;
+ switch (this->state)
+ {
+ case S_EXPECT_CHALLENGE:
+ if (eap->opcode == MSCHAPV2_CHALLENGE)
+ {
+ return process_peer_challenge(this, in, out);
+ }
+ break;
+ case S_EXPECT_SUCCESS:
+ switch (eap->opcode)
+ {
+ case MSCHAPV2_SUCCESS:
+ return process_peer_success(this, in, out);
+ case MSCHAPV2_FAILURE:
+ return process_peer_failure(this, in, out);
+ }
+ break;
+ default:
+ break;
+ }
switch (eap->opcode)
{
case MSCHAPV2_CHALLENGE:
- {
- return process_peer_challenge(this, in, out);
- }
case MSCHAPV2_SUCCESS:
- {
- return process_peer_success(this, in, out);
- }
case MSCHAPV2_FAILURE:
- {
- return process_peer_failure(this, in, out);
- }
+ DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with "
+ "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
+ break;
default:
- {
DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported "
"OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
break;
- }
}
return FAILED;
}
@@ -1027,6 +1058,8 @@ static status_t process_server_retry(private_eap_mschapv2_t *this,
/* delay the response for some time to make brute-force attacks harder */
sleep(RETRY_DELAY);
+ /* since the error is retryable the state does not change, we still
+ * expect an MSCHAPV2_RESPONSE from the peer */
return NEED_MORE;
}
@@ -1058,7 +1091,10 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255);
snprintf(buf, sizeof(buf), "%.*s", name_len, res->name);
userid = identification_create_from_string(buf);
- DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid);
+ if (!userid->equals(userid, this->peer))
+ {
+ DBG1(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid);
+ }
/* userid can only be destroyed after the last use of username */
username = extract_username(userid->get_encoding(userid));
@@ -1084,7 +1120,6 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
chunk_clear(&nt_hash);
return FAILED;
}
- userid->destroy(userid);
chunk_clear(&nt_hash);
if (memeq_const(res->response.nt_response, this->nt_response.ptr,
@@ -1109,9 +1144,12 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
chunk_free(&hex);
memcpy(eap->data, msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE));
*out = eap_payload_create_data(chunk_create((void*) eap, len));
+
+ this->auth->add(this->auth, AUTH_RULE_EAP_IDENTITY, userid);
+ this->state = S_EXPECT_SUCCESS;
return NEED_MORE;
}
-
+ userid->destroy(userid);
return process_server_retry(this, out);
}
@@ -1137,26 +1175,39 @@ METHOD(eap_method_t, process_server, status_t,
eap = (eap_mschapv2_header_t*)data.ptr;
+ switch (this->state)
+ {
+ case S_EXPECT_RESPONSE:
+ if (eap->opcode == MSCHAPV2_RESPONSE)
+ {
+ return process_server_response(this, in, out);
+ }
+ break;
+ case S_EXPECT_SUCCESS:
+ if (eap->opcode == MSCHAPV2_SUCCESS &&
+ this->msk.ptr)
+ {
+ return SUCCESS;
+ }
+ break;
+ default:
+ break;
+ }
switch (eap->opcode)
{
- case MSCHAPV2_RESPONSE:
- {
- return process_server_response(this, in, out);
- }
- case MSCHAPV2_SUCCESS:
- {
- return SUCCESS;
- }
case MSCHAPV2_FAILURE:
- {
+ /* the client may abort the authentication by sending us a failure
+ * in any state */
return FAILED;
- }
+ case MSCHAPV2_RESPONSE:
+ case MSCHAPV2_SUCCESS:
+ DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with "
+ "OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
+ break;
default:
- {
DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported "
"OpCode (%N)!", mschapv2_opcode_names, eap->opcode);
break;
- }
}
return FAILED;
}
@@ -1197,11 +1248,18 @@ METHOD(eap_method_t, is_mutual, bool,
return FALSE;
}
+METHOD(eap_method_t, get_auth, auth_cfg_t*,
+ private_eap_mschapv2_t *this)
+{
+ return this->auth;
+}
+
METHOD(eap_method_t, destroy, void,
private_eap_mschapv2_t *this)
{
this->peer->destroy(this->peer);
this->server->destroy(this->server);
+ this->auth->destroy(this->auth);
chunk_free(&this->challenge);
chunk_free(&this->nt_response);
chunk_free(&this->auth_response);
@@ -1224,11 +1282,14 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser
.get_msk = _get_msk,
.get_identifier = _get_identifier,
.set_identifier = _set_identifier,
+ .get_auth = _get_auth,
.destroy = _destroy,
},
},
.peer = peer->clone(peer),
.server = server->clone(server),
+ .auth = auth_cfg_create(),
+ .state = S_EXPECT_CHALLENGE,
);
return this;
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
index 0cf723711..0f207fbe6 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
@@ -178,18 +178,38 @@ static void add_addr(private_eap_radius_provider_t *this,
* Remove the next address from the locked hashtable stored for given id
*/
static host_t* remove_addr(private_eap_radius_provider_t *this,
- hashtable_t *hashtable, uintptr_t id)
+ hashtable_t *hashtable, uintptr_t id, host_t *addr)
{
+ enumerator_t *enumerator;
entry_t *entry;
- host_t *addr = NULL;
+ host_t *found = NULL, *current;
entry = hashtable->remove(hashtable, (void*)id);
if (entry)
{
- entry->addrs->remove_first(entry->addrs, (void**)&addr);
+ enumerator = entry->addrs->create_enumerator(entry->addrs);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (addr->ip_equals(addr, current))
+ { /* prefer an exact match */
+ entry->addrs->remove_at(entry->addrs, enumerator);
+ enumerator->destroy(enumerator);
+ put_or_destroy_entry(hashtable, entry);
+ return current;
+ }
+ if (!found && addr->get_family(addr) == current->get_family(current))
+ { /* fallback to the first IP with a matching address family */
+ found = current;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (found)
+ {
+ entry->addrs->remove(entry->addrs, found, NULL);
+ }
put_or_destroy_entry(hashtable, entry);
}
- return addr;
+ return found;
}
/**
@@ -326,7 +346,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
if (streq(name, "radius"))
{
this->listener.mutex->lock(this->listener.mutex);
- addr = remove_addr(this, this->listener.unclaimed, sa);
+ addr = remove_addr(this, this->listener.unclaimed, sa, requested);
if (addr)
{
add_addr(this, this->listener.claimed, sa, addr->clone(addr));
@@ -357,7 +377,7 @@ METHOD(attribute_provider_t, release_address, bool,
if (streq(name, "radius"))
{
this->listener.mutex->lock(this->listener.mutex);
- found = remove_addr(this, this->listener.claimed, sa);
+ found = remove_addr(this, this->listener.claimed, sa, address);
this->listener.mutex->unlock(this->listener.mutex);
break;
}
diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c
index f7a1f49ec..ce577c62c 100644
--- a/src/libcharon/plugins/error_notify/error_notify_listener.c
+++ b/src/libcharon/plugins/error_notify/error_notify_listener.c
@@ -110,7 +110,7 @@ METHOD(listener_t, alert, bool,
list = va_arg(args, linked_list_t*);
list2 = va_arg(args, linked_list_t*);
snprintf(msg.str, sizeof(msg.str), "the received traffic selectors "
- "did not match: %#R=== %#R", list, list2);
+ "did not match: %#R === %#R", list, list2);
break;
case ALERT_INSTALL_CHILD_SA_FAILED:
msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED);
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c
index 17f2d50d1..dbb6adc8f 100644
--- a/src/libcharon/plugins/ha/ha_child.c
+++ b/src/libcharon/plugins/ha/ha_child.c
@@ -126,7 +126,7 @@ METHOD(listener_t, child_keys, bool,
ike_sa->get_my_host(ike_sa), child_sa->get_spi(child_sa, TRUE));
seg_o = this->kernel->get_segment_spi(this->kernel,
ike_sa->get_other_host(ike_sa), child_sa->get_spi(child_sa, FALSE));
- DBG1(DBG_CFG, "handling HA CHILD_SA %s{%d} %#R=== %#R "
+ DBG1(DBG_CFG, "handling HA CHILD_SA %s{%d} %#R === %#R "
"(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa),
child_sa->get_unique_id(child_sa), local_ts, remote_ts,
seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "",
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index afa099309..07ef607c6 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -848,7 +848,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
seg_o = this->kernel->get_segment_spi(this->kernel,
ike_sa->get_other_host(ike_sa), outbound_spi);
- DBG1(DBG_CFG, "installed HA CHILD_SA %s{%d} %#R=== %#R "
+ DBG1(DBG_CFG, "installed HA CHILD_SA %s{%d} %#R === %#R "
"(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa),
child_sa->get_unique_id(child_sa), local_ts, remote_ts,
seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "",
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index 6246dc505..d738e6d13 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -563,15 +563,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t priority)
{
policy_entry_t *policy, *found = NULL;
status_t status;
status = ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts,
- direction, reqid, mark, priority);
+ direction, sa->reqid, mark, priority);
policy = create_policy_entry(src_ts, dst_ts, direction);
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index b38ded846..95f79f168 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -2456,15 +2456,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t priority)
{
if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED)
{
- if (remove_trap(this, reqid, FALSE, src_ts, dst_ts))
+ if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts))
{
- remove_trap(this, reqid, TRUE, src_ts, dst_ts);
+ remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts);
return SUCCESS;
}
return NOT_FOUND;
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 62d43e302..6a86bb899 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -103,8 +103,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_load_tester_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t priority)
{
return SUCCESS;
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index dbfddbb81..13bf3e775 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -148,6 +148,91 @@ struct private_socket_default_socket_t {
u_int rr_counter;
};
+/**
+ * Get the destination IPv4 address of a received packet, depending on the
+ * available mechanism.
+ */
+#ifdef IP_PKTINFO
+
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+{
+ struct sockaddr_in dst = {
+ .sin_family = AF_INET,
+ .sin_port = htons(port),
+ };
+ struct in_pktinfo *pktinfo;
+ struct in_addr *addr;
+
+ if (cmsgptr->cmsg_type == IP_PKTINFO)
+ {
+ pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
+ addr = &pktinfo->ipi_addr;
+ memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
+ return host_create_from_sockaddr((sockaddr_t*)&dst);
+ }
+ return NULL;
+}
+
+#elif defined(IP_RECVDSTADDR)
+
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+{
+ struct sockaddr_in dst = {
+ .sin_family = AF_INET,
+ .sin_port = htons(port),
+ };
+ struct in_addr *addr;
+
+ if (cmsgptr->cmsg_type == IP_RECVDSTADDR)
+ {
+ addr = (struct in_addr*)CMSG_DATA(cmsgptr);
+ memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
+ return host_create_from_sockaddr((sockaddr_t*)&dst);
+ }
+ return NULL;
+}
+
+#else /* IP_PKTINFO || IP_RECVDSTADDR */
+
+static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port)
+{
+ return NULL;
+}
+
+#endif /* IP_PKTINFO || IP_RECVDSTADDR */
+
+/**
+ * Get the destination IPv6 address of a received packet, depending on the
+ * available mechanism.
+ */
+#ifdef HAVE_IN6_PKTINFO
+
+static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port)
+{
+ struct in6_pktinfo *pktinfo;
+ struct sockaddr_in6 dst = {
+ .sin6_family = AF_INET6,
+ .sin6_port = htons(port),
+ };
+
+ if (cmsgptr->cmsg_type == IPV6_PKTINFO)
+ {
+ pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
+ memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
+ return host_create_from_sockaddr((sockaddr_t*)&dst);
+ }
+ return NULL;
+}
+
+#else /* HAVE_IN6_PKTINFO */
+
+static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port)
+{
+ return NULL;
+}
+
+#endif /* HAVE_IN6_PKTINFO */
+
METHOD(socket_t, receiver, status_t,
private_socket_default_socket_t *this, packet_t **packet)
{
@@ -233,48 +318,13 @@ METHOD(socket_t, receiver, status_t,
DBG1(DBG_NET, "error reading ancillary data");
return FAILED;
}
-
-#ifdef HAVE_IN6_PKTINFO
- if (cmsgptr->cmsg_level == SOL_IPV6 &&
- cmsgptr->cmsg_type == IPV6_PKTINFO)
+ if (cmsgptr->cmsg_level == SOL_IP)
{
- struct in6_pktinfo *pktinfo;
- pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
- struct sockaddr_in6 dst;
-
- memset(&dst, 0, sizeof(dst));
- memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
- dst.sin6_family = AF_INET6;
- dst.sin6_port = htons(port);
- dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+ dest = get_dst_v4(cmsgptr, port);
}
-#endif /* HAVE_IN6_PKTINFO */
- if (cmsgptr->cmsg_level == SOL_IP &&
-#ifdef IP_PKTINFO
- cmsgptr->cmsg_type == IP_PKTINFO
-#elif defined(IP_RECVDSTADDR)
- cmsgptr->cmsg_type == IP_RECVDSTADDR
-#else
- FALSE
-#endif
- )
+ else if (cmsgptr->cmsg_level == SOL_IPV6)
{
- struct in_addr *addr;
- struct sockaddr_in dst;
-
-#ifdef IP_PKTINFO
- struct in_pktinfo *pktinfo;
- pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
- addr = &pktinfo->ipi_addr;
-#elif defined(IP_RECVDSTADDR)
- addr = (struct in_addr*)CMSG_DATA(cmsgptr);
-#endif
- memset(&dst, 0, sizeof(dst));
- memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr));
-
- dst.sin_family = AF_INET;
- dst.sin_port = htons(port);
- dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+ dest = get_dst_v6(cmsgptr, port);
}
if (dest)
{
@@ -305,6 +355,107 @@ METHOD(socket_t, receiver, status_t,
return SUCCESS;
}
+/**
+ * Generic function to send a message.
+ */
+static ssize_t send_msg_generic(int skt, struct msghdr *msg)
+{
+ return sendmsg(skt, msg, 0);
+}
+
+/**
+ * Send a message with the IPv4 source address set, if possible.
+ */
+#ifdef IP_PKTINFO
+
+static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src)
+{
+ char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {};
+ struct cmsghdr *cmsg;
+ struct in_addr *addr;
+ struct in_pktinfo *pktinfo;
+ struct sockaddr_in *sin;
+
+ msg->msg_control = buf;
+ msg->msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(msg);
+ cmsg->cmsg_level = SOL_IP;
+ cmsg->cmsg_type = IP_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+
+ pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
+ addr = &pktinfo->ipi_spec_dst;
+
+ sin = (struct sockaddr_in*)src->get_sockaddr(src);
+ memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+ return send_msg_generic(skt, msg);
+}
+
+#elif defined(IP_SENDSRCADDR)
+
+static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src)
+{
+ char buf[CMSG_SPACE(sizeof(struct in_addr))] = {};
+ struct cmsghdr *cmsg;
+ struct in_addr *addr;
+ struct sockaddr_in *sin;
+
+ msg->msg_control = buf;
+ msg->msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(msg);
+ cmsg->cmsg_level = SOL_IP;
+ cmsg->cmsg_type = IP_SENDSRCADDR;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
+
+ addr = (struct in_addr*)CMSG_DATA(cmsg);
+
+ sin = (struct sockaddr_in*)src->get_sockaddr(src);
+ memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+ return send_msg_generic(skt, msg);
+}
+
+#else /* IP_PKTINFO || IP_RECVDSTADDR */
+
+static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src)
+{
+ return send_msg_generic(skt, msg);
+}
+
+#endif /* IP_PKTINFO || IP_RECVDSTADDR */
+
+/**
+ * Send a message with the IPv6 source address set, if possible.
+ */
+#ifdef HAVE_IN6_PKTINFO
+
+static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src)
+{
+ char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {};
+ struct cmsghdr *cmsg;
+ struct in6_pktinfo *pktinfo;
+ struct sockaddr_in6 *sin;
+
+ msg->msg_control = buf;
+ msg->msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(msg);
+ cmsg->cmsg_level = SOL_IPV6;
+ cmsg->cmsg_type = IPV6_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+ pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
+ sin = (struct sockaddr_in6*)src->get_sockaddr(src);
+ memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+ return send_msg_generic(skt, msg);
+}
+
+#else /* HAVE_IN6_PKTINFO */
+
+static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src)
+{
+ return send_msg_generic(skt, msg);
+}
+
+#endif /* HAVE_IN6_PKTINFO */
+
METHOD(socket_t, sender, status_t,
private_socket_default_socket_t *this, packet_t *packet)
{
@@ -313,7 +464,6 @@ METHOD(socket_t, sender, status_t,
chunk_t data;
host_t *src, *dst;
struct msghdr msg;
- struct cmsghdr *cmsg;
struct iovec iov;
u_int8_t *dscp;
@@ -415,56 +565,17 @@ METHOD(socket_t, sender, status_t,
{
if (family == AF_INET)
{
-#if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
- struct in_addr *addr;
- struct sockaddr_in *sin;
-#ifdef IP_PKTINFO
- char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
- struct in_pktinfo *pktinfo;
-#elif defined(IP_SENDSRCADDR)
- char buf[CMSG_SPACE(sizeof(struct in_addr))];
-#endif
- memset(buf, 0, sizeof(buf));
- msg.msg_control = buf;
- msg.msg_controllen = sizeof(buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_IP;
-#ifdef IP_PKTINFO
- cmsg->cmsg_type = IP_PKTINFO;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
- pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
- addr = &pktinfo->ipi_spec_dst;
-#elif defined(IP_SENDSRCADDR)
- cmsg->cmsg_type = IP_SENDSRCADDR;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
- addr = (struct in_addr*)CMSG_DATA(cmsg);
-#endif
- sin = (struct sockaddr_in*)src->get_sockaddr(src);
- memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
-#endif /* IP_PKTINFO || IP_SENDSRCADDR */
+ bytes_sent = send_msg_v4(skt, &msg, src);
}
-#ifdef HAVE_IN6_PKTINFO
else
{
- char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
- struct in6_pktinfo *pktinfo;
- struct sockaddr_in6 *sin;
-
- memset(buf, 0, sizeof(buf));
- msg.msg_control = buf;
- msg.msg_controllen = sizeof(buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_IPV6;
- cmsg->cmsg_type = IPV6_PKTINFO;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
- pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
- sin = (struct sockaddr_in6*)src->get_sockaddr(src);
- memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+ bytes_sent = send_msg_v6(skt, &msg, src);
}
-#endif /* HAVE_IN6_PKTINFO */
}
-
- bytes_sent = sendmsg(skt, &msg, 0);
+ else
+ {
+ bytes_sent = send_msg_generic(skt, &msg);
+ }
if (bytes_sent != data.len)
{
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index b82a69e1b..a032134c3 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -527,6 +527,62 @@ static dynsock_t *find_socket(private_socket_dynamic_socket_t *this,
return skt;
}
+/**
+ * Generic function to send a message.
+ */
+static ssize_t send_msg_generic(int skt, struct msghdr *msg)
+{
+ return sendmsg(skt, msg, 0);
+}
+
+/**
+ * Send a message with the IPv4 source address set.
+ */
+static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src)
+{
+ char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {};
+ struct cmsghdr *cmsg;
+ struct in_addr *addr;
+ struct in_pktinfo *pktinfo;
+ struct sockaddr_in *sin;
+
+ msg->msg_control = buf;
+ msg->msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(msg);
+ cmsg->cmsg_level = SOL_IP;
+ cmsg->cmsg_type = IP_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+
+ pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
+ addr = &pktinfo->ipi_spec_dst;
+
+ sin = (struct sockaddr_in*)src->get_sockaddr(src);
+ memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+ return send_msg_generic(skt, msg);
+}
+
+/**
+ * Send a message with the IPv6 source address set.
+ */
+static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src)
+{
+ char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {};
+ struct cmsghdr *cmsg;
+ struct in6_pktinfo *pktinfo;
+ struct sockaddr_in6 *sin;
+
+ msg->msg_control = buf;
+ msg->msg_controllen = sizeof(buf);
+ cmsg = CMSG_FIRSTHDR(msg);
+ cmsg->cmsg_level = SOL_IPV6;
+ cmsg->cmsg_type = IPV6_PKTINFO;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+ pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
+ sin = (struct sockaddr_in6*)src->get_sockaddr(src);
+ memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+ return send_msg_generic(skt, msg);
+}
+
METHOD(socket_t, sender, status_t,
private_socket_dynamic_socket_t *this, packet_t *packet)
{
@@ -536,7 +592,6 @@ METHOD(socket_t, sender, status_t,
ssize_t len;
chunk_t data;
struct msghdr msg;
- struct cmsghdr *cmsg;
struct iovec iov;
src = packet->get_source(packet);
@@ -564,43 +619,18 @@ METHOD(socket_t, sender, status_t,
{
if (family == AF_INET)
{
- struct in_addr *addr;
- struct sockaddr_in *sin;
- char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
- struct in_pktinfo *pktinfo;
-
- memset(buf, 0, sizeof(buf));
- msg.msg_control = buf;
- msg.msg_controllen = sizeof(buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_IP;
- cmsg->cmsg_type = IP_PKTINFO;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
- pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
- addr = &pktinfo->ipi_spec_dst;
- sin = (struct sockaddr_in*)src->get_sockaddr(src);
- memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+ len = send_msg_v4(skt->fd, &msg, src);
}
else
{
- char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
- struct in6_pktinfo *pktinfo;
- struct sockaddr_in6 *sin;
-
- memset(buf, 0, sizeof(buf));
- msg.msg_control = buf;
- msg.msg_controllen = sizeof(buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_IPV6;
- cmsg->cmsg_type = IPV6_PKTINFO;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
- pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
- sin = (struct sockaddr_in6*)src->get_sockaddr(src);
- memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+ len = send_msg_v6(skt->fd, &msg, src);
}
}
+ else
+ {
+ len = send_msg_generic(skt->fd, &msg);
+ }
- len = sendmsg(skt->fd, &msg, 0);
if (len != data.len)
{
DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index f71719458..68cf83089 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -346,9 +346,9 @@ static void parse_pubkey_constraints(char *auth, auth_cfg_t *cfg)
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
- { "sha256", SIGN_BLISS_WITH_SHA256, KEY_BLISS, },
- { "sha384", SIGN_BLISS_WITH_SHA384, KEY_BLISS, },
- { "sha512", SIGN_BLISS_WITH_SHA512, KEY_BLISS, },
+ { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
+ { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
+ { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
};
if (rsa_len || ecdsa_len || bliss_strength)
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 0125d17c6..5a1a5074d 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2015 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -298,6 +298,41 @@ static void report_terminate_status(private_stroke_control_t *this,
}
}
+/**
+ * Call the charon controller to terminate a CHILD_SA
+ */
+static void charon_terminate(private_stroke_control_t *this, u_int32_t id,
+ stroke_msg_t *msg, FILE *out, bool child)
+{
+ if (msg->output_verbosity >= 0)
+ {
+ stroke_log_info_t info = { msg->output_verbosity, out };
+ status_t status;
+
+ if (child)
+ {
+ status = charon->controller->terminate_child(charon->controller, id,
+ (controller_cb_t)stroke_log, &info, this->timeout);
+ }
+ else
+ {
+ status = charon->controller->terminate_ike(charon->controller, id,
+ (controller_cb_t)stroke_log, &info, this->timeout);
+ }
+ report_terminate_status(this, status, out, id, child);
+ }
+ else if (child)
+ {
+ charon->controller->terminate_child(charon->controller, id,
+ NULL, NULL, 0);
+ }
+ else
+ {
+ charon->controller->terminate_ike(charon->controller, id,
+ NULL, NULL, 0);
+ }
+}
+
METHOD(stroke_control_t, terminate, void,
private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
{
@@ -307,9 +342,7 @@ METHOD(stroke_control_t, terminate, void,
ike_sa_t *ike_sa;
enumerator_t *enumerator;
linked_list_t *ike_list, *child_list;
- stroke_log_info_t info;
uintptr_t del;
- status_t status;
if (!parse_specifier(msg->terminate.name, &id, &name, &child, &all))
{
@@ -317,22 +350,9 @@ METHOD(stroke_control_t, terminate, void,
return;
}
- info.out = out;
- info.level = msg->output_verbosity;
-
if (id)
{
- if (child)
- {
- status = charon->controller->terminate_child(charon->controller, id,
- (controller_cb_t)stroke_log, &info, this->timeout);
- }
- else
- {
- status = charon->controller->terminate_ike(charon->controller, id,
- (controller_cb_t)stroke_log, &info, this->timeout);
- }
- return report_terminate_status(this, status, out, id, child);
+ return charon_terminate(this, id, msg, out, child);
}
ike_list = linked_list_create();
@@ -380,18 +400,14 @@ METHOD(stroke_control_t, terminate, void,
enumerator = child_list->create_enumerator(child_list);
while (enumerator->enumerate(enumerator, &del))
{
- status = charon->controller->terminate_child(charon->controller, del,
- (controller_cb_t)stroke_log, &info, this->timeout);
- report_terminate_status(this, status, out, del, TRUE);
+ charon_terminate(this, del, msg, out, TRUE);
}
enumerator->destroy(enumerator);
enumerator = ike_list->create_enumerator(ike_list);
while (enumerator->enumerate(enumerator, &del))
{
- status = charon->controller->terminate_ike(charon->controller, del,
- (controller_cb_t)stroke_log, &info, this->timeout);
- report_terminate_status(this, status, out, del, FALSE);
+ charon_terminate(this, del, msg, out, FALSE);
}
enumerator->destroy(enumerator);
@@ -548,11 +564,6 @@ METHOD(stroke_control_t, purge_ike, void,
child_sa_t *child_sa;
linked_list_t *list;
uintptr_t del;
- stroke_log_info_t info;
- status_t status;
-
- info.out = out;
- info.level = msg->output_verbosity;
list = linked_list_create();
enumerator = charon->controller->create_ike_sa_enumerator(
@@ -572,9 +583,7 @@ METHOD(stroke_control_t, purge_ike, void,
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &del))
{
- status = charon->controller->terminate_ike(charon->controller, del,
- (controller_cb_t)stroke_log, &info, this->timeout);
- report_terminate_status(this, status, out, del, TRUE);
+ charon_terminate(this, del, msg, out, FALSE);
}
enumerator->destroy(enumerator);
list->destroy(list);
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index c7e4c9c65..c0192b5c0 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -334,7 +334,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all)
child_sa->create_ts_enumerator(child_sa, TRUE));
other_ts = linked_list_create_from_enumerator(
child_sa->create_ts_enumerator(child_sa, FALSE));
- fprintf(out, "\n%12s{%d}: %#R=== %#R\n",
+ fprintf(out, "\n%12s{%d}: %#R === %#R\n",
child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
my_ts, other_ts);
my_ts->destroy(my_ts);
@@ -586,7 +586,7 @@ METHOD(stroke_list_t, status, void,
{
my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
- fprintf(out, "%12s: child: %#R=== %#R%N",
+ fprintf(out, "%12s: child: %#R === %#R %N",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
@@ -620,7 +620,7 @@ METHOD(stroke_list_t, status, void,
}
my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
- fprintf(out, "%12s: %#R=== %#R%N\n",
+ fprintf(out, "%12s: %#R === %#R %N\n",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index e20e8ab26..b9531d8a5 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -526,12 +526,21 @@ Unloading fails for pools with leases currently online.
List the currently loaded pools.
- {} => {
+ {
+ leases = <set to yes to include leases>
+ } => {
<pool name>* = {
base = <virtual IP pool base address>
size = <total number of addresses in the pool>
online = <number of leases online>
offline = <number of leases offline>
+ leases = {
+ <zero-based index>* = {
+ address = <IP address>
+ identity = <assigned identity>
+ status = <online|offline>
+ }
+ }
}
}
@@ -587,6 +596,10 @@ command.
initiator = <yes, if initiator of IKE_SA>
initiator-spi = <hex encoded initiator SPI / cookie>
responder-spi = <hex encoded responder SPI / cookie>
+ nat-local = <yes, if local endpoint is behind a NAT>
+ nat-remote = <yes, if remote endpoint is behind a NAT>
+ nat-fake = <yes, if NAT situation has been faked as responder>
+ nat-any = <yes, if any endpoint is behind a NAT (also if faked)>
encr-alg = <IKE encryption algorithm string>
encr-keysize = <key size for encr-alg, if applicable>
integ-alg = <IKE integrity algorithm string>
@@ -596,6 +609,12 @@ command.
established = <seconds the IKE_SA has been established>
rekey-time = <seconds before IKE_SA gets rekeyed>
reauth-time = <seconds before IKE_SA gets re-authenticated>
+ local-vips = [
+ <list of virtual IPs assigned by the remote peer, installed locally>
+ ]
+ remote-vips = [
+ <list of virtual IPs assigned to the remote peer>
+ ]
tasks-queued = [
<list of currently queued tasks for execution>
]
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index f04bae774..9064d3d8c 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2015 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
@@ -662,9 +662,16 @@ CALLBACK(get_pools, vici_message_t*,
vici_message_t *message)
{
vici_builder_t *builder;
- enumerator_t *enumerator;
+ enumerator_t *enumerator, *leases;
mem_pool_t *vips;
pool_t *pool;
+ identification_t *uid;
+ host_t *lease;
+ bool list_leases, on;
+ char buf[32];
+ int i;
+
+ list_leases = message->get_bool(message, FALSE, "leases");
builder = vici_builder_create();
@@ -681,6 +688,23 @@ CALLBACK(get_pools, vici_message_t*,
builder->add_kv(builder, "online", "%u", vips->get_online(vips));
builder->add_kv(builder, "offline", "%u", vips->get_offline(vips));
+ if (list_leases)
+ {
+ i = 0;
+ builder->begin_section(builder, "leases");
+ leases = vips->create_lease_enumerator(vips);
+ while (leases && leases->enumerate(leases, &uid, &lease, &on))
+ {
+ snprintf(buf, sizeof(buf), "%d", i++);
+ builder->begin_section(builder, buf);
+ builder->add_kv(builder, "address", "%H", lease);
+ builder->add_kv(builder, "identity", "%Y", uid);
+ builder->add_kv(builder, "status", on ? "online" : "offline");
+ builder->end_section(builder);
+ }
+ leases->destroy(leases);
+ builder->end_section(builder);
+ }
builder->end_section(builder);
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index ffdc034ea..6631184b5 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -71,6 +71,7 @@ CALLBACK(load_cert, vici_message_t*,
certificate_t *cert;
x509_t *x509;
chunk_t data;
+ bool trusted = TRUE;
char *str;
str = message->get_str(message, NULL, "type");
@@ -99,6 +100,7 @@ CALLBACK(load_cert, vici_message_t*,
else if (strcaseeq(str, "x509ac"))
{
type = CERT_X509_AC;
+ trusted = FALSE;
}
else
{
@@ -131,8 +133,14 @@ CALLBACK(load_cert, vici_message_t*,
DBG1(DBG_CFG, "loaded certificate '%Y'", cert->get_subject(cert));
- this->creds->add_cert(this->creds, TRUE, cert);
-
+ if (type == CERT_X509_CRL)
+ {
+ this->creds->add_crl(this->creds, (crl_t*)cert);
+ }
+ else
+ {
+ this->creds->add_cert(this->creds, trusted, cert);
+ }
return create_reply(NULL);
}
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 98d264fca..9a3d832da 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -222,6 +222,45 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b,
}
/**
+ * Add an IKE_SA condition to the given builder
+ */
+static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa,
+ char *key, ike_condition_t cond)
+{
+ if (ike_sa->has_condition(ike_sa, cond))
+ {
+ b->add_kv(b, key, "yes");
+ }
+}
+
+/**
+ * List virtual IPs
+ */
+static void list_vips(private_vici_query_t *this, vici_builder_t *b,
+ ike_sa_t *ike_sa, bool local, char *name)
+{
+ enumerator_t *enumerator;
+ bool has = FALSE;
+ host_t *vip;
+
+ enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local);
+ while (enumerator->enumerate(enumerator, &vip))
+ {
+ if (!has)
+ {
+ b->begin_list(b, name);
+ has = TRUE;
+ }
+ b->add_li(b, "%H", vip);
+ }
+ enumerator->destroy(enumerator);
+ if (has)
+ {
+ b->end_list(b);
+ }
+}
+
+/**
* List details of an IKE_SA
*/
static void list_ike(private_vici_query_t *this, vici_builder_t *b,
@@ -265,6 +304,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id));
b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id));
+ add_condition(b, ike_sa, "nat-local", COND_NAT_HERE);
+ add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE);
+ add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE);
+ add_condition(b, ike_sa, "nat-any", COND_NAT_ANY);
+
proposal = ike_sa->get_proposal(ike_sa);
if (proposal)
{
@@ -310,6 +354,9 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
}
}
+ list_vips(this, b, ike_sa, TRUE, "local-vips");
+ list_vips(this, b, ike_sa, FALSE, "remote-vips");
+
list_task_queue(this, b, ike_sa, TASK_QUEUE_QUEUED, "tasks-queued");
list_task_queue(this, b, ike_sa, TASK_QUEUE_ACTIVE, "tasks-active");
list_task_queue(this, b, ike_sa, TASK_QUEUE_PASSIVE, "tasks-passive");
diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
index 5b5fb9d98..6c01ffe95 100644
--- a/src/libcharon/processing/jobs/initiate_mediation_job.c
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
@@ -161,6 +161,10 @@ METHOD(job_t, initiate, job_requeue_t,
}
mediated_cfg->destroy(mediated_cfg);
}
+ else
+ { /* newly created IKE_SA is not checked in yet, try again */
+ return JOB_RESCHEDULE_MS(100);
+ }
return JOB_REQUEUE_NONE;
}
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 73f2ec9d3..b0f163c83 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -413,8 +413,14 @@ METHOD(enumerator_t, policy_enumerate, bool,
{ /* protocol mismatch */
continue;
}
- *my_out = this->ts;
- *other_out = other_ts;
+ if (my_out)
+ {
+ *my_out = this->ts;
+ }
+ if (other_out)
+ {
+ *other_out = other_ts;
+ }
return TRUE;
}
return FALSE;
@@ -775,6 +781,50 @@ static bool require_policy_update()
}
/**
+ * Prepare SA config to install/delete policies
+ */
+static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa,
+ ipsec_sa_cfg_t *other_sa)
+{
+ enumerator_t *enumerator;
+
+ *my_sa = (ipsec_sa_cfg_t){
+ .mode = this->mode,
+ .reqid = this->reqid,
+ .ipcomp = {
+ .transform = this->ipcomp,
+ },
+ };
+ *other_sa = *my_sa;
+
+ my_sa->ipcomp.cpi = this->my_cpi;
+ other_sa->ipcomp.cpi = this->other_cpi;
+
+ if (this->protocol == PROTO_ESP)
+ {
+ my_sa->esp.use = TRUE;
+ my_sa->esp.spi = this->my_spi;
+ other_sa->esp.use = TRUE;
+ other_sa->esp.spi = this->other_spi;
+ }
+ else
+ {
+ my_sa->ah.use = TRUE;
+ my_sa->ah.spi = this->my_spi;
+ other_sa->ah.use = TRUE;
+ other_sa->ah.spi = this->other_spi;
+ }
+
+ enumerator = create_policy_enumerator(this);
+ while (enumerator->enumerate(enumerator, NULL, NULL))
+ {
+ my_sa->policy_count++;
+ other_sa->policy_count++;
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
* Install 3 policies: out, in and forward
*/
static status_t install_policies_internal(private_child_sa_t *this,
@@ -806,20 +856,22 @@ static status_t install_policies_internal(private_child_sa_t *this,
* Delete 3 policies: out, in and forward
*/
static void del_policies_internal(private_child_sa_t *this,
- traffic_selector_t *my_ts, traffic_selector_t *other_ts,
- policy_priority_t priority)
+ host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts,
+ traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa,
+ ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority)
{
+
hydra->kernel_interface->del_policy(hydra->kernel_interface,
- my_ts, other_ts, POLICY_OUT, this->reqid,
- this->mark_out, priority);
+ my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type,
+ other_sa, this->mark_out, priority);
hydra->kernel_interface->del_policy(hydra->kernel_interface,
- other_ts, my_ts, POLICY_IN, this->reqid,
- this->mark_in, priority);
+ other_addr, my_addr, other_ts, my_ts, POLICY_IN,
+ type, my_sa, this->mark_in, priority);
if (this->mode != MODE_TRANSPORT)
{
hydra->kernel_interface->del_policy(hydra->kernel_interface,
- other_ts, my_ts, POLICY_FWD, this->reqid,
- this->mark_in, priority);
+ other_addr, my_addr, other_ts, my_ts, POLICY_FWD,
+ type, my_sa, this->mark_in, priority);
}
}
@@ -864,31 +916,9 @@ METHOD(child_sa_t, add_policies, status_t,
if (this->config->install_policy(this->config))
{
policy_priority_t priority;
- ipsec_sa_cfg_t my_sa = {
- .mode = this->mode,
- .reqid = this->reqid,
- .ipcomp = {
- .transform = this->ipcomp,
- },
- }, other_sa = my_sa;
-
- my_sa.ipcomp.cpi = this->my_cpi;
- other_sa.ipcomp.cpi = this->other_cpi;
-
- if (this->protocol == PROTO_ESP)
- {
- my_sa.esp.use = TRUE;
- my_sa.esp.spi = this->my_spi;
- other_sa.esp.use = TRUE;
- other_sa.esp.spi = this->other_spi;
- }
- else
- {
- my_sa.ah.use = TRUE;
- my_sa.ah.spi = this->my_spi;
- other_sa.ah.use = TRUE;
- other_sa.ah.spi = this->other_spi;
- }
+ ipsec_sa_cfg_t my_sa, other_sa;
+
+ prepare_sa_cfg(this, &my_sa, &other_sa);
/* if we're not in state CHILD_INSTALLING (i.e. if there is no SAD
* entry) we install a trap policy */
@@ -896,14 +926,6 @@ METHOD(child_sa_t, add_policies, status_t,
priority = this->trap ? POLICY_PRIORITY_ROUTED
: POLICY_PRIORITY_DEFAULT;
- enumerator = create_policy_enumerator(this);
- while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
- {
- my_sa.policy_count++;
- other_sa.policy_count++;
- }
- enumerator->destroy(enumerator);
-
/* enumerate pairs of traffic selectors */
enumerator = create_policy_enumerator(this);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
@@ -1006,47 +1028,24 @@ METHOD(child_sa_t, update, status_t,
if (this->config->install_policy(this->config) && require_policy_update())
{
- ipsec_sa_cfg_t my_sa = {
- .mode = this->mode,
- .reqid = this->reqid,
- .ipcomp = {
- .transform = this->ipcomp,
- },
- }, other_sa = my_sa;
-
- my_sa.ipcomp.cpi = this->my_cpi;
- other_sa.ipcomp.cpi = this->other_cpi;
-
- if (this->protocol == PROTO_ESP)
- {
- my_sa.esp.use = TRUE;
- my_sa.esp.spi = this->my_spi;
- other_sa.esp.use = TRUE;
- other_sa.esp.spi = this->other_spi;
- }
- else
- {
- my_sa.ah.use = TRUE;
- my_sa.ah.spi = this->my_spi;
- other_sa.ah.use = TRUE;
- other_sa.ah.spi = this->other_spi;
- }
-
- /* update policies */
if (!me->ip_equals(me, this->my_addr) ||
!other->ip_equals(other, this->other_addr))
{
+ ipsec_sa_cfg_t my_sa, other_sa;
enumerator_t *enumerator;
traffic_selector_t *my_ts, *other_ts;
+ prepare_sa_cfg(this, &my_sa, &other_sa);
+
/* always use high priorities, as hosts getting updated are INSTALLED */
enumerator = create_policy_enumerator(this);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL;
/* remove old policies first */
- del_policies_internal(this, my_ts, other_ts,
- POLICY_PRIORITY_DEFAULT);
+ del_policies_internal(this, this->my_addr, this->other_addr,
+ my_ts, other_ts, &my_sa, &other_sa,
+ POLICY_IPSEC, POLICY_PRIORITY_DEFAULT);
/* check if we have to update a "dynamic" traffic selector */
if (!me->ip_equals(me, this->my_addr) &&
@@ -1068,21 +1067,20 @@ METHOD(child_sa_t, update, status_t,
/* reinstall updated policies */
install_policies_internal(this, me, other, my_ts, other_ts,
- &my_sa, &other_sa, POLICY_IPSEC,
- POLICY_PRIORITY_DEFAULT);
+ &my_sa, &other_sa, POLICY_IPSEC,
+ POLICY_PRIORITY_DEFAULT);
/* update fallback policies after the new policy is in place */
- if (old_my_ts || old_other_ts)
- {
- del_policies_internal(this, old_my_ts ?: my_ts,
- old_other_ts ?: other_ts,
+ del_policies_internal(this, this->my_addr, this->other_addr,
+ old_my_ts ?: my_ts,
+ old_other_ts ?: other_ts,
+ &my_sa, &other_sa, POLICY_DROP,
+ POLICY_PRIORITY_FALLBACK);
+ install_policies_internal(this, me, other, my_ts, other_ts,
+ &my_sa, &other_sa, POLICY_DROP,
POLICY_PRIORITY_FALLBACK);
- install_policies_internal(this, me, other, my_ts, other_ts,
- &my_sa, &other_sa, POLICY_DROP,
- POLICY_PRIORITY_FALLBACK);
- DESTROY_IF(old_my_ts);
- DESTROY_IF(old_other_ts);
- }
+ DESTROY_IF(old_my_ts);
+ DESTROY_IF(old_other_ts);
}
enumerator->destroy(enumerator);
}
@@ -1122,15 +1120,21 @@ METHOD(child_sa_t, destroy, void,
if (this->config->install_policy(this->config))
{
+ ipsec_sa_cfg_t my_sa, other_sa;
+
+ prepare_sa_cfg(this, &my_sa, &other_sa);
+
/* delete all policies in the kernel */
enumerator = create_policy_enumerator(this);
while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
- del_policies_internal(this, my_ts, other_ts, priority);
+ del_policies_internal(this, this->my_addr, this->other_addr,
+ my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority);
if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update())
{
- del_policies_internal(this, my_ts, other_ts,
- POLICY_PRIORITY_FALLBACK);
+ del_policies_internal(this, this->my_addr, this->other_addr,
+ my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP,
+ POLICY_PRIORITY_FALLBACK);
}
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 37d69874d..4625df5b8 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -394,9 +394,17 @@ struct private_ike_sa_manager_t {
rng_t *rng;
/**
- * Lock to access the RNG instance
+ * Registered callback for IKE SPIs
*/
- rwlock_t *rng_lock;
+ struct {
+ spi_cb_t cb;
+ void *data;
+ } spi_cb;
+
+ /**
+ * Lock to access the RNG instance and the callback
+ */
+ rwlock_t *spi_lock;
/**
* reuse existing IKE_SAs in checkout_by_config
@@ -971,13 +979,17 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
{
u_int64_t spi;
- this->rng_lock->read_lock(this->rng_lock);
- if (!this->rng ||
- !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
+ this->spi_lock->read_lock(this->spi_lock);
+ if (this->spi_cb.cb)
+ {
+ spi = this->spi_cb.cb(this->spi_cb.data);
+ }
+ else if (!this->rng ||
+ !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
{
spi = 0;
}
- this->rng_lock->unlock(this->rng_lock);
+ this->spi_lock->unlock(this->spi_lock);
return spi;
}
@@ -1188,11 +1200,15 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
*/
static u_int32_t get_message_id_or_hash(message_t *message)
{
- /* Use the message ID, or the message hash in IKEv1 Main/Aggressive mode */
- if (message->get_major_version(message) == IKEV1_MAJOR_VERSION &&
- message->get_message_id(message) == 0)
+ if (message->get_major_version(message) == IKEV1_MAJOR_VERSION)
{
- return chunk_hash(message->get_packet_data(message));
+ /* Use a hash for IKEv1 Phase 1, where we don't have a MID, and Quick
+ * Mode, where all three messages use the same message ID */
+ if (message->get_message_id(message) == 0 ||
+ message->get_exchange_type(message) == QUICK_MODE)
+ {
+ return chunk_hash(message->get_packet_data(message));
+ }
}
return message->get_message_id(message);
}
@@ -1384,7 +1400,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
continue;
}
if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING)
- { /* skip IKE_SAs which are not usable */
+ { /* skip IKE_SAs which are not usable, wake other waiting threads */
+ entry->condvar->signal(entry->condvar);
continue;
}
@@ -1402,6 +1419,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
break;
}
}
+ /* other threads might be waiting for this entry */
+ entry->condvar->signal(entry->condvar);
}
enumerator->destroy(enumerator);
@@ -1434,6 +1453,8 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*,
entry->checked_out = TRUE;
break;
}
+ /* other threads might be waiting for this entry */
+ entry->condvar->signal(entry->condvar);
}
}
enumerator->destroy(enumerator);
@@ -1490,6 +1511,8 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa));
break;
}
+ /* other threads might be waiting for this entry */
+ entry->condvar->signal(entry->condvar);
}
}
enumerator->destroy(enumerator);
@@ -1628,8 +1651,27 @@ METHOD(ike_sa_manager_t, checkin, void,
* delete any existing IKE_SAs with that peer. */
if (ike_sa->has_condition(ike_sa, COND_INIT_CONTACT_SEEN))
{
+ /* We can't hold the segment locked while checking the
+ * uniqueness as this could lead to deadlocks. We mark the
+ * entry as checked out while we release the lock so no other
+ * thread can acquire it. Since it is not yet in the list of
+ * connected peers that will not cause a deadlock as no other
+ * caller of check_unqiueness() will try to check out this SA */
+ entry->checked_out = TRUE;
+ unlock_single_segment(this, segment);
+
this->public.check_uniqueness(&this->public, ike_sa, TRUE);
ike_sa->set_condition(ike_sa, COND_INIT_CONTACT_SEEN, FALSE);
+
+ /* The entry could have been modified in the mean time, e.g.
+ * because another SA was added/removed next to it or another
+ * thread is waiting, but it should still exist, so there is no
+ * need for a lookup via get_entry_by... */
+ lock_single_segment(this, segment);
+ entry->checked_out = FALSE;
+ /* We already signaled waiting threads above, we have to do that
+ * again after checking the SA out and back in again. */
+ entry->condvar->signal(entry->condvar);
}
}
@@ -2010,6 +2052,15 @@ METHOD(ike_sa_manager_t, get_half_open_count, u_int,
return count;
}
+METHOD(ike_sa_manager_t, set_spi_cb, void,
+ private_ike_sa_manager_t *this, spi_cb_t callback, void *data)
+{
+ this->spi_lock->write_lock(this->spi_lock);
+ this->spi_cb.cb = callback;
+ this->spi_cb.data = data;
+ this->spi_lock->unlock(this->spi_lock);
+}
+
METHOD(ike_sa_manager_t, flush, void,
private_ike_sa_manager_t *this)
{
@@ -2092,10 +2143,12 @@ METHOD(ike_sa_manager_t, flush, void,
charon->bus->set_sa(charon->bus, NULL);
unlock_all_segments(this);
- this->rng_lock->write_lock(this->rng_lock);
+ this->spi_lock->write_lock(this->spi_lock);
this->rng->destroy(this->rng);
this->rng = NULL;
- this->rng_lock->unlock(this->rng_lock);
+ this->spi_cb.cb = NULL;
+ this->spi_cb.data = NULL;
+ this->spi_lock->unlock(this->spi_lock);
}
METHOD(ike_sa_manager_t, destroy, void,
@@ -2120,7 +2173,7 @@ METHOD(ike_sa_manager_t, destroy, void,
free(this->connected_peers_segments);
free(this->init_hashes_segments);
- this->rng_lock->destroy(this->rng_lock);
+ this->spi_lock->destroy(this->spi_lock);
free(this);
}
@@ -2167,6 +2220,7 @@ ike_sa_manager_t *ike_sa_manager_create()
.get_count = _get_count,
.get_half_open_count = _get_half_open_count,
.flush = _flush,
+ .set_spi_cb = _set_spi_cb,
.destroy = _destroy,
},
);
@@ -2178,7 +2232,7 @@ ike_sa_manager_t *ike_sa_manager_create()
free(this);
return NULL;
}
- this->rng_lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ this->spi_lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
this->ikesa_limit = lib->settings->get_int(lib->settings,
"%s.ikesa_limit", 0, lib->ns);
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 3ea928ea5..f1b7c2579 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -31,6 +31,16 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
#include <config/peer_cfg.h>
/**
+ * Callback called to generate an IKE SPI.
+ *
+ * This may be called from multiple threads concurrently.
+ *
+ * @param data data supplied during registration of the callback
+ * @return allocated SPI, 0 on failure
+ */
+typedef u_int64_t (*spi_cb_t)(void *data);
+
+/**
* Manages and synchronizes access to all IKE_SAs.
*
* To synchronize access to thread-unsave IKE_SAs, they are checked out for
@@ -227,6 +237,15 @@ struct ike_sa_manager_t {
bool responder_only);
/**
+ * Set the callback to generate IKE SPIs
+ *
+ * @param callback callback to register
+ * @param data data provided to callback
+ */
+ void (*set_spi_cb)(ike_sa_manager_t *this, spi_cb_t callback,
+ void *data);
+
+ /**
* Delete all existing IKE_SAs and destroy them immediately.
*
* Threads will be driven out, so all SAs can be deleted cleanly.
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index f5a91dbeb..e428966ad 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -23,14 +23,9 @@
typedef struct private_keymat_v1_t private_keymat_v1_t;
/**
- * Max. number of IVs to track.
+ * Max. number of IVs/QMs to track.
*/
-#define MAX_IV 3
-
-/**
- * Max. number of Quick Modes to track.
- */
-#define MAX_QM 2
+#define MAX_EXCHANGES_DEFAULT 3
/**
* Data stored for IVs
@@ -110,6 +105,11 @@ struct private_keymat_v1_t {
* of QMs are tracked at the same time. Stores qm_data_t objects.
*/
linked_list_t *qms;
+
+ /**
+ * Max. number of IVs/Quick Modes to track.
+ */
+ int max_exchanges;
};
@@ -874,7 +874,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid)
}
this->qms->insert_first(this->qms, found);
/* remove least recently used state if maximum reached */
- if (this->qms->get_count(this->qms) > MAX_QM &&
+ if (this->qms->get_count(this->qms) > this->max_exchanges &&
this->qms->remove_last(this->qms, (void**)&qm) == SUCCESS)
{
qm_data_destroy(qm);
@@ -1048,7 +1048,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid)
}
this->ivs->insert_first(this->ivs, found);
/* remove least recently used IV if maximum reached */
- if (this->ivs->get_count(this->ivs) > MAX_IV &&
+ if (this->ivs->get_count(this->ivs) > this->max_exchanges &&
this->ivs->remove_last(this->ivs, (void**)&iv) == SUCCESS)
{
iv_data_destroy(iv);
@@ -1163,6 +1163,8 @@ keymat_v1_t *keymat_v1_create(bool initiator)
.ivs = linked_list_create(),
.qms = linked_list_create(),
.initiator = initiator,
+ .max_exchanges = lib->settings->get_int(lib->settings,
+ "%s.max_ikev1_exchanges", MAX_EXCHANGES_DEFAULT, lib->ns),
);
return &this->public;
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 678f99df1..3c601a4fa 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -752,6 +752,12 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
case ALREADY_DONE:
cancelled = TRUE;
break;
+ case INVALID_ARG:
+ if (task->get_type(task) == TASK_QUICK_MODE)
+ { /* not responsible for this exchange */
+ continue;
+ }
+ /* FALL */
case FAILED:
default:
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
@@ -929,6 +935,28 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
}
/**
+ * Check if we still have an aggressive mode task queued
+ */
+static bool have_aggressive_mode_task(private_task_manager_t *this)
+{
+ enumerator_t *enumerator;
+ task_t *task;
+ bool found = FALSE;
+
+ enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
+ while (enumerator->enumerate(enumerator, &task))
+ {
+ if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
* handle an incoming request message
*/
static status_t process_request(private_task_manager_t *this,
@@ -1034,6 +1062,12 @@ static status_t process_request(private_task_manager_t *this,
case ALREADY_DONE:
send_response = FALSE;
break;
+ case INVALID_ARG:
+ if (task->get_type(task) == TASK_QUICK_MODE)
+ { /* not responsible for this exchange */
+ continue;
+ }
+ /* FALL */
case FAILED:
default:
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
@@ -1061,6 +1095,22 @@ static status_t process_request(private_task_manager_t *this,
* the same message again. */
clear_packets(this->responding.packets);
}
+ if (this->queued &&
+ this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
+ {
+ message_t *queued;
+ status_t status;
+
+ queued = this->queued;
+ this->queued = NULL;
+ status = this->public.task_manager.process_message(
+ &this->public.task_manager, queued);
+ queued->destroy(queued);
+ if (status == DESTROY_ME)
+ {
+ return status;
+ }
+ }
if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
this->queued_tasks->get_count(this->queued_tasks) > 0)
{
@@ -1133,7 +1183,8 @@ static status_t process_response(private_task_manager_t *this,
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
clear_packets(this->initiating.packets);
- if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
+ if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
+ this->queued->get_exchange_type(this->queued) == TRANSACTION)
{
queued = this->queued;
this->queued = NULL;
@@ -1228,6 +1279,29 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg)
return status;
}
+/**
+ * Queue the given message if possible
+ */
+static status_t queue_message(private_task_manager_t *this, message_t *msg)
+{
+ if (this->queued)
+ {
+ DBG1(DBG_IKE, "ignoring %N request, queue full",
+ exchange_type_names, msg->get_exchange_type(msg));
+ return FAILED;
+ }
+ this->queued = message_create_from_packet(msg->get_packet(msg));
+ if (this->queued->parse_header(this->queued) != SUCCESS)
+ {
+ this->queued->destroy(this->queued);
+ this->queued = NULL;
+ return FAILED;
+ }
+ DBG1(DBG_IKE, "queueing %N request as tasks still active",
+ exchange_type_names, msg->get_exchange_type(msg));
+ return SUCCESS;
+}
+
METHOD(task_manager_t, process_message, status_t,
private_task_manager_t *this, message_t *msg)
{
@@ -1328,25 +1402,29 @@ METHOD(task_manager_t, process_message, status_t,
}
}
- if (msg->get_exchange_type(msg) == TRANSACTION &&
- this->active_tasks->get_count(this->active_tasks))
- { /* main mode not yet complete, queue XAuth/Mode config tasks */
- if (this->queued)
+ /* drop XAuth/Mode Config/Quick Mode messages until we received the last
+ * Aggressive Mode message. since Informational messages are not
+ * retransmitted we queue them. */
+ if (have_aggressive_mode_task(this))
+ {
+ if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
{
- DBG1(DBG_IKE, "ignoring additional %N request, queue full",
- exchange_type_names, TRANSACTION);
- return SUCCESS;
+ return queue_message(this, msg);
}
- this->queued = message_create_from_packet(msg->get_packet(msg));
- if (this->queued->parse_header(this->queued) != SUCCESS)
+ else if (msg->get_exchange_type(msg) != AGGRESSIVE)
{
- this->queued->destroy(this->queued);
- this->queued = NULL;
+ DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+ exchange_type_names, msg->get_exchange_type(msg));
return FAILED;
}
- DBG1(DBG_IKE, "queueing %N request as tasks still active",
- exchange_type_names, TRANSACTION);
- return SUCCESS;
+ }
+
+ /* queue XAuth/Mode Config messages unless the Main Mode exchange we
+ * initiated is complete */
+ if (msg->get_exchange_type(msg) == TRANSACTION &&
+ this->active_tasks->get_count(this->active_tasks))
+ {
+ return queue_message(this, msg);
}
msg->set_request(msg, TRUE);
@@ -1724,6 +1802,8 @@ METHOD(task_manager_t, queue_dpd, void,
pow(this->retransmit_base, retransmit));
}
}
+ /* compensate for the already elapsed dpd delay */
+ t -= 1000 * peer_cfg->get_dpd(peer_cfg);
/* schedule DPD timeout job */
lib->scheduler->schedule_job_ms(lib->scheduler,
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index d0994a961..a03477e18 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -482,7 +482,9 @@ static host_t *assign_migrated_vip(linked_list_t *migrated, host_t *requested)
enumerator = migrated->create_enumerator(migrated);
while (enumerator->enumerate(enumerator, &vip))
{
- if (vip->ip_equals(vip, requested))
+ if (vip->ip_equals(vip, requested) ||
+ (requested->is_anyaddr(requested) &&
+ requested->get_family(requested) == vip->get_family(vip)))
{
migrated->remove_at(migrated, enumerator);
found = vip;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c
index 1b95a8b11..ade59a2dd 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c
@@ -115,7 +115,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
if (this->expired)
{
DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} "
- "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+ "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
ntohl(child_sa->get_spi(child_sa, TRUE)),
ntohl(child_sa->get_spi(child_sa, FALSE)), my_ts, other_ts);
@@ -126,7 +126,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL);
DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs "
- "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R",
+ "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R === %#R",
child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in,
ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out,
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index d6a3f2cd1..e7d26443b 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -388,7 +388,7 @@ static bool install(private_quick_mode_t *this)
this->child_sa->create_ts_enumerator(this->child_sa, FALSE));
DBG0(DBG_IKE, "CHILD_SA %s{%d} established "
- "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+ "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
this->child_sa->get_name(this->child_sa),
this->child_sa->get_unique_id(this->child_sa),
ntohl(this->child_sa->get_spi(this->child_sa, TRUE)),
@@ -1026,7 +1026,7 @@ METHOD(task_t, process_r, status_t,
{
if (this->mid && this->mid != message->get_message_id(message))
{ /* not responsible for this quick mode exchange */
- return NEED_MORE;
+ return INVALID_ARG;
}
switch (this->state)
@@ -1200,7 +1200,7 @@ METHOD(task_t, build_r, status_t,
{
if (this->mid && this->mid != message->get_message_id(message))
{ /* not responsible for this quick mode exchange */
- return NEED_MORE;
+ return INVALID_ARG;
}
switch (this->state)
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index a770e90ff..c0c91574c 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -271,7 +271,10 @@ static bool add_auth_cfg(private_xauth_t *this, identification_t *id, bool local
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH);
- auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id));
+ if (id)
+ {
+ auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id));
+ }
auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), FALSE);
this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
@@ -342,7 +345,10 @@ METHOD(task_t, build_i, status_t,
break;
case SUCCESS:
DESTROY_IF(cp);
- this->status = XAUTH_OK;
+ if (add_auth_cfg(this, NULL, FALSE) && allowed(this))
+ {
+ this->status = XAUTH_OK;
+ }
this->public.task.process = _process_i_status;
return build_i_status(this, message);
default:
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index fce0840e3..55cb5dd9c 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -527,6 +527,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
case ENCR_AES_GCM_ICV12:
case ENCR_AES_GCM_ICV16:
case ENCR_AES_CTR:
+ case ENCR_CAMELLIA_CTR:
case ENCR_NULL_AUTH_AES_GMAC:
case ENCR_CHACHA20_POLY1305:
enc_size += 4;
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index e08f3dab1..97f73d851 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -712,7 +712,7 @@ static status_t select_and_install(private_child_create_t *this,
this->child_sa->create_ts_enumerator(this->child_sa, FALSE));
DBG0(DBG_IKE, "CHILD_SA %s{%d} established "
- "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+ "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
this->child_sa->get_name(this->child_sa),
this->child_sa->get_unique_id(this->child_sa),
ntohl(this->child_sa->get_spi(this->child_sa, TRUE)),
@@ -1245,7 +1245,7 @@ METHOD(task_t, build_r, status_t,
}
if (this->config == NULL)
{
- DBG1(DBG_IKE, "traffic selectors %#R=== %#R inacceptable",
+ DBG1(DBG_IKE, "traffic selectors %#R === %#R inacceptable",
this->tsr, this->tsi);
charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr);
message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index f0b11e291..877ae0531 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -266,7 +266,7 @@ static void log_children(private_child_delete_t *this)
if (this->expired)
{
DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} "
- "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+ "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
ntohl(child_sa->get_spi(child_sa, TRUE)),
ntohl(child_sa->get_spi(child_sa, FALSE)), my_ts, other_ts);
@@ -277,7 +277,7 @@ static void log_children(private_child_delete_t *this)
child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL);
DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs %.8x_i "
- "(%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R",
+ "(%llu bytes) %.8x_o (%llu bytes) and TS %#R === %#R",
child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in,
ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 11b0bb281..cbdc5e797 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -339,7 +339,11 @@ METHOD(ike_mobike_t, transmit, bool,
{
if (me->ip_equals(me, me_old))
{
- charon->sender->send(charon->sender, packet->clone(packet));
+ copy = packet->clone(packet);
+ /* hosts might have been updated by a peer's MOBIKE exchange */
+ copy->set_source(copy, me_old->clone(me_old));
+ copy->set_destination(copy, other_old->clone(other_old));
+ charon->sender->send(charon->sender, copy);
me->destroy(me);
return TRUE;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index 9e0eb68ce..dd34c1234 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -129,25 +129,6 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this,
}
/**
- * build a faked NATD payload to enforce UDP encap
- */
-static chunk_t generate_natd_hash_faked(private_ike_natd_t *this)
-{
- rng_t *rng;
- chunk_t chunk;
-
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng || !rng->allocate_bytes(rng, HASH_SIZE_SHA1, &chunk))
- {
- DBG1(DBG_IKE, "unable to get random bytes for NATD fake");
- DESTROY_IF(rng);
- return chunk_empty;
- }
- rng->destroy(rng);
- return chunk;
-}
-
-/**
* Build a NAT detection notify payload.
*/
static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
@@ -162,7 +143,14 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
config = this->ike_sa->get_ike_cfg(this->ike_sa);
if (force_encap(config) && type == NAT_DETECTION_SOURCE_IP)
{
- hash = generate_natd_hash_faked(this);
+ u_int32_t addr;
+
+ /* chunk_hash() is randomly keyed so this produces a random IPv4 address
+ * that changes with every restart but otherwise stays the same */
+ addr = chunk_hash(chunk_from_chars(0x00, 0x00, 0x00, 0x00));
+ host = host_create_from_chunk(AF_INET, chunk_from_thing(addr), 0);
+ hash = generate_natd_hash(this, ike_sa_id, host);
+ host->destroy(host);
}
else
{
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index 1a984435c..5231994c8 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -63,9 +63,9 @@ struct private_shunt_manager_t {
static bool install_shunt_policy(child_cfg_t *child)
{
enumerator_t *e_my_ts, *e_other_ts;
- linked_list_t *my_ts_list, *other_ts_list;
+ linked_list_t *my_ts_list, *other_ts_list, *hosts;
traffic_selector_t *my_ts, *other_ts;
- host_t *host_any;
+ host_t *host_any, *host_any6;
policy_type_t policy_type;
policy_priority_t policy_prio;
status_t status = SUCCESS;
@@ -85,9 +85,13 @@ static bool install_shunt_policy(child_cfg_t *child)
return FALSE;
}
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL);
host_any = host_create_any(AF_INET);
+ host_any6 = host_create_any(AF_INET6);
+
+ hosts = linked_list_create_with_items(host_any, host_any6, NULL);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ hosts->destroy(hosts);
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -96,6 +100,16 @@ static bool install_shunt_policy(child_cfg_t *child)
e_other_ts = other_ts_list->create_enumerator(other_ts_list);
while (e_other_ts->enumerate(e_other_ts, &other_ts))
{
+ if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
+ {
+ continue;
+ }
+ if (my_ts->get_protocol(my_ts) &&
+ other_ts->get_protocol(other_ts) &&
+ my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts))
+ {
+ continue;
+ }
/* install out policy */
status |= hydra->kernel_interface->add_policy(
hydra->kernel_interface, host_any, host_any,
@@ -125,6 +139,7 @@ static bool install_shunt_policy(child_cfg_t *child)
offsetof(traffic_selector_t, destroy));
other_ts_list->destroy_offset(other_ts_list,
offsetof(traffic_selector_t, destroy));
+ host_any6->destroy(host_any6);
host_any->destroy(host_any);
return status == SUCCESS;
@@ -185,25 +200,35 @@ METHOD(shunt_manager_t, install, bool,
static void uninstall_shunt_policy(child_cfg_t *child)
{
enumerator_t *e_my_ts, *e_other_ts;
- linked_list_t *my_ts_list, *other_ts_list;
+ linked_list_t *my_ts_list, *other_ts_list, *hosts;
traffic_selector_t *my_ts, *other_ts;
+ host_t *host_any, *host_any6;
+ policy_type_t policy_type;
policy_priority_t policy_prio;
status_t status = SUCCESS;
+ ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
switch (child->get_mode(child))
{
case MODE_PASS:
+ policy_type = POLICY_PASS;
policy_prio = POLICY_PRIORITY_PASS;
break;
case MODE_DROP:
+ policy_type = POLICY_DROP;
policy_prio = POLICY_PRIORITY_FALLBACK;
break;
default:
return;
}
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL);
+ host_any = host_create_any(AF_INET);
+ host_any6 = host_create_any(AF_INET6);
+
+ hosts = linked_list_create_with_items(host_any, host_any6, NULL);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ hosts->destroy(hosts);
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -212,22 +237,35 @@ static void uninstall_shunt_policy(child_cfg_t *child)
e_other_ts = other_ts_list->create_enumerator(other_ts_list);
while (e_other_ts->enumerate(e_other_ts, &other_ts))
{
+ if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
+ {
+ continue;
+ }
+ if (my_ts->get_protocol(my_ts) &&
+ other_ts->get_protocol(other_ts) &&
+ my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts))
+ {
+ continue;
+ }
/* uninstall out policy */
status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, my_ts, other_ts,
- POLICY_OUT, 0, child->get_mark(child, FALSE),
+ hydra->kernel_interface, host_any, host_any,
+ my_ts, other_ts, POLICY_OUT, policy_type,
+ &sa, child->get_mark(child, FALSE),
policy_prio);
/* uninstall in policy */
status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, other_ts, my_ts,
- POLICY_IN, 0, child->get_mark(child, TRUE),
+ hydra->kernel_interface, host_any, host_any,
+ other_ts, my_ts, POLICY_IN, policy_type,
+ &sa, child->get_mark(child, TRUE),
policy_prio);
/* uninstall forward policy */
status |= hydra->kernel_interface->del_policy(
- hydra->kernel_interface, other_ts, my_ts,
- POLICY_FWD, 0, child->get_mark(child, TRUE),
+ hydra->kernel_interface, host_any, host_any,
+ other_ts, my_ts, POLICY_FWD, policy_type,
+ &sa, child->get_mark(child, TRUE),
policy_prio);
}
e_other_ts->destroy(e_other_ts);
@@ -238,6 +276,8 @@ static void uninstall_shunt_policy(child_cfg_t *child)
offsetof(traffic_selector_t, destroy));
other_ts_list->destroy_offset(other_ts_list,
offsetof(traffic_selector_t, destroy));
+ host_any6->destroy(host_any6);
+ host_any->destroy(host_any);
if (status != SUCCESS)
{
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 63505c960..90ad7e40e 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -211,6 +211,7 @@ METHOD(trap_manager_t, install, u_int32_t,
if (this->installing == INSTALL_DISABLED)
{ /* flush() has been called */
this->lock->unlock(this->lock);
+ other->destroy(other);
me->destroy(me);
return 0;
}
@@ -235,6 +236,7 @@ METHOD(trap_manager_t, install, u_int32_t,
{
DBG1(DBG_CFG, "CHILD_SA '%s' is already being routed", found->name);
this->lock->unlock(this->lock);
+ other->destroy(other);
me->destroy(me);
return 0;
}
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index 4daf91905..b4c6ce3a6 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -383,14 +383,13 @@ METHOD(fast_dispatcher_t, waitsignal, void,
private_fast_dispatcher_t *this)
{
sigset_t set;
- int sig;
sigemptyset(&set);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigaddset(&set, SIGHUP);
sigprocmask(SIG_BLOCK, &set, NULL);
- sigwait(&set, &sig);
+ sigwaitinfo(&set, NULL);
}
METHOD(fast_dispatcher_t, destroy, void,
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
index af39f04ec..7b62e9529 100644
--- a/src/libhydra/Android.mk
+++ b/src/libhydra/Android.mk
@@ -20,7 +20,6 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
# build libhydra ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index ce31bd410..89e95ade9 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2013 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Hochschule fuer Technik Rapperswil
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
@@ -509,16 +509,17 @@ METHOD(kernel_interface_t, query_policy, status_t,
}
METHOD(kernel_interface_t, del_policy, status_t,
- private_kernel_interface_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_kernel_interface_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t priority)
{
if (!this->ipsec)
{
return NOT_SUPPORTED;
}
- return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
- direction, reqid, mark, priority);
+ return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts,
+ direction, type, sa, mark, priority);
}
METHOD(kernel_interface_t, flush_policies, status_t,
@@ -738,44 +739,52 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
}
-METHOD(kernel_interface_t, add_ipsec_interface, void,
+METHOD(kernel_interface_t, add_ipsec_interface, bool,
private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
{
if (!this->ipsec)
{
this->ipsec_constructor = constructor;
this->ipsec = constructor();
+ return this->ipsec != NULL;
}
+ return FALSE;
}
-METHOD(kernel_interface_t, remove_ipsec_interface, void,
+METHOD(kernel_interface_t, remove_ipsec_interface, bool,
private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
{
if (constructor == this->ipsec_constructor && this->ipsec)
{
this->ipsec->destroy(this->ipsec);
this->ipsec = NULL;
+ return TRUE;
}
+ return FALSE;
}
-METHOD(kernel_interface_t, add_net_interface, void,
+METHOD(kernel_interface_t, add_net_interface, bool,
private_kernel_interface_t *this, kernel_net_constructor_t constructor)
{
if (!this->net)
{
this->net_constructor = constructor;
this->net = constructor();
+ return this->net != NULL;
}
+ return FALSE;
}
-METHOD(kernel_interface_t, remove_net_interface, void,
+METHOD(kernel_interface_t, remove_net_interface, bool,
private_kernel_interface_t *this, kernel_net_constructor_t constructor)
{
if (constructor == this->net_constructor && this->net)
{
this->net->destroy(this->net);
this->net = NULL;
+ return TRUE;
}
+ return FALSE;
}
METHOD(kernel_interface_t, add_listener, void,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index 96ce9e26d..45efe8946 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -265,9 +265,6 @@ struct kernel_interface_t {
/**
* Add a policy to the SPD.
*
- * A policy is always associated to an SA. Traffic which matches a
- * policy is handled by the SA with the same reqid.
- *
* @param src source address of SA
* @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
@@ -309,24 +306,24 @@ struct kernel_interface_t {
/**
* Remove a policy from the SPD.
*
- * The kernel interface implements reference counting for policies.
- * If the same policy is installed multiple times (in the case of rekeying),
- * the reference counter is increased. del_policy() decreases the ref counter
- * and removes the policy only when no more references are available.
- *
+ * @param src source address of SA
+ * @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
* @param dst_ts traffic selector to match traffic dest
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param reqid unique ID of the associated SA
- * @param mark optional mark
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
* @param priority priority of the policy
* @return SUCCESS if operation completed
*/
status_t (*del_policy) (kernel_interface_t *this,
+ host_t *src, host_t *dst,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t reqid,
- mark_t mark, policy_priority_t priority);
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
/**
* Flush all policies from the SPD.
@@ -502,39 +499,49 @@ struct kernel_interface_t {
/**
* Register an ipsec kernel interface constructor on the manager.
*
- * @param create constructor to register
+ * @param create constructor to register
+ * @return TRUE if the ipsec kernel interface was registered
+ * successfully, FALSE if an interface was already
+ * registered or the registration failed
*/
- void (*add_ipsec_interface)(kernel_interface_t *this,
+ bool (*add_ipsec_interface)(kernel_interface_t *this,
kernel_ipsec_constructor_t create);
/**
* Unregister an ipsec kernel interface constructor.
*
- * @param create constructor to unregister
+ * @param create constructor to unregister
+ * @return TRUE if the ipsec kernel interface was unregistered
+ * successfully, FALSE otherwise
*/
- void (*remove_ipsec_interface)(kernel_interface_t *this,
+ bool (*remove_ipsec_interface)(kernel_interface_t *this,
kernel_ipsec_constructor_t create);
/**
* Register a network kernel interface constructor on the manager.
*
- * @param create constructor to register
+ * @param create constructor to register
+ * @return TRUE if the kernel net interface was registered
+ * successfully, FALSE if an interface was already
+ * registered or the registration failed
*/
- void (*add_net_interface)(kernel_interface_t *this,
+ bool (*add_net_interface)(kernel_interface_t *this,
kernel_net_constructor_t create);
/**
* Unregister a network kernel interface constructor.
*
- * @param create constructor to unregister
+ * @param create constructor to unregister
+ * @return TRUE if the kernel net interface was unregistered
+ * successfully, FALSE otherwise
*/
- void (*remove_net_interface)(kernel_interface_t *this,
+ bool (*remove_net_interface)(kernel_interface_t *this,
kernel_net_constructor_t create);
/**
* Add a listener to the kernel interface.
*
- * @param listener listener to add
+ * @param listener listener to add
*/
void (*add_listener)(kernel_interface_t *this,
kernel_listener_t *listener);
@@ -542,7 +549,7 @@ struct kernel_interface_t {
/**
* Remove a listener from the kernel interface.
*
- * @param listener listener to remove
+ * @param listener listener to remove
*/
void (*remove_listener)(kernel_interface_t *this,
kernel_listener_t *listener);
diff --git a/src/libhydra/kernel/kernel_ipsec.c b/src/libhydra/kernel/kernel_ipsec.c
index 1a32ab4e7..697b1b33d 100644
--- a/src/libhydra/kernel/kernel_ipsec.c
+++ b/src/libhydra/kernel/kernel_ipsec.c
@@ -25,13 +25,14 @@ bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature,
{
if (reg)
{
- hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->add_ipsec_interface(
+ hydra->kernel_interface,
(kernel_ipsec_constructor_t)data);
}
else
{
- hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->remove_ipsec_interface(
+ hydra->kernel_interface,
(kernel_ipsec_constructor_t)data);
}
- return TRUE;
}
diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h
index 19caaa400..2458db5b9 100644
--- a/src/libhydra/kernel/kernel_ipsec.h
+++ b/src/libhydra/kernel/kernel_ipsec.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -186,9 +186,6 @@ struct kernel_ipsec_t {
/**
* Add a policy to the SPD.
*
- * A policy is always associated to an SA. Traffic which matches a
- * policy is handled by the SA with the same reqid.
- *
* @param src source address of SA
* @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
@@ -231,24 +228,24 @@ struct kernel_ipsec_t {
/**
* Remove a policy from the SPD.
*
- * The kernel interface implements reference counting for policies.
- * If the same policy is installed multiple times (in the case of rekeying),
- * the reference counter is increased. del_policy() decreases the ref counter
- * and removes the policy only when no more references are available.
- *
+ * @param src source address of SA
+ * @param dst dest address of SA
* @param src_ts traffic selector to match traffic source
* @param dst_ts traffic selector to match traffic dest
* @param direction direction of traffic, POLICY_(IN|OUT|FWD)
- * @param reqid unique ID of the associated SA
- * @param mark optional mark
+ * @param type type of policy, POLICY_(IPSEC|PASS|DROP)
+ * @param sa details about the SA(s) tied to this policy
+ * @param mark mark for this policy
* @param priority priority of the policy
* @return SUCCESS if operation completed
*/
status_t (*del_policy) (kernel_ipsec_t *this,
+ host_t *src, host_t *dst,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts,
- policy_dir_t direction, u_int32_t reqid,
- mark_t mark, policy_priority_t priority);
+ policy_dir_t direction, policy_type_t type,
+ ipsec_sa_cfg_t *sa, mark_t mark,
+ policy_priority_t priority);
/**
* Flush all policies from the SPD.
diff --git a/src/libhydra/kernel/kernel_net.c b/src/libhydra/kernel/kernel_net.c
index 0841ed803..07d8b2999 100644
--- a/src/libhydra/kernel/kernel_net.c
+++ b/src/libhydra/kernel/kernel_net.c
@@ -25,13 +25,14 @@ bool kernel_net_register(plugin_t *plugin, plugin_feature_t *feature,
{
if (reg)
{
- hydra->kernel_interface->add_net_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->add_net_interface(
+ hydra->kernel_interface,
(kernel_net_constructor_t)data);
}
else
{
- hydra->kernel_interface->remove_net_interface(hydra->kernel_interface,
+ return hydra->kernel_interface->remove_net_interface(
+ hydra->kernel_interface,
(kernel_net_constructor_t)data);
}
- return TRUE;
}
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 605476ef1..8c506d9f4 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2008 Andreas Steffen
* Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
@@ -318,11 +318,6 @@ struct private_kernel_netlink_ipsec_t {
bool proto_port_transport;
/**
- * Whether to track the history of a policy
- */
- bool policy_history;
-
- /**
* Whether to always use UPDATE to install policies
*/
bool policy_update;
@@ -2140,7 +2135,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
{
continue;
}
- tmpl->reqid = policy->reqid;
+ tmpl->reqid = ipsec->cfg.reqid;
tmpl->id.proto = protos[i].proto;
tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0;
tmpl->mode = mode2kernel(proto_mode);
@@ -2322,7 +2317,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
current = this->policies->get(this->policies, policy);
if (current)
{
- if (current->reqid != sa->reqid)
+ if (current->reqid && sa->reqid && current->reqid != sa->reqid)
{
DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark "
"%u/0x%08x) for reqid %u, the same policy for reqid %u exists",
@@ -2352,26 +2347,19 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
dst_ts, mark, sa);
assigned_sa->priority = get_priority(policy, priority);
- if (this->policy_history)
- { /* insert the SA according to its priority */
- enumerator = policy->used_by->create_enumerator(policy->used_by);
- while (enumerator->enumerate(enumerator, (void**)&current_sa))
+ /* insert the SA according to its priority */
+ enumerator = policy->used_by->create_enumerator(policy->used_by);
+ while (enumerator->enumerate(enumerator, (void**)&current_sa))
+ {
+ if (current_sa->priority >= assigned_sa->priority)
{
- if (current_sa->priority >= assigned_sa->priority)
- {
- break;
- }
- update = FALSE;
+ break;
}
- policy->used_by->insert_before(policy->used_by, enumerator,
- assigned_sa);
- enumerator->destroy(enumerator);
- }
- else
- { /* simply insert it last and only update if it is not installed yet */
- policy->used_by->insert_last(policy->used_by, assigned_sa);
- update = !found;
+ update = FALSE;
}
+ policy->used_by->insert_before(policy->used_by, enumerator,
+ assigned_sa);
+ enumerator->destroy(enumerator);
if (!update)
{ /* we don't update the policy if the priority is lower than that of
@@ -2482,8 +2470,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t prio)
{
policy_entry_t *current, policy;
@@ -2494,6 +2483,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
struct xfrm_userpolicy_id *policy_id;
bool is_installed = TRUE;
u_int32_t priority;
+ ipsec_sa_t assigned_sa = {
+ .src = src,
+ .dst = dst,
+ .mark = mark,
+ .cfg = *sa,
+ };
DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)",
src_ts, dst_ts, policy_dir_names, direction,
@@ -2508,7 +2503,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
/* find the policy */
this->mutex->lock(this->mutex);
current = this->policies->get(this->policies, &policy);
- if (!current || current->reqid != reqid)
+ if (!current)
{
if (mark.value)
{
@@ -2525,28 +2520,21 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
return NOT_FOUND;
}
- if (this->policy_history)
- { /* remove mapping to SA by reqid and priority */
- priority = get_priority(current, prio);
- enumerator = current->used_by->create_enumerator(current->used_by);
- while (enumerator->enumerate(enumerator, (void**)&mapping))
+ /* remove mapping to SA by reqid and priority */
+ priority = get_priority(current, prio);
+ enumerator = current->used_by->create_enumerator(current->used_by);
+ while (enumerator->enumerate(enumerator, (void**)&mapping))
+ {
+ if (priority == mapping->priority && type == mapping->type &&
+ ipsec_sa_equals(mapping->sa, &assigned_sa))
{
- if (priority == mapping->priority)
- {
- current->used_by->remove_at(current->used_by, enumerator);
- policy_sa_destroy(mapping, &direction, this);
- break;
- }
- is_installed = FALSE;
+ current->used_by->remove_at(current->used_by, enumerator);
+ policy_sa_destroy(mapping, &direction, this);
+ break;
}
- enumerator->destroy(enumerator);
- }
- else
- { /* remove one of the SAs but don't update the policy */
- current->used_by->remove_last(current->used_by, (void**)&mapping);
- policy_sa_destroy(mapping, &direction, this);
is_installed = FALSE;
}
+ enumerator->destroy(enumerator);
if (current->used_by->get_count(current->used_by) > 0)
{ /* policy is used by more SAs, keep in kernel */
@@ -2915,7 +2903,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
(hashtable_equals_t)ipsec_sa_equals, 32),
.bypass = array_create(sizeof(bypass_t), 0),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .policy_history = TRUE,
.policy_update = lib->settings->get_bool(lib->settings,
"%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns),
.install_routes = lib->settings->get_bool(lib->settings,
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 5027e1759..c67366b86 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2008 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
@@ -843,7 +843,9 @@ static kernel_algorithm_t encryption_algs[] = {
/* {ENCR_DES_IV32, 0 }, */
{ENCR_NULL, SADB_EALG_NULL },
{ENCR_AES_CBC, SADB_X_EALG_AESCBC },
-/* {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, */
+#ifdef SADB_X_EALG_AESCTR
+ {ENCR_AES_CTR, SADB_X_EALG_AESCTR },
+#endif
/* {ENCR_AES_CCM_ICV8, SADB_X_EALG_AES_CCM_ICV8 }, */
/* {ENCR_AES_CCM_ICV12, SADB_X_EALG_AES_CCM_ICV12 }, */
/* {ENCR_AES_CCM_ICV16, SADB_X_EALG_AES_CCM_ICV16 }, */
@@ -2689,8 +2691,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
}
METHOD(kernel_ipsec_t, del_policy, status_t,
- private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
- traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
+ private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+ traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+ policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
mark_t mark, policy_priority_t prio)
{
unsigned char request[PFKEY_BUFFER_SIZE];
@@ -2702,6 +2705,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
bool first = TRUE, is_installed = TRUE;
u_int32_t priority;
size_t len;
+ ipsec_sa_t assigned_sa = {
+ .src = src,
+ .dst = dst,
+ .cfg = *sa,
+ };
if (dir2kernel(direction) == IPSEC_DIR_INVALID)
{ /* FWD policies are not supported on all platforms */
@@ -2735,7 +2743,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
- if (reqid == mapping->sa->cfg.reqid && priority == mapping->priority)
+ if (priority == mapping->priority &&
+ ipsec_sa_equals(mapping->sa, &assigned_sa))
{
to_remove = mapping;
is_installed = first;
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index ff6191117..9162e3f87 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -388,6 +388,30 @@ INSERT INTO products ( /* 65 */
'Debian 7.8 armv7l'
);
+INSERT INTO products ( /* 66 */
+ name
+) VALUES (
+ 'Debian 7.9 i686'
+);
+
+INSERT INTO products ( /* 67 */
+ name
+) VALUES (
+ 'Debian 7.9 x86_64'
+);
+
+INSERT INTO products ( /* 68 */
+ name
+) VALUES (
+ 'Debian 7.9 armv6l'
+);
+
+INSERT INTO products ( /* 69 */
+ name
+) VALUES (
+ 'Debian 7.9 armv7l'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -889,6 +913,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 66
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -955,6 +985,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 67
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1201,9 +1237,21 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 14, 68
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
15, 65
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 15, 69
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk
index c5d987977..dffed94f0 100644
--- a/src/libipsec/Android.mk
+++ b/src/libipsec/Android.mk
@@ -20,7 +20,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libipsec_la_SOURCES))
# build libipsec ---------------------------------------------------------------
LOCAL_C_INCLUDES += \
- $(strongswan_PATH)/src/include \
$(strongswan_PATH)/src/libstrongswan
LOCAL_CFLAGS := $(strongswan_CFLAGS)
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index b742d1576..2b003e390 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -247,7 +247,19 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg,
signer_t *signer = NULL;
iv_gen_t *ivg;
- crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len);
+ switch (enc_alg)
+ {
+ case ENCR_AES_CTR:
+ case ENCR_CAMELLIA_CTR:
+ /* the key includes a 4 byte salt */
+ crypter = lib->crypto->create_crypter(lib->crypto, enc_alg,
+ enc_key.len - 4);
+ break;
+ default:
+ crypter = lib->crypto->create_crypter(lib->crypto, enc_alg,
+ enc_key.len);
+ break;
+ }
if (!crypter)
{
DBG1(DBG_ESP, "failed to create ESP context: unsupported encryption "
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index d019d96e1..db3da8e15 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -15,6 +15,7 @@ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
+crypto/iv/iv_gen_null.c \
crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
@@ -116,8 +117,7 @@ LOCAL_SRC_FILES += $(call add_plugin, xcbc)
# build libstrongswan ----------------------------------------------------------
-LOCAL_CFLAGS := $(strongswan_CFLAGS) \
- -include $(LOCAL_PATH)/AndroidConfigLocal.h
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
LOCAL_MODULE := libstrongswan
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index adf3687ae..ed3b85dd4 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -13,6 +13,7 @@ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
+crypto/iv/iv_gen_null.c \
crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
@@ -72,7 +73,7 @@ crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
-crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
+crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
@@ -109,7 +110,7 @@ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
utils/cpu_feature.h utils/leak_detective.h utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/process.h \
-utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h \
+utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h utils/compat/android.h \
utils/utils/atomics.h utils/utils/types.h utils/utils/byteorder.h \
utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \
utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h
@@ -190,7 +191,7 @@ endif
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
crypto/proposal/proposal_keywords_static.txt \
-Android.mk AndroidConfigLocal.h
+Android.mk
BUILT_SOURCES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -288,6 +289,13 @@ if MONOLITHIC
endif
endif
+if USE_SHA3
+ SUBDIRS += plugins/sha3
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/sha3/libstrongswan-sha3.la
+endif
+endif
+
if USE_GMP
SUBDIRS += plugins/gmp
if MONOLITHIC
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 9598c8b51..284960f5c 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -131,93 +131,95 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_33 = plugins/sha1/libstrongswan-sha1.la
@USE_SHA2_TRUE@am__append_34 = plugins/sha2
@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_35 = plugins/sha2/libstrongswan-sha2.la
-@USE_GMP_TRUE@am__append_36 = plugins/gmp
-@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_37 = plugins/gmp/libstrongswan-gmp.la
-@USE_RDRAND_TRUE@am__append_38 = plugins/rdrand
-@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_39 = plugins/rdrand/libstrongswan-rdrand.la
-@USE_AESNI_TRUE@am__append_40 = plugins/aesni
-@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_41 = plugins/aesni/libstrongswan-aesni.la
-@USE_RANDOM_TRUE@am__append_42 = plugins/random
-@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_43 = plugins/random/libstrongswan-random.la
-@USE_NONCE_TRUE@am__append_44 = plugins/nonce
-@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_45 = plugins/nonce/libstrongswan-nonce.la
-@USE_HMAC_TRUE@am__append_46 = plugins/hmac
-@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_47 = plugins/hmac/libstrongswan-hmac.la
-@USE_CMAC_TRUE@am__append_48 = plugins/cmac
-@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_49 = plugins/cmac/libstrongswan-cmac.la
-@USE_XCBC_TRUE@am__append_50 = plugins/xcbc
-@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_51 = plugins/xcbc/libstrongswan-xcbc.la
-@USE_X509_TRUE@am__append_52 = plugins/x509
-@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_53 = plugins/x509/libstrongswan-x509.la
-@USE_REVOCATION_TRUE@am__append_54 = plugins/revocation
-@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_55 = plugins/revocation/libstrongswan-revocation.la
-@USE_CONSTRAINTS_TRUE@am__append_56 = plugins/constraints
-@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_57 = plugins/constraints/libstrongswan-constraints.la
-@USE_ACERT_TRUE@am__append_58 = plugins/acert
-@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_59 = plugins/acert/libstrongswan-acert.la
-@USE_PUBKEY_TRUE@am__append_60 = plugins/pubkey
-@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_61 = plugins/pubkey/libstrongswan-pubkey.la
-@USE_PKCS1_TRUE@am__append_62 = plugins/pkcs1
-@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_63 = plugins/pkcs1/libstrongswan-pkcs1.la
-@USE_PKCS7_TRUE@am__append_64 = plugins/pkcs7
-@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_65 = plugins/pkcs7/libstrongswan-pkcs7.la
-@USE_PKCS8_TRUE@am__append_66 = plugins/pkcs8
-@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_67 = plugins/pkcs8/libstrongswan-pkcs8.la
-@USE_PKCS12_TRUE@am__append_68 = plugins/pkcs12
-@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_69 = plugins/pkcs12/libstrongswan-pkcs12.la
-@USE_PGP_TRUE@am__append_70 = plugins/pgp
-@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_71 = plugins/pgp/libstrongswan-pgp.la
-@USE_DNSKEY_TRUE@am__append_72 = plugins/dnskey
-@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_73 = plugins/dnskey/libstrongswan-dnskey.la
-@USE_SSHKEY_TRUE@am__append_74 = plugins/sshkey
-@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_75 = plugins/sshkey/libstrongswan-sshkey.la
-@USE_PEM_TRUE@am__append_76 = plugins/pem
-@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_77 = plugins/pem/libstrongswan-pem.la
-@USE_CURL_TRUE@am__append_78 = plugins/curl
-@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_79 = plugins/curl/libstrongswan-curl.la
-@USE_FILES_TRUE@am__append_80 = plugins/files
-@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_81 = plugins/files/libstrongswan-files.la
-@USE_WINHTTP_TRUE@am__append_82 = plugins/winhttp
-@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_83 = plugins/winhttp/libstrongswan-winhttp.la
-@USE_UNBOUND_TRUE@am__append_84 = plugins/unbound
-@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_85 = plugins/unbound/libstrongswan-unbound.la
-@USE_SOUP_TRUE@am__append_86 = plugins/soup
-@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_87 = plugins/soup/libstrongswan-soup.la
-@USE_LDAP_TRUE@am__append_88 = plugins/ldap
-@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_89 = plugins/ldap/libstrongswan-ldap.la
-@USE_MYSQL_TRUE@am__append_90 = plugins/mysql
-@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_91 = plugins/mysql/libstrongswan-mysql.la
-@USE_SQLITE_TRUE@am__append_92 = plugins/sqlite
-@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_93 = plugins/sqlite/libstrongswan-sqlite.la
-@USE_PADLOCK_TRUE@am__append_94 = plugins/padlock
-@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_95 = plugins/padlock/libstrongswan-padlock.la
-@USE_OPENSSL_TRUE@am__append_96 = plugins/openssl
-@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_97 = plugins/openssl/libstrongswan-openssl.la
-@USE_GCRYPT_TRUE@am__append_98 = plugins/gcrypt
-@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_99 = plugins/gcrypt/libstrongswan-gcrypt.la
-@USE_FIPS_PRF_TRUE@am__append_100 = plugins/fips_prf
-@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_101 = plugins/fips_prf/libstrongswan-fips-prf.la
-@USE_AGENT_TRUE@am__append_102 = plugins/agent
-@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_103 = plugins/agent/libstrongswan-agent.la
-@USE_KEYCHAIN_TRUE@am__append_104 = plugins/keychain
-@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_105 = plugins/keychain/libstrongswan-keychain.la
-@USE_PKCS11_TRUE@am__append_106 = plugins/pkcs11
-@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_107 = plugins/pkcs11/libstrongswan-pkcs11.la
-@USE_CHAPOLY_TRUE@am__append_108 = plugins/chapoly
-@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_109 = plugins/chapoly/libstrongswan-chapoly.la
-@USE_CTR_TRUE@am__append_110 = plugins/ctr
-@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_111 = plugins/ctr/libstrongswan-ctr.la
-@USE_CCM_TRUE@am__append_112 = plugins/ccm
-@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_113 = plugins/ccm/libstrongswan-ccm.la
-@USE_GCM_TRUE@am__append_114 = plugins/gcm
-@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_115 = plugins/gcm/libstrongswan-gcm.la
-@USE_NTRU_TRUE@am__append_116 = plugins/ntru
-@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_117 = plugins/ntru/libstrongswan-ntru.la
-@USE_BLISS_TRUE@am__append_118 = plugins/bliss
-@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_119 = plugins/bliss/libstrongswan-bliss.la
-@USE_TEST_VECTORS_TRUE@am__append_120 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_121 = plugins/test_vectors/libstrongswan-test-vectors.la
-@USE_BLISS_TRUE@am__append_122 = plugins/bliss/tests
+@USE_SHA3_TRUE@am__append_36 = plugins/sha3
+@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_37 = plugins/sha3/libstrongswan-sha3.la
+@USE_GMP_TRUE@am__append_38 = plugins/gmp
+@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_39 = plugins/gmp/libstrongswan-gmp.la
+@USE_RDRAND_TRUE@am__append_40 = plugins/rdrand
+@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand/libstrongswan-rdrand.la
+@USE_AESNI_TRUE@am__append_42 = plugins/aesni
+@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_43 = plugins/aesni/libstrongswan-aesni.la
+@USE_RANDOM_TRUE@am__append_44 = plugins/random
+@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_45 = plugins/random/libstrongswan-random.la
+@USE_NONCE_TRUE@am__append_46 = plugins/nonce
+@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_47 = plugins/nonce/libstrongswan-nonce.la
+@USE_HMAC_TRUE@am__append_48 = plugins/hmac
+@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_49 = plugins/hmac/libstrongswan-hmac.la
+@USE_CMAC_TRUE@am__append_50 = plugins/cmac
+@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_51 = plugins/cmac/libstrongswan-cmac.la
+@USE_XCBC_TRUE@am__append_52 = plugins/xcbc
+@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_53 = plugins/xcbc/libstrongswan-xcbc.la
+@USE_X509_TRUE@am__append_54 = plugins/x509
+@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_55 = plugins/x509/libstrongswan-x509.la
+@USE_REVOCATION_TRUE@am__append_56 = plugins/revocation
+@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation/libstrongswan-revocation.la
+@USE_CONSTRAINTS_TRUE@am__append_58 = plugins/constraints
+@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints/libstrongswan-constraints.la
+@USE_ACERT_TRUE@am__append_60 = plugins/acert
+@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_61 = plugins/acert/libstrongswan-acert.la
+@USE_PUBKEY_TRUE@am__append_62 = plugins/pubkey
+@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey/libstrongswan-pubkey.la
+@USE_PKCS1_TRUE@am__append_64 = plugins/pkcs1
+@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1/libstrongswan-pkcs1.la
+@USE_PKCS7_TRUE@am__append_66 = plugins/pkcs7
+@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7/libstrongswan-pkcs7.la
+@USE_PKCS8_TRUE@am__append_68 = plugins/pkcs8
+@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8/libstrongswan-pkcs8.la
+@USE_PKCS12_TRUE@am__append_70 = plugins/pkcs12
+@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12/libstrongswan-pkcs12.la
+@USE_PGP_TRUE@am__append_72 = plugins/pgp
+@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_73 = plugins/pgp/libstrongswan-pgp.la
+@USE_DNSKEY_TRUE@am__append_74 = plugins/dnskey
+@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey/libstrongswan-dnskey.la
+@USE_SSHKEY_TRUE@am__append_76 = plugins/sshkey
+@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey/libstrongswan-sshkey.la
+@USE_PEM_TRUE@am__append_78 = plugins/pem
+@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_79 = plugins/pem/libstrongswan-pem.la
+@USE_CURL_TRUE@am__append_80 = plugins/curl
+@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_81 = plugins/curl/libstrongswan-curl.la
+@USE_FILES_TRUE@am__append_82 = plugins/files
+@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_83 = plugins/files/libstrongswan-files.la
+@USE_WINHTTP_TRUE@am__append_84 = plugins/winhttp
+@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp/libstrongswan-winhttp.la
+@USE_UNBOUND_TRUE@am__append_86 = plugins/unbound
+@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound/libstrongswan-unbound.la
+@USE_SOUP_TRUE@am__append_88 = plugins/soup
+@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_89 = plugins/soup/libstrongswan-soup.la
+@USE_LDAP_TRUE@am__append_90 = plugins/ldap
+@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_91 = plugins/ldap/libstrongswan-ldap.la
+@USE_MYSQL_TRUE@am__append_92 = plugins/mysql
+@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_93 = plugins/mysql/libstrongswan-mysql.la
+@USE_SQLITE_TRUE@am__append_94 = plugins/sqlite
+@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite/libstrongswan-sqlite.la
+@USE_PADLOCK_TRUE@am__append_96 = plugins/padlock
+@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock/libstrongswan-padlock.la
+@USE_OPENSSL_TRUE@am__append_98 = plugins/openssl
+@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl/libstrongswan-openssl.la
+@USE_GCRYPT_TRUE@am__append_100 = plugins/gcrypt
+@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt/libstrongswan-gcrypt.la
+@USE_FIPS_PRF_TRUE@am__append_102 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_104 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_105 = plugins/agent/libstrongswan-agent.la
+@USE_KEYCHAIN_TRUE@am__append_106 = plugins/keychain
+@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain/libstrongswan-keychain.la
+@USE_PKCS11_TRUE@am__append_108 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CHAPOLY_TRUE@am__append_110 = plugins/chapoly
+@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly/libstrongswan-chapoly.la
+@USE_CTR_TRUE@am__append_112 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_113 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_114 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_115 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_116 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_117 = plugins/gcm/libstrongswan-gcm.la
+@USE_NTRU_TRUE@am__append_118 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_119 = plugins/ntru/libstrongswan-ntru.la
+@USE_BLISS_TRUE@am__append_120 = plugins/bliss
+@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_121 = plugins/bliss/libstrongswan-bliss.la
+@USE_TEST_VECTORS_TRUE@am__append_122 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
settings/settings_parser.h settings/settings_parser.c \
@@ -297,7 +299,7 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_101) $(am__append_103) $(am__append_105) \
$(am__append_107) $(am__append_109) $(am__append_111) \
$(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121)
+ $(am__append_119) $(am__append_121) $(am__append_123)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -312,11 +314,11 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c \
crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
- crypto/iv/iv_gen_seq.c crypto/mgf1/mgf1.c \
- crypto/mgf1/mgf1_bitspender.c credentials/credential_factory.c \
- credentials/builder.c credentials/cred_encoding.c \
- credentials/keys/private_key.c credentials/keys/public_key.c \
- credentials/keys/shared_key.c \
+ crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
+ crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+ credentials/credential_factory.c credentials/builder.c \
+ credentials/cred_encoding.c credentials/keys/private_key.c \
+ credentials/keys/public_key.c credentials/keys/shared_key.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
@@ -397,7 +399,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
crypto/crypto_tester.lo crypto/diffie_hellman.lo \
crypto/aead.lo crypto/transform.lo crypto/iv/iv_gen.lo \
crypto/iv/iv_gen_rand.lo crypto/iv/iv_gen_seq.lo \
- crypto/mgf1/mgf1.lo crypto/mgf1/mgf1_bitspender.lo \
+ crypto/iv/iv_gen_null.lo crypto/mgf1/mgf1.lo \
+ crypto/mgf1/mgf1_bitspender.lo \
credentials/credential_factory.lo credentials/builder.lo \
credentials/cred_encoding.lo credentials/keys/private_key.lo \
credentials/keys/public_key.lo credentials/keys/shared_key.lo \
@@ -524,10 +527,11 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
crypto/crypto_tester.h crypto/diffie_hellman.h crypto/aead.h \
crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
- crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
- credentials/credential_factory.h credentials/builder.h \
- credentials/cred_encoding.h credentials/keys/private_key.h \
- credentials/keys/public_key.h credentials/keys/shared_key.h \
+ crypto/iv/iv_gen_null.h crypto/mgf1/mgf1.h \
+ crypto/mgf1/mgf1_bitspender.h credentials/credential_factory.h \
+ credentials/builder.h credentials/cred_encoding.h \
+ credentials/keys/private_key.h credentials/keys/public_key.h \
+ credentials/keys/shared_key.h \
credentials/certificates/certificate.h \
credentials/certificates/x509.h credentials/certificates/ac.h \
credentials/certificates/crl.h \
@@ -574,7 +578,8 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
utils/printf_hook/printf_hook_builtin.h utils/parser_helper.h \
utils/test.h utils/integrity_checker.h utils/process.h \
utils/utils/strerror.h utils/compat/windows.h \
- utils/compat/apple.h utils/utils/atomics.h utils/utils/types.h \
+ utils/compat/apple.h utils/compat/android.h \
+ utils/utils/atomics.h utils/utils/types.h \
utils/utils/byteorder.h utils/utils/string.h \
utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \
utils/utils/status.h utils/utils/object.h utils/utils/time.h \
@@ -609,18 +614,19 @@ ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
plugins/blowfish plugins/rc2 plugins/md4 plugins/md5 \
- plugins/sha1 plugins/sha2 plugins/gmp plugins/rdrand \
- plugins/aesni plugins/random plugins/nonce plugins/hmac \
- plugins/cmac plugins/xcbc plugins/x509 plugins/revocation \
- plugins/constraints plugins/acert plugins/pubkey plugins/pkcs1 \
- plugins/pkcs7 plugins/pkcs8 plugins/pkcs12 plugins/pgp \
- plugins/dnskey plugins/sshkey plugins/pem plugins/curl \
- plugins/files plugins/winhttp plugins/unbound plugins/soup \
- plugins/ldap plugins/mysql plugins/sqlite plugins/padlock \
- plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \
- plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \
- plugins/ccm plugins/gcm plugins/ntru plugins/bliss \
- plugins/test_vectors tests plugins/bliss/tests
+ plugins/sha1 plugins/sha2 plugins/sha3 plugins/gmp \
+ plugins/rdrand plugins/aesni plugins/random plugins/nonce \
+ plugins/hmac plugins/cmac plugins/xcbc plugins/x509 \
+ plugins/revocation plugins/constraints plugins/acert \
+ plugins/pubkey plugins/pkcs1 plugins/pkcs7 plugins/pkcs8 \
+ plugins/pkcs12 plugins/pgp plugins/dnskey plugins/sshkey \
+ plugins/pem plugins/curl plugins/files plugins/winhttp \
+ plugins/unbound plugins/soup plugins/ldap plugins/mysql \
+ plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \
+ plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \
+ plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \
+ plugins/ntru plugins/bliss plugins/test_vectors tests \
+ plugins/bliss/tests
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -886,11 +892,11 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c \
crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
- crypto/iv/iv_gen_seq.c crypto/mgf1/mgf1.c \
- crypto/mgf1/mgf1_bitspender.c credentials/credential_factory.c \
- credentials/builder.c credentials/cred_encoding.c \
- credentials/keys/private_key.c credentials/keys/public_key.c \
- credentials/keys/shared_key.c \
+ crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
+ crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+ credentials/credential_factory.c credentials/builder.c \
+ credentials/cred_encoding.c credentials/keys/private_key.c \
+ credentials/keys/public_key.c credentials/keys/shared_key.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
@@ -945,7 +951,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
@USE_DEV_HEADERS_TRUE@crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
@USE_DEV_HEADERS_TRUE@crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
-@USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
+@USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
@USE_DEV_HEADERS_TRUE@crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
@USE_DEV_HEADERS_TRUE@credentials/credential_factory.h credentials/builder.h \
@USE_DEV_HEADERS_TRUE@credentials/cred_encoding.h credentials/keys/private_key.h \
@@ -982,7 +988,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@utils/cpu_feature.h utils/leak_detective.h utils/printf_hook/printf_hook.h \
@USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
@USE_DEV_HEADERS_TRUE@utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/process.h \
-@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h \
+@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h utils/compat/android.h \
@USE_DEV_HEADERS_TRUE@utils/utils/atomics.h utils/utils/types.h utils/utils/byteorder.h \
@USE_DEV_HEADERS_TRUE@utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \
@USE_DEV_HEADERS_TRUE@utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h
@@ -1007,7 +1013,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \
$(am__append_101) $(am__append_103) $(am__append_105) \
$(am__append_107) $(am__append_109) $(am__append_111) \
$(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121)
+ $(am__append_119) $(am__append_121) $(am__append_123)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -1023,7 +1029,7 @@ AM_YFLAGS = -v -d
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
crypto/proposal/proposal_keywords_static.txt \
-Android.mk AndroidConfigLocal.h
+Android.mk
BUILT_SOURCES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -1059,8 +1065,8 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \
@MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \
@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) tests \
-@MONOLITHIC_FALSE@ $(am__append_122)
+@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \
+@MONOLITHIC_FALSE@ $(am__append_122) tests $(am__append_124)
# build plugins with their own Makefile
#######################################
@@ -1089,8 +1095,8 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \
@MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \
@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) . tests \
-@MONOLITHIC_TRUE@ $(am__append_122)
+@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \
+@MONOLITHIC_TRUE@ $(am__append_122) . tests $(am__append_124)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -1284,6 +1290,8 @@ crypto/iv/iv_gen_rand.lo: crypto/iv/$(am__dirstamp) \
crypto/iv/$(DEPDIR)/$(am__dirstamp)
crypto/iv/iv_gen_seq.lo: crypto/iv/$(am__dirstamp) \
crypto/iv/$(DEPDIR)/$(am__dirstamp)
+crypto/iv/iv_gen_null.lo: crypto/iv/$(am__dirstamp) \
+ crypto/iv/$(DEPDIR)/$(am__dirstamp)
crypto/mgf1/$(am__dirstamp):
@$(MKDIR_P) crypto/mgf1
@: > crypto/mgf1/$(am__dirstamp)
@@ -1750,6 +1758,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@crypto/hashers/$(DEPDIR)/hash_algorithm_set.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/hashers/$(DEPDIR)/hasher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_null.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_rand.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_seq.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1.Plo@am__quote@
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index a750f7fcb..a088b0527 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -199,12 +199,12 @@ const oid_t oid_names[] = {
{ 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */
{ 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */
{ 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */
- {0x2B, 413, 1, 0, "" }, /* 189 */
- { 0x06, 327, 1, 1, "dod" }, /* 190 */
+ {0x2B, 416, 1, 0, "" }, /* 189 */
+ { 0x06, 330, 1, 1, "dod" }, /* 190 */
{ 0x01, 0, 1, 2, "internet" }, /* 191 */
- { 0x04, 278, 1, 3, "private" }, /* 192 */
+ { 0x04, 281, 1, 3, "private" }, /* 192 */
{ 0x01, 0, 1, 4, "enterprise" }, /* 193 */
- { 0x82, 228, 1, 5, "" }, /* 194 */
+ { 0x82, 231, 1, 5, "" }, /* 194 */
{ 0x37, 207, 1, 6, "Microsoft" }, /* 195 */
{ 0x0A, 200, 1, 7, "" }, /* 196 */
{ 0x03, 0, 1, 8, "" }, /* 197 */
@@ -235,254 +235,257 @@ const oid_t oid_names[] = {
{ 0x07, 223, 0, 10, "BLISS-B-III" }, /* 222 */
{ 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 223 */
{ 0x03, 0, 1, 9, "blissSigType" }, /* 224 */
- { 0x01, 226, 0, 10, "BLISS-with-SHA512" }, /* 225 */
- { 0x02, 227, 0, 10, "BLISS-with-SHA384" }, /* 226 */
- { 0x03, 0, 0, 10, "BLISS-with-SHA256" }, /* 227 */
- { 0x89, 235, 1, 5, "" }, /* 228 */
- { 0x31, 0, 1, 6, "" }, /* 229 */
- { 0x01, 0, 1, 7, "" }, /* 230 */
- { 0x01, 0, 1, 8, "" }, /* 231 */
- { 0x02, 0, 1, 9, "" }, /* 232 */
- { 0x02, 0, 1, 10, "" }, /* 233 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 234 */
- { 0x97, 239, 1, 5, "" }, /* 235 */
- { 0x55, 0, 1, 6, "" }, /* 236 */
- { 0x01, 0, 1, 7, "" }, /* 237 */
- { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 238 */
- { 0xC1, 0, 1, 5, "" }, /* 239 */
- { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 240 */
- { 0x01, 0, 1, 7, "eess" }, /* 241 */
- { 0x01, 0, 1, 8, "eess1" }, /* 242 */
- { 0x01, 247, 1, 9, "eess1-algs" }, /* 243 */
- { 0x01, 245, 0, 10, "ntru-EESS1v1-SVES" }, /* 244 */
- { 0x02, 246, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 245 */
- { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 246 */
- { 0x02, 277, 1, 9, "eess1-params" }, /* 247 */
- { 0x01, 249, 0, 10, "ees251ep1" }, /* 248 */
- { 0x02, 250, 0, 10, "ees347ep1" }, /* 249 */
- { 0x03, 251, 0, 10, "ees503ep1" }, /* 250 */
- { 0x07, 252, 0, 10, "ees251sp2" }, /* 251 */
- { 0x0C, 253, 0, 10, "ees251ep4" }, /* 252 */
- { 0x0D, 254, 0, 10, "ees251ep5" }, /* 253 */
- { 0x0E, 255, 0, 10, "ees251sp3" }, /* 254 */
- { 0x0F, 256, 0, 10, "ees251sp4" }, /* 255 */
- { 0x10, 257, 0, 10, "ees251sp5" }, /* 256 */
- { 0x11, 258, 0, 10, "ees251sp6" }, /* 257 */
- { 0x12, 259, 0, 10, "ees251sp7" }, /* 258 */
- { 0x13, 260, 0, 10, "ees251sp8" }, /* 259 */
- { 0x14, 261, 0, 10, "ees251sp9" }, /* 260 */
- { 0x22, 262, 0, 10, "ees401ep1" }, /* 261 */
- { 0x23, 263, 0, 10, "ees449ep1" }, /* 262 */
- { 0x24, 264, 0, 10, "ees677ep1" }, /* 263 */
- { 0x25, 265, 0, 10, "ees1087ep2" }, /* 264 */
- { 0x26, 266, 0, 10, "ees541ep1" }, /* 265 */
- { 0x27, 267, 0, 10, "ees613ep1" }, /* 266 */
- { 0x28, 268, 0, 10, "ees887ep1" }, /* 267 */
- { 0x29, 269, 0, 10, "ees1171ep1" }, /* 268 */
- { 0x2A, 270, 0, 10, "ees659ep1" }, /* 269 */
- { 0x2B, 271, 0, 10, "ees761ep1" }, /* 270 */
- { 0x2C, 272, 0, 10, "ees1087ep1" }, /* 271 */
- { 0x2D, 273, 0, 10, "ees1499ep1" }, /* 272 */
- { 0x2E, 274, 0, 10, "ees401ep2" }, /* 273 */
- { 0x2F, 275, 0, 10, "ees439ep1" }, /* 274 */
- { 0x30, 276, 0, 10, "ees593ep1" }, /* 275 */
- { 0x31, 0, 0, 10, "ees743ep1" }, /* 276 */
- { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 277 */
- { 0x05, 0, 1, 3, "security" }, /* 278 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 279 */
- { 0x07, 324, 1, 5, "id-pkix" }, /* 280 */
- { 0x01, 285, 1, 6, "id-pe" }, /* 281 */
- { 0x01, 283, 0, 7, "authorityInfoAccess" }, /* 282 */
- { 0x03, 284, 0, 7, "qcStatements" }, /* 283 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 284 */
- { 0x02, 288, 1, 6, "id-qt" }, /* 285 */
- { 0x01, 287, 0, 7, "cps" }, /* 286 */
- { 0x02, 0, 0, 7, "unotice" }, /* 287 */
- { 0x03, 298, 1, 6, "id-kp" }, /* 288 */
- { 0x01, 290, 0, 7, "serverAuth" }, /* 289 */
- { 0x02, 291, 0, 7, "clientAuth" }, /* 290 */
- { 0x03, 292, 0, 7, "codeSigning" }, /* 291 */
- { 0x04, 293, 0, 7, "emailProtection" }, /* 292 */
- { 0x05, 294, 0, 7, "ipsecEndSystem" }, /* 293 */
- { 0x06, 295, 0, 7, "ipsecTunnel" }, /* 294 */
- { 0x07, 296, 0, 7, "ipsecUser" }, /* 295 */
- { 0x08, 297, 0, 7, "timeStamping" }, /* 296 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 297 */
- { 0x08, 306, 1, 6, "id-otherNames" }, /* 298 */
- { 0x01, 300, 0, 7, "personalData" }, /* 299 */
- { 0x02, 301, 0, 7, "userGroup" }, /* 300 */
- { 0x03, 302, 0, 7, "id-on-permanentIdentifier" }, /* 301 */
- { 0x04, 303, 0, 7, "id-on-hardwareModuleName" }, /* 302 */
- { 0x05, 304, 0, 7, "xmppAddr" }, /* 303 */
- { 0x06, 305, 0, 7, "id-on-SIM" }, /* 304 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 305 */
- { 0x0A, 311, 1, 6, "id-aca" }, /* 306 */
- { 0x01, 308, 0, 7, "authenticationInfo" }, /* 307 */
- { 0x02, 309, 0, 7, "accessIdentity" }, /* 308 */
- { 0x03, 310, 0, 7, "chargingIdentity" }, /* 309 */
- { 0x04, 0, 0, 7, "group" }, /* 310 */
- { 0x0B, 312, 0, 6, "subjectInfoAccess" }, /* 311 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 312 */
- { 0x01, 321, 1, 7, "ocsp" }, /* 313 */
- { 0x01, 315, 0, 8, "basic" }, /* 314 */
- { 0x02, 316, 0, 8, "nonce" }, /* 315 */
- { 0x03, 317, 0, 8, "crl" }, /* 316 */
- { 0x04, 318, 0, 8, "response" }, /* 317 */
- { 0x05, 319, 0, 8, "noCheck" }, /* 318 */
- { 0x06, 320, 0, 8, "archiveCutoff" }, /* 319 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 320 */
- { 0x02, 322, 0, 7, "caIssuers" }, /* 321 */
- { 0x03, 323, 0, 7, "timeStamping" }, /* 322 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 323 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 324 */
- { 0x02, 0, 1, 6, "certificate" }, /* 325 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 326 */
- { 0x0E, 333, 1, 1, "oiw" }, /* 327 */
- { 0x03, 0, 1, 2, "secsig" }, /* 328 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 329 */
- { 0x07, 331, 0, 4, "des-cbc" }, /* 330 */
- { 0x1A, 332, 0, 4, "sha-1" }, /* 331 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 332 */
- { 0x24, 379, 1, 1, "TeleTrusT" }, /* 333 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 334 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 335 */
- { 0x01, 340, 1, 4, "rsaSignature" }, /* 336 */
- { 0x02, 338, 0, 5, "rsaSigWithripemd160" }, /* 337 */
- { 0x03, 339, 0, 5, "rsaSigWithripemd128" }, /* 338 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 339 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 340 */
- { 0x01, 342, 0, 5, "ecSignWithsha1" }, /* 341 */
- { 0x02, 343, 0, 5, "ecSignWithripemd160" }, /* 342 */
- { 0x03, 344, 0, 5, "ecSignWithmd2" }, /* 343 */
- { 0x04, 345, 0, 5, "ecSignWithmd5" }, /* 344 */
- { 0x05, 362, 1, 5, "ttt-ecg" }, /* 345 */
- { 0x01, 350, 1, 6, "fieldType" }, /* 346 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 347 */
- { 0x01, 0, 1, 8, "basisType" }, /* 348 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 349 */
- { 0x02, 352, 1, 6, "keyType" }, /* 350 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 351 */
- { 0x03, 353, 0, 6, "curve" }, /* 352 */
- { 0x04, 360, 1, 6, "signatures" }, /* 353 */
- { 0x01, 355, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 354 */
- { 0x02, 356, 0, 7, "ecgdsa-with-SHA1" }, /* 355 */
- { 0x03, 357, 0, 7, "ecgdsa-with-SHA224" }, /* 356 */
- { 0x04, 358, 0, 7, "ecgdsa-with-SHA256" }, /* 357 */
- { 0x05, 359, 0, 7, "ecgdsa-with-SHA384" }, /* 358 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 359 */
- { 0x05, 0, 1, 6, "module" }, /* 360 */
- { 0x01, 0, 0, 7, "1" }, /* 361 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 362 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 363 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 364 */
- { 0x01, 366, 0, 8, "brainpoolP160r1" }, /* 365 */
- { 0x02, 367, 0, 8, "brainpoolP160t1" }, /* 366 */
- { 0x03, 368, 0, 8, "brainpoolP192r1" }, /* 367 */
- { 0x04, 369, 0, 8, "brainpoolP192t1" }, /* 368 */
- { 0x05, 370, 0, 8, "brainpoolP224r1" }, /* 369 */
- { 0x06, 371, 0, 8, "brainpoolP224t1" }, /* 370 */
- { 0x07, 372, 0, 8, "brainpoolP256r1" }, /* 371 */
- { 0x08, 373, 0, 8, "brainpoolP256t1" }, /* 372 */
- { 0x09, 374, 0, 8, "brainpoolP320r1" }, /* 373 */
- { 0x0A, 375, 0, 8, "brainpoolP320t1" }, /* 374 */
- { 0x0B, 376, 0, 8, "brainpoolP384r1" }, /* 375 */
- { 0x0C, 377, 0, 8, "brainpoolP384t1" }, /* 376 */
- { 0x0D, 378, 0, 8, "brainpoolP512r1" }, /* 377 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 378 */
- { 0x81, 0, 1, 1, "" }, /* 379 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 380 */
- { 0x00, 0, 1, 3, "curve" }, /* 381 */
- { 0x01, 383, 0, 4, "sect163k1" }, /* 382 */
- { 0x02, 384, 0, 4, "sect163r1" }, /* 383 */
- { 0x03, 385, 0, 4, "sect239k1" }, /* 384 */
- { 0x04, 386, 0, 4, "sect113r1" }, /* 385 */
- { 0x05, 387, 0, 4, "sect113r2" }, /* 386 */
- { 0x06, 388, 0, 4, "secp112r1" }, /* 387 */
- { 0x07, 389, 0, 4, "secp112r2" }, /* 388 */
- { 0x08, 390, 0, 4, "secp160r1" }, /* 389 */
- { 0x09, 391, 0, 4, "secp160k1" }, /* 390 */
- { 0x0A, 392, 0, 4, "secp256k1" }, /* 391 */
- { 0x0F, 393, 0, 4, "sect163r2" }, /* 392 */
- { 0x10, 394, 0, 4, "sect283k1" }, /* 393 */
- { 0x11, 395, 0, 4, "sect283r1" }, /* 394 */
- { 0x16, 396, 0, 4, "sect131r1" }, /* 395 */
- { 0x17, 397, 0, 4, "sect131r2" }, /* 396 */
- { 0x18, 398, 0, 4, "sect193r1" }, /* 397 */
- { 0x19, 399, 0, 4, "sect193r2" }, /* 398 */
- { 0x1A, 400, 0, 4, "sect233k1" }, /* 399 */
- { 0x1B, 401, 0, 4, "sect233r1" }, /* 400 */
- { 0x1C, 402, 0, 4, "secp128r1" }, /* 401 */
- { 0x1D, 403, 0, 4, "secp128r2" }, /* 402 */
- { 0x1E, 404, 0, 4, "secp160r2" }, /* 403 */
- { 0x1F, 405, 0, 4, "secp192k1" }, /* 404 */
- { 0x20, 406, 0, 4, "secp224k1" }, /* 405 */
- { 0x21, 407, 0, 4, "secp224r1" }, /* 406 */
- { 0x22, 408, 0, 4, "secp384r1" }, /* 407 */
- { 0x23, 409, 0, 4, "secp521r1" }, /* 408 */
- { 0x24, 410, 0, 4, "sect409k1" }, /* 409 */
- { 0x25, 411, 0, 4, "sect409r1" }, /* 410 */
- { 0x26, 412, 0, 4, "sect571k1" }, /* 411 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 412 */
- {0x60, 467, 1, 0, "" }, /* 413 */
- { 0x86, 0, 1, 1, "" }, /* 414 */
- { 0x48, 0, 1, 2, "" }, /* 415 */
- { 0x01, 0, 1, 3, "organization" }, /* 416 */
- { 0x65, 443, 1, 4, "gov" }, /* 417 */
- { 0x03, 0, 1, 5, "csor" }, /* 418 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 419 */
- { 0x01, 430, 1, 7, "aes" }, /* 420 */
- { 0x02, 422, 0, 8, "id-aes128-CBC" }, /* 421 */
- { 0x06, 423, 0, 8, "id-aes128-GCM" }, /* 422 */
- { 0x07, 424, 0, 8, "id-aes128-CCM" }, /* 423 */
- { 0x16, 425, 0, 8, "id-aes192-CBC" }, /* 424 */
- { 0x1A, 426, 0, 8, "id-aes192-GCM" }, /* 425 */
- { 0x1B, 427, 0, 8, "id-aes192-CCM" }, /* 426 */
- { 0x2A, 428, 0, 8, "id-aes256-CBC" }, /* 427 */
- { 0x2E, 429, 0, 8, "id-aes256-GCM" }, /* 428 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 429 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 430 */
- { 0x01, 432, 0, 8, "id-sha256" }, /* 431 */
- { 0x02, 433, 0, 8, "id-sha384" }, /* 432 */
- { 0x03, 434, 0, 8, "id-sha512" }, /* 433 */
- { 0x04, 435, 0, 8, "id-sha224" }, /* 434 */
- { 0x05, 436, 0, 8, "id-sha512-224" }, /* 435 */
- { 0x06, 437, 0, 8, "id-sha512-256" }, /* 436 */
- { 0x07, 438, 0, 8, "id-sha3-224" }, /* 437 */
- { 0x08, 439, 0, 8, "id-sha3-256" }, /* 438 */
- { 0x09, 440, 0, 8, "id-sha3-384" }, /* 439 */
- { 0x0A, 441, 0, 8, "id-sha3-512" }, /* 440 */
- { 0x0B, 442, 0, 8, "id-shake128" }, /* 441 */
- { 0x0C, 0, 0, 8, "id-shake256" }, /* 442 */
- { 0x86, 0, 1, 4, "" }, /* 443 */
- { 0xf8, 0, 1, 5, "" }, /* 444 */
- { 0x42, 457, 1, 6, "netscape" }, /* 445 */
- { 0x01, 452, 1, 7, "" }, /* 446 */
- { 0x01, 448, 0, 8, "nsCertType" }, /* 447 */
- { 0x03, 449, 0, 8, "nsRevocationUrl" }, /* 448 */
- { 0x04, 450, 0, 8, "nsCaRevocationUrl" }, /* 449 */
- { 0x08, 451, 0, 8, "nsCaPolicyUrl" }, /* 450 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 451 */
- { 0x03, 455, 1, 7, "directory" }, /* 452 */
- { 0x01, 0, 1, 8, "" }, /* 453 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 454 */
- { 0x04, 0, 1, 7, "policy" }, /* 455 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 456 */
- { 0x45, 0, 1, 6, "verisign" }, /* 457 */
- { 0x01, 0, 1, 7, "pki" }, /* 458 */
- { 0x09, 0, 1, 8, "attributes" }, /* 459 */
- { 0x02, 461, 0, 9, "messageType" }, /* 460 */
- { 0x03, 462, 0, 9, "pkiStatus" }, /* 461 */
- { 0x04, 463, 0, 9, "failInfo" }, /* 462 */
- { 0x05, 464, 0, 9, "senderNonce" }, /* 463 */
- { 0x06, 465, 0, 9, "recipientNonce" }, /* 464 */
- { 0x07, 466, 0, 9, "transID" }, /* 465 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 466 */
- {0x67, 0, 1, 0, "" }, /* 467 */
- { 0x81, 0, 1, 1, "" }, /* 468 */
- { 0x05, 0, 1, 2, "" }, /* 469 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 470 */
- { 0x01, 472, 0, 4, "tcg-at-tpmManufacturer" }, /* 471 */
- { 0x02, 473, 0, 4, "tcg-at-tpmModel" }, /* 472 */
- { 0x03, 474, 0, 4, "tcg-at-tpmVersion" }, /* 473 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 474 */
+ { 0x01, 226, 0, 10, "BLISS-with-SHA2-512" }, /* 225 */
+ { 0x02, 227, 0, 10, "BLISS-with-SHA2-384" }, /* 226 */
+ { 0x03, 228, 0, 10, "BLISS-with-SHA2-256" }, /* 227 */
+ { 0x04, 229, 0, 10, "BLISS-with-SHA3-512" }, /* 228 */
+ { 0x05, 230, 0, 10, "BLISS-with-SHA3-384" }, /* 229 */
+ { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 230 */
+ { 0x89, 238, 1, 5, "" }, /* 231 */
+ { 0x31, 0, 1, 6, "" }, /* 232 */
+ { 0x01, 0, 1, 7, "" }, /* 233 */
+ { 0x01, 0, 1, 8, "" }, /* 234 */
+ { 0x02, 0, 1, 9, "" }, /* 235 */
+ { 0x02, 0, 1, 10, "" }, /* 236 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 237 */
+ { 0x97, 242, 1, 5, "" }, /* 238 */
+ { 0x55, 0, 1, 6, "" }, /* 239 */
+ { 0x01, 0, 1, 7, "" }, /* 240 */
+ { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 241 */
+ { 0xC1, 0, 1, 5, "" }, /* 242 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 243 */
+ { 0x01, 0, 1, 7, "eess" }, /* 244 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 245 */
+ { 0x01, 250, 1, 9, "eess1-algs" }, /* 246 */
+ { 0x01, 248, 0, 10, "ntru-EESS1v1-SVES" }, /* 247 */
+ { 0x02, 249, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 248 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 249 */
+ { 0x02, 280, 1, 9, "eess1-params" }, /* 250 */
+ { 0x01, 252, 0, 10, "ees251ep1" }, /* 251 */
+ { 0x02, 253, 0, 10, "ees347ep1" }, /* 252 */
+ { 0x03, 254, 0, 10, "ees503ep1" }, /* 253 */
+ { 0x07, 255, 0, 10, "ees251sp2" }, /* 254 */
+ { 0x0C, 256, 0, 10, "ees251ep4" }, /* 255 */
+ { 0x0D, 257, 0, 10, "ees251ep5" }, /* 256 */
+ { 0x0E, 258, 0, 10, "ees251sp3" }, /* 257 */
+ { 0x0F, 259, 0, 10, "ees251sp4" }, /* 258 */
+ { 0x10, 260, 0, 10, "ees251sp5" }, /* 259 */
+ { 0x11, 261, 0, 10, "ees251sp6" }, /* 260 */
+ { 0x12, 262, 0, 10, "ees251sp7" }, /* 261 */
+ { 0x13, 263, 0, 10, "ees251sp8" }, /* 262 */
+ { 0x14, 264, 0, 10, "ees251sp9" }, /* 263 */
+ { 0x22, 265, 0, 10, "ees401ep1" }, /* 264 */
+ { 0x23, 266, 0, 10, "ees449ep1" }, /* 265 */
+ { 0x24, 267, 0, 10, "ees677ep1" }, /* 266 */
+ { 0x25, 268, 0, 10, "ees1087ep2" }, /* 267 */
+ { 0x26, 269, 0, 10, "ees541ep1" }, /* 268 */
+ { 0x27, 270, 0, 10, "ees613ep1" }, /* 269 */
+ { 0x28, 271, 0, 10, "ees887ep1" }, /* 270 */
+ { 0x29, 272, 0, 10, "ees1171ep1" }, /* 271 */
+ { 0x2A, 273, 0, 10, "ees659ep1" }, /* 272 */
+ { 0x2B, 274, 0, 10, "ees761ep1" }, /* 273 */
+ { 0x2C, 275, 0, 10, "ees1087ep1" }, /* 274 */
+ { 0x2D, 276, 0, 10, "ees1499ep1" }, /* 275 */
+ { 0x2E, 277, 0, 10, "ees401ep2" }, /* 276 */
+ { 0x2F, 278, 0, 10, "ees439ep1" }, /* 277 */
+ { 0x30, 279, 0, 10, "ees593ep1" }, /* 278 */
+ { 0x31, 0, 0, 10, "ees743ep1" }, /* 279 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 280 */
+ { 0x05, 0, 1, 3, "security" }, /* 281 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 282 */
+ { 0x07, 327, 1, 5, "id-pkix" }, /* 283 */
+ { 0x01, 288, 1, 6, "id-pe" }, /* 284 */
+ { 0x01, 286, 0, 7, "authorityInfoAccess" }, /* 285 */
+ { 0x03, 287, 0, 7, "qcStatements" }, /* 286 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 287 */
+ { 0x02, 291, 1, 6, "id-qt" }, /* 288 */
+ { 0x01, 290, 0, 7, "cps" }, /* 289 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 290 */
+ { 0x03, 301, 1, 6, "id-kp" }, /* 291 */
+ { 0x01, 293, 0, 7, "serverAuth" }, /* 292 */
+ { 0x02, 294, 0, 7, "clientAuth" }, /* 293 */
+ { 0x03, 295, 0, 7, "codeSigning" }, /* 294 */
+ { 0x04, 296, 0, 7, "emailProtection" }, /* 295 */
+ { 0x05, 297, 0, 7, "ipsecEndSystem" }, /* 296 */
+ { 0x06, 298, 0, 7, "ipsecTunnel" }, /* 297 */
+ { 0x07, 299, 0, 7, "ipsecUser" }, /* 298 */
+ { 0x08, 300, 0, 7, "timeStamping" }, /* 299 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 300 */
+ { 0x08, 309, 1, 6, "id-otherNames" }, /* 301 */
+ { 0x01, 303, 0, 7, "personalData" }, /* 302 */
+ { 0x02, 304, 0, 7, "userGroup" }, /* 303 */
+ { 0x03, 305, 0, 7, "id-on-permanentIdentifier" }, /* 304 */
+ { 0x04, 306, 0, 7, "id-on-hardwareModuleName" }, /* 305 */
+ { 0x05, 307, 0, 7, "xmppAddr" }, /* 306 */
+ { 0x06, 308, 0, 7, "id-on-SIM" }, /* 307 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 308 */
+ { 0x0A, 314, 1, 6, "id-aca" }, /* 309 */
+ { 0x01, 311, 0, 7, "authenticationInfo" }, /* 310 */
+ { 0x02, 312, 0, 7, "accessIdentity" }, /* 311 */
+ { 0x03, 313, 0, 7, "chargingIdentity" }, /* 312 */
+ { 0x04, 0, 0, 7, "group" }, /* 313 */
+ { 0x0B, 315, 0, 6, "subjectInfoAccess" }, /* 314 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 315 */
+ { 0x01, 324, 1, 7, "ocsp" }, /* 316 */
+ { 0x01, 318, 0, 8, "basic" }, /* 317 */
+ { 0x02, 319, 0, 8, "nonce" }, /* 318 */
+ { 0x03, 320, 0, 8, "crl" }, /* 319 */
+ { 0x04, 321, 0, 8, "response" }, /* 320 */
+ { 0x05, 322, 0, 8, "noCheck" }, /* 321 */
+ { 0x06, 323, 0, 8, "archiveCutoff" }, /* 322 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 323 */
+ { 0x02, 325, 0, 7, "caIssuers" }, /* 324 */
+ { 0x03, 326, 0, 7, "timeStamping" }, /* 325 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 326 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 327 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 328 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 329 */
+ { 0x0E, 336, 1, 1, "oiw" }, /* 330 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 331 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 332 */
+ { 0x07, 334, 0, 4, "des-cbc" }, /* 333 */
+ { 0x1A, 335, 0, 4, "sha-1" }, /* 334 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 335 */
+ { 0x24, 382, 1, 1, "TeleTrusT" }, /* 336 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 337 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 338 */
+ { 0x01, 343, 1, 4, "rsaSignature" }, /* 339 */
+ { 0x02, 341, 0, 5, "rsaSigWithripemd160" }, /* 340 */
+ { 0x03, 342, 0, 5, "rsaSigWithripemd128" }, /* 341 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 342 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 343 */
+ { 0x01, 345, 0, 5, "ecSignWithsha1" }, /* 344 */
+ { 0x02, 346, 0, 5, "ecSignWithripemd160" }, /* 345 */
+ { 0x03, 347, 0, 5, "ecSignWithmd2" }, /* 346 */
+ { 0x04, 348, 0, 5, "ecSignWithmd5" }, /* 347 */
+ { 0x05, 365, 1, 5, "ttt-ecg" }, /* 348 */
+ { 0x01, 353, 1, 6, "fieldType" }, /* 349 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 350 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 351 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 352 */
+ { 0x02, 355, 1, 6, "keyType" }, /* 353 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 354 */
+ { 0x03, 356, 0, 6, "curve" }, /* 355 */
+ { 0x04, 363, 1, 6, "signatures" }, /* 356 */
+ { 0x01, 358, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 357 */
+ { 0x02, 359, 0, 7, "ecgdsa-with-SHA1" }, /* 358 */
+ { 0x03, 360, 0, 7, "ecgdsa-with-SHA224" }, /* 359 */
+ { 0x04, 361, 0, 7, "ecgdsa-with-SHA256" }, /* 360 */
+ { 0x05, 362, 0, 7, "ecgdsa-with-SHA384" }, /* 361 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 362 */
+ { 0x05, 0, 1, 6, "module" }, /* 363 */
+ { 0x01, 0, 0, 7, "1" }, /* 364 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 365 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 366 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 367 */
+ { 0x01, 369, 0, 8, "brainpoolP160r1" }, /* 368 */
+ { 0x02, 370, 0, 8, "brainpoolP160t1" }, /* 369 */
+ { 0x03, 371, 0, 8, "brainpoolP192r1" }, /* 370 */
+ { 0x04, 372, 0, 8, "brainpoolP192t1" }, /* 371 */
+ { 0x05, 373, 0, 8, "brainpoolP224r1" }, /* 372 */
+ { 0x06, 374, 0, 8, "brainpoolP224t1" }, /* 373 */
+ { 0x07, 375, 0, 8, "brainpoolP256r1" }, /* 374 */
+ { 0x08, 376, 0, 8, "brainpoolP256t1" }, /* 375 */
+ { 0x09, 377, 0, 8, "brainpoolP320r1" }, /* 376 */
+ { 0x0A, 378, 0, 8, "brainpoolP320t1" }, /* 377 */
+ { 0x0B, 379, 0, 8, "brainpoolP384r1" }, /* 378 */
+ { 0x0C, 380, 0, 8, "brainpoolP384t1" }, /* 379 */
+ { 0x0D, 381, 0, 8, "brainpoolP512r1" }, /* 380 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 381 */
+ { 0x81, 0, 1, 1, "" }, /* 382 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 383 */
+ { 0x00, 0, 1, 3, "curve" }, /* 384 */
+ { 0x01, 386, 0, 4, "sect163k1" }, /* 385 */
+ { 0x02, 387, 0, 4, "sect163r1" }, /* 386 */
+ { 0x03, 388, 0, 4, "sect239k1" }, /* 387 */
+ { 0x04, 389, 0, 4, "sect113r1" }, /* 388 */
+ { 0x05, 390, 0, 4, "sect113r2" }, /* 389 */
+ { 0x06, 391, 0, 4, "secp112r1" }, /* 390 */
+ { 0x07, 392, 0, 4, "secp112r2" }, /* 391 */
+ { 0x08, 393, 0, 4, "secp160r1" }, /* 392 */
+ { 0x09, 394, 0, 4, "secp160k1" }, /* 393 */
+ { 0x0A, 395, 0, 4, "secp256k1" }, /* 394 */
+ { 0x0F, 396, 0, 4, "sect163r2" }, /* 395 */
+ { 0x10, 397, 0, 4, "sect283k1" }, /* 396 */
+ { 0x11, 398, 0, 4, "sect283r1" }, /* 397 */
+ { 0x16, 399, 0, 4, "sect131r1" }, /* 398 */
+ { 0x17, 400, 0, 4, "sect131r2" }, /* 399 */
+ { 0x18, 401, 0, 4, "sect193r1" }, /* 400 */
+ { 0x19, 402, 0, 4, "sect193r2" }, /* 401 */
+ { 0x1A, 403, 0, 4, "sect233k1" }, /* 402 */
+ { 0x1B, 404, 0, 4, "sect233r1" }, /* 403 */
+ { 0x1C, 405, 0, 4, "secp128r1" }, /* 404 */
+ { 0x1D, 406, 0, 4, "secp128r2" }, /* 405 */
+ { 0x1E, 407, 0, 4, "secp160r2" }, /* 406 */
+ { 0x1F, 408, 0, 4, "secp192k1" }, /* 407 */
+ { 0x20, 409, 0, 4, "secp224k1" }, /* 408 */
+ { 0x21, 410, 0, 4, "secp224r1" }, /* 409 */
+ { 0x22, 411, 0, 4, "secp384r1" }, /* 410 */
+ { 0x23, 412, 0, 4, "secp521r1" }, /* 411 */
+ { 0x24, 413, 0, 4, "sect409k1" }, /* 412 */
+ { 0x25, 414, 0, 4, "sect409r1" }, /* 413 */
+ { 0x26, 415, 0, 4, "sect571k1" }, /* 414 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 415 */
+ {0x60, 470, 1, 0, "" }, /* 416 */
+ { 0x86, 0, 1, 1, "" }, /* 417 */
+ { 0x48, 0, 1, 2, "" }, /* 418 */
+ { 0x01, 0, 1, 3, "organization" }, /* 419 */
+ { 0x65, 446, 1, 4, "gov" }, /* 420 */
+ { 0x03, 0, 1, 5, "csor" }, /* 421 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 422 */
+ { 0x01, 433, 1, 7, "aes" }, /* 423 */
+ { 0x02, 425, 0, 8, "id-aes128-CBC" }, /* 424 */
+ { 0x06, 426, 0, 8, "id-aes128-GCM" }, /* 425 */
+ { 0x07, 427, 0, 8, "id-aes128-CCM" }, /* 426 */
+ { 0x16, 428, 0, 8, "id-aes192-CBC" }, /* 427 */
+ { 0x1A, 429, 0, 8, "id-aes192-GCM" }, /* 428 */
+ { 0x1B, 430, 0, 8, "id-aes192-CCM" }, /* 429 */
+ { 0x2A, 431, 0, 8, "id-aes256-CBC" }, /* 430 */
+ { 0x2E, 432, 0, 8, "id-aes256-GCM" }, /* 431 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 432 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 433 */
+ { 0x01, 435, 0, 8, "id-sha256" }, /* 434 */
+ { 0x02, 436, 0, 8, "id-sha384" }, /* 435 */
+ { 0x03, 437, 0, 8, "id-sha512" }, /* 436 */
+ { 0x04, 438, 0, 8, "id-sha224" }, /* 437 */
+ { 0x05, 439, 0, 8, "id-sha512-224" }, /* 438 */
+ { 0x06, 440, 0, 8, "id-sha512-256" }, /* 439 */
+ { 0x07, 441, 0, 8, "id-sha3-224" }, /* 440 */
+ { 0x08, 442, 0, 8, "id-sha3-256" }, /* 441 */
+ { 0x09, 443, 0, 8, "id-sha3-384" }, /* 442 */
+ { 0x0A, 444, 0, 8, "id-sha3-512" }, /* 443 */
+ { 0x0B, 445, 0, 8, "id-shake128" }, /* 444 */
+ { 0x0C, 0, 0, 8, "id-shake256" }, /* 445 */
+ { 0x86, 0, 1, 4, "" }, /* 446 */
+ { 0xf8, 0, 1, 5, "" }, /* 447 */
+ { 0x42, 460, 1, 6, "netscape" }, /* 448 */
+ { 0x01, 455, 1, 7, "" }, /* 449 */
+ { 0x01, 451, 0, 8, "nsCertType" }, /* 450 */
+ { 0x03, 452, 0, 8, "nsRevocationUrl" }, /* 451 */
+ { 0x04, 453, 0, 8, "nsCaRevocationUrl" }, /* 452 */
+ { 0x08, 454, 0, 8, "nsCaPolicyUrl" }, /* 453 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 454 */
+ { 0x03, 458, 1, 7, "directory" }, /* 455 */
+ { 0x01, 0, 1, 8, "" }, /* 456 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 457 */
+ { 0x04, 0, 1, 7, "policy" }, /* 458 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 459 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 460 */
+ { 0x01, 0, 1, 7, "pki" }, /* 461 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 462 */
+ { 0x02, 464, 0, 9, "messageType" }, /* 463 */
+ { 0x03, 465, 0, 9, "pkiStatus" }, /* 464 */
+ { 0x04, 466, 0, 9, "failInfo" }, /* 465 */
+ { 0x05, 467, 0, 9, "senderNonce" }, /* 466 */
+ { 0x06, 468, 0, 9, "recipientNonce" }, /* 467 */
+ { 0x07, 469, 0, 9, "transID" }, /* 468 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 469 */
+ {0x67, 0, 1, 0, "" }, /* 470 */
+ { 0x81, 0, 1, 1, "" }, /* 471 */
+ { 0x05, 0, 1, 2, "" }, /* 472 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 473 */
+ { 0x01, 475, 0, 4, "tcg-at-tpmManufacturer" }, /* 474 */
+ { 0x02, 476, 0, 4, "tcg-at-tpmModel" }, /* 475 */
+ { 0x03, 477, 0, 4, "tcg-at-tpmVersion" }, /* 476 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 477 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 0f7c5d644..b9ed08d2e 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -150,103 +150,110 @@ extern const oid_t oid_names[];
#define OID_BLISS_B_II 221
#define OID_BLISS_B_III 222
#define OID_BLISS_B_IV 223
-#define OID_BLISS_WITH_SHA512 225
-#define OID_BLISS_WITH_SHA384 226
-#define OID_BLISS_WITH_SHA256 227
-#define OID_TCGID 234
-#define OID_BLOWFISH_CBC 238
-#define OID_AUTHORITY_INFO_ACCESS 282
-#define OID_IP_ADDR_BLOCKS 284
-#define OID_POLICY_QUALIFIER_CPS 286
-#define OID_POLICY_QUALIFIER_UNOTICE 287
-#define OID_SERVER_AUTH 289
-#define OID_CLIENT_AUTH 290
-#define OID_OCSP_SIGNING 297
-#define OID_XMPP_ADDR 303
-#define OID_AUTHENTICATION_INFO 307
-#define OID_ACCESS_IDENTITY 308
-#define OID_CHARGING_IDENTITY 309
-#define OID_GROUP 310
-#define OID_OCSP 313
-#define OID_BASIC 314
-#define OID_NONCE 315
-#define OID_CRL 316
-#define OID_RESPONSE 317
-#define OID_NO_CHECK 318
-#define OID_ARCHIVE_CUTOFF 319
-#define OID_SERVICE_LOCATOR 320
-#define OID_CA_ISSUERS 321
-#define OID_IKE_INTERMEDIATE 326
-#define OID_DES_CBC 330
-#define OID_SHA1 331
-#define OID_SHA1_WITH_RSA_OIW 332
-#define OID_ECGDSA_PUBKEY 351
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 354
-#define OID_ECGDSA_SIG_WITH_SHA1 355
-#define OID_ECGDSA_SIG_WITH_SHA224 356
-#define OID_ECGDSA_SIG_WITH_SHA256 357
-#define OID_ECGDSA_SIG_WITH_SHA384 358
-#define OID_ECGDSA_SIG_WITH_SHA512 359
-#define OID_SECT163K1 382
-#define OID_SECT163R1 383
-#define OID_SECT239K1 384
-#define OID_SECT113R1 385
-#define OID_SECT113R2 386
-#define OID_SECT112R1 387
-#define OID_SECT112R2 388
-#define OID_SECT160R1 389
-#define OID_SECT160K1 390
-#define OID_SECT256K1 391
-#define OID_SECT163R2 392
-#define OID_SECT283K1 393
-#define OID_SECT283R1 394
-#define OID_SECT131R1 395
-#define OID_SECT131R2 396
-#define OID_SECT193R1 397
-#define OID_SECT193R2 398
-#define OID_SECT233K1 399
-#define OID_SECT233R1 400
-#define OID_SECT128R1 401
-#define OID_SECT128R2 402
-#define OID_SECT160R2 403
-#define OID_SECT192K1 404
-#define OID_SECT224K1 405
-#define OID_SECT224R1 406
-#define OID_SECT384R1 407
-#define OID_SECT521R1 408
-#define OID_SECT409K1 409
-#define OID_SECT409R1 410
-#define OID_SECT571K1 411
-#define OID_SECT571R1 412
-#define OID_AES128_CBC 421
-#define OID_AES128_GCM 422
-#define OID_AES128_CCM 423
-#define OID_AES192_CBC 424
-#define OID_AES192_GCM 425
-#define OID_AES192_CCM 426
-#define OID_AES256_CBC 427
-#define OID_AES256_GCM 428
-#define OID_AES256_CCM 429
-#define OID_SHA256 431
-#define OID_SHA384 432
-#define OID_SHA512 433
-#define OID_SHA224 434
-#define OID_NS_REVOCATION_URL 448
-#define OID_NS_CA_REVOCATION_URL 449
-#define OID_NS_CA_POLICY_URL 450
-#define OID_NS_COMMENT 451
-#define OID_EMPLOYEE_NUMBER 454
-#define OID_PKI_MESSAGE_TYPE 460
-#define OID_PKI_STATUS 461
-#define OID_PKI_FAIL_INFO 462
-#define OID_PKI_SENDER_NONCE 463
-#define OID_PKI_RECIPIENT_NONCE 464
-#define OID_PKI_TRANS_ID 465
-#define OID_TPM_MANUFACTURER 471
-#define OID_TPM_MODEL 472
-#define OID_TPM_VERSION 473
-#define OID_TPM_ID_LABEL 474
+#define OID_BLISS_WITH_SHA2_512 225
+#define OID_BLISS_WITH_SHA2_384 226
+#define OID_BLISS_WITH_SHA2_256 227
+#define OID_BLISS_WITH_SHA3_512 228
+#define OID_BLISS_WITH_SHA3_384 229
+#define OID_BLISS_WITH_SHA3_256 230
+#define OID_TCGID 237
+#define OID_BLOWFISH_CBC 241
+#define OID_AUTHORITY_INFO_ACCESS 285
+#define OID_IP_ADDR_BLOCKS 287
+#define OID_POLICY_QUALIFIER_CPS 289
+#define OID_POLICY_QUALIFIER_UNOTICE 290
+#define OID_SERVER_AUTH 292
+#define OID_CLIENT_AUTH 293
+#define OID_OCSP_SIGNING 300
+#define OID_XMPP_ADDR 306
+#define OID_AUTHENTICATION_INFO 310
+#define OID_ACCESS_IDENTITY 311
+#define OID_CHARGING_IDENTITY 312
+#define OID_GROUP 313
+#define OID_OCSP 316
+#define OID_BASIC 317
+#define OID_NONCE 318
+#define OID_CRL 319
+#define OID_RESPONSE 320
+#define OID_NO_CHECK 321
+#define OID_ARCHIVE_CUTOFF 322
+#define OID_SERVICE_LOCATOR 323
+#define OID_CA_ISSUERS 324
+#define OID_IKE_INTERMEDIATE 329
+#define OID_DES_CBC 333
+#define OID_SHA1 334
+#define OID_SHA1_WITH_RSA_OIW 335
+#define OID_ECGDSA_PUBKEY 354
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 357
+#define OID_ECGDSA_SIG_WITH_SHA1 358
+#define OID_ECGDSA_SIG_WITH_SHA224 359
+#define OID_ECGDSA_SIG_WITH_SHA256 360
+#define OID_ECGDSA_SIG_WITH_SHA384 361
+#define OID_ECGDSA_SIG_WITH_SHA512 362
+#define OID_SECT163K1 385
+#define OID_SECT163R1 386
+#define OID_SECT239K1 387
+#define OID_SECT113R1 388
+#define OID_SECT113R2 389
+#define OID_SECT112R1 390
+#define OID_SECT112R2 391
+#define OID_SECT160R1 392
+#define OID_SECT160K1 393
+#define OID_SECT256K1 394
+#define OID_SECT163R2 395
+#define OID_SECT283K1 396
+#define OID_SECT283R1 397
+#define OID_SECT131R1 398
+#define OID_SECT131R2 399
+#define OID_SECT193R1 400
+#define OID_SECT193R2 401
+#define OID_SECT233K1 402
+#define OID_SECT233R1 403
+#define OID_SECT128R1 404
+#define OID_SECT128R2 405
+#define OID_SECT160R2 406
+#define OID_SECT192K1 407
+#define OID_SECT224K1 408
+#define OID_SECT224R1 409
+#define OID_SECT384R1 410
+#define OID_SECT521R1 411
+#define OID_SECT409K1 412
+#define OID_SECT409R1 413
+#define OID_SECT571K1 414
+#define OID_SECT571R1 415
+#define OID_AES128_CBC 424
+#define OID_AES128_GCM 425
+#define OID_AES128_CCM 426
+#define OID_AES192_CBC 427
+#define OID_AES192_GCM 428
+#define OID_AES192_CCM 429
+#define OID_AES256_CBC 430
+#define OID_AES256_GCM 431
+#define OID_AES256_CCM 432
+#define OID_SHA256 434
+#define OID_SHA384 435
+#define OID_SHA512 436
+#define OID_SHA224 437
+#define OID_SHA3_224 440
+#define OID_SHA3_256 441
+#define OID_SHA3_384 442
+#define OID_SHA3_512 443
+#define OID_NS_REVOCATION_URL 451
+#define OID_NS_CA_REVOCATION_URL 452
+#define OID_NS_CA_POLICY_URL 453
+#define OID_NS_COMMENT 454
+#define OID_EMPLOYEE_NUMBER 457
+#define OID_PKI_MESSAGE_TYPE 463
+#define OID_PKI_STATUS 464
+#define OID_PKI_FAIL_INFO 465
+#define OID_PKI_SENDER_NONCE 466
+#define OID_PKI_RECIPIENT_NONCE 467
+#define OID_PKI_TRANS_ID 468
+#define OID_TPM_MANUFACTURER 474
+#define OID_TPM_MODEL 475
+#define OID_TPM_VERSION 476
+#define OID_TPM_ID_LABEL 477
-#define OID_MAX 475
+#define OID_MAX 478
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 919d24c43..64dedcb33 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -223,9 +223,12 @@
0x07 "BLISS-B-III" OID_BLISS_B_III
0x08 "BLISS-B-IV" OID_BLISS_B_IV
0x03 "blissSigType"
- 0x01 "BLISS-with-SHA512" OID_BLISS_WITH_SHA512
- 0x02 "BLISS-with-SHA384" OID_BLISS_WITH_SHA384
- 0x03 "BLISS-with-SHA256" OID_BLISS_WITH_SHA256
+ 0x01 "BLISS-with-SHA2-512" OID_BLISS_WITH_SHA2_512
+ 0x02 "BLISS-with-SHA2-384" OID_BLISS_WITH_SHA2_384
+ 0x03 "BLISS-with-SHA2-256" OID_BLISS_WITH_SHA2_256
+ 0x04 "BLISS-with-SHA3-512" OID_BLISS_WITH_SHA3_512
+ 0x05 "BLISS-with-SHA3-384" OID_BLISS_WITH_SHA3_384
+ 0x06 "BLISS-with-SHA3-256" OID_BLISS_WITH_SHA3_256
0x89 ""
0x31 ""
0x01 ""
@@ -435,10 +438,10 @@
0x04 "id-sha224" OID_SHA224
0x05 "id-sha512-224"
0x06 "id-sha512-256"
- 0x07 "id-sha3-224"
- 0x08 "id-sha3-256"
- 0x09 "id-sha3-384"
- 0x0A "id-sha3-512"
+ 0x07 "id-sha3-224" OID_SHA3_224
+ 0x08 "id-sha3-256" OID_SHA3_256
+ 0x09 "id-sha3-384" OID_SHA3_384
+ 0x0A "id-sha3-512" OID_SHA3_512
0x0B "id-shake128"
0x0C "id-shake256"
0x86 ""
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 1e93f021a..9988d8021 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -951,9 +951,9 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
{
entry_t entry;
- while (array_remove(other->entries, ARRAY_HEAD, &entry))
- {
- array_insert(this->entries, ARRAY_TAIL, &entry);
+ while (array_remove(other->entries, ARRAY_TAIL, &entry))
+ { /* keep order but prefer new values (esp. for single valued ones) */
+ array_insert(this->entries, ARRAY_HEAD, &entry);
}
array_compress(other->entries);
}
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index bd5915e60..d6f211a34 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
"BLISS"
);
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"UNKNOWN",
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
@@ -44,9 +44,12 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
- "BLISS_WITH_SHA256",
- "BLISS_WITH_SHA384",
- "BLISS_WITH_SHA512",
+ "BLISS_WITH_SHA2_256",
+ "BLISS_WITH_SHA2_384",
+ "BLISS_WITH_SHA2_512",
+ "BLISS_WITH_SHA3_256",
+ "BLISS_WITH_SHA3_384",
+ "BLISS_WITH_SHA3_512",
);
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
@@ -137,12 +140,18 @@ signature_scheme_t signature_scheme_from_oid(int oid)
case OID_ECDSA_WITH_SHA512:
return SIGN_ECDSA_WITH_SHA512_DER;
case OID_BLISS_PUBLICKEY:
- case OID_BLISS_WITH_SHA512:
- return SIGN_BLISS_WITH_SHA512;
- case OID_BLISS_WITH_SHA256:
- return SIGN_BLISS_WITH_SHA256;
- case OID_BLISS_WITH_SHA384:
- return SIGN_BLISS_WITH_SHA384;
+ case OID_BLISS_WITH_SHA2_512:
+ return SIGN_BLISS_WITH_SHA2_512;
+ case OID_BLISS_WITH_SHA2_384:
+ return SIGN_BLISS_WITH_SHA2_384;
+ case OID_BLISS_WITH_SHA2_256:
+ return SIGN_BLISS_WITH_SHA2_256;
+ case OID_BLISS_WITH_SHA3_512:
+ return SIGN_BLISS_WITH_SHA3_512;
+ case OID_BLISS_WITH_SHA3_384:
+ return SIGN_BLISS_WITH_SHA3_384;
+ case OID_BLISS_WITH_SHA3_256:
+ return SIGN_BLISS_WITH_SHA3_256;
}
return SIGN_UNKNOWN;
}
@@ -181,12 +190,18 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_ECDSA_WITH_SHA384;
case SIGN_ECDSA_WITH_SHA512_DER:
return OID_ECDSA_WITH_SHA512;
- case SIGN_BLISS_WITH_SHA256:
- return OID_BLISS_WITH_SHA256;
- case SIGN_BLISS_WITH_SHA384:
- return OID_BLISS_WITH_SHA384;
- case SIGN_BLISS_WITH_SHA512:
- return OID_BLISS_WITH_SHA512;
+ case SIGN_BLISS_WITH_SHA2_256:
+ return OID_BLISS_WITH_SHA2_256;
+ case SIGN_BLISS_WITH_SHA2_384:
+ return OID_BLISS_WITH_SHA2_384;
+ case SIGN_BLISS_WITH_SHA2_512:
+ return OID_BLISS_WITH_SHA2_512;
+ case SIGN_BLISS_WITH_SHA3_256:
+ return OID_BLISS_WITH_SHA3_256;
+ case SIGN_BLISS_WITH_SHA3_384:
+ return OID_BLISS_WITH_SHA3_384;
+ case SIGN_BLISS_WITH_SHA3_512:
+ return OID_BLISS_WITH_SHA3_512;
}
return OID_UNKNOWN;
}
@@ -207,9 +222,9 @@ static struct {
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
- { SIGN_BLISS_WITH_SHA256, KEY_BLISS, 128 },
- { SIGN_BLISS_WITH_SHA384, KEY_BLISS, 192 },
- { SIGN_BLISS_WITH_SHA512, KEY_BLISS, 0 },
+ { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
+ { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
+ { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
};
/**
@@ -284,9 +299,12 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
return KEY_ECDSA;
- case SIGN_BLISS_WITH_SHA256:
- case SIGN_BLISS_WITH_SHA384:
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_256:
+ case SIGN_BLISS_WITH_SHA2_384:
+ case SIGN_BLISS_WITH_SHA2_512:
+ case SIGN_BLISS_WITH_SHA3_256:
+ case SIGN_BLISS_WITH_SHA3_384:
+ case SIGN_BLISS_WITH_SHA3_512:
return KEY_BLISS;
}
return KEY_ANY;
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 66e98b294..ce48f9b7e 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,12 +94,18 @@ enum signature_scheme_t {
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
- /** BLISS with SHA-256 */
- SIGN_BLISS_WITH_SHA256,
- /** BLISS with SHA-384 */
- SIGN_BLISS_WITH_SHA384,
- /** BLISS with SHA-512 */
- SIGN_BLISS_WITH_SHA512,
+ /** BLISS with SHA-2_256 */
+ SIGN_BLISS_WITH_SHA2_256,
+ /** BLISS with SHA-2_384 */
+ SIGN_BLISS_WITH_SHA2_384,
+ /** BLISS with SHA-2_512 */
+ SIGN_BLISS_WITH_SHA2_512,
+ /** BLISS with SHA-3_256 */
+ SIGN_BLISS_WITH_SHA3_256,
+ /** BLISS with SHA-3_384 */
+ SIGN_BLISS_WITH_SHA3_384,
+ /** BLISS with SHA-3_512 */
+ SIGN_BLISS_WITH_SHA3_512,
};
/**
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 38eebea9c..e220593d4 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,8 +1,9 @@
/*
* Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2015 Andreas Steffen
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -24,26 +25,34 @@ ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_SHA512,
"HASH_SHA256",
"HASH_SHA384",
"HASH_SHA512");
-ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA224, HASH_SHA512,
+ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
"HASH_UNKNOWN",
"HASH_MD2",
"HASH_MD4",
"HASH_MD5",
- "HASH_SHA224");
-ENUM_END(hash_algorithm_names, HASH_SHA224);
+ "HASH_SHA224",
+ "HASH_SHA3_224",
+ "HASH_SHA3_256",
+ "HASH_SHA3_384",
+ "HASH_SHA3_512");
+ENUM_END(hash_algorithm_names, HASH_SHA3_512);
ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_SHA512,
"sha1",
"sha256",
"sha384",
"sha512");
-ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA224, HASH_SHA512,
+ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
"unknown",
"md2",
"md4",
"md5",
- "sha224");
-ENUM_END(hash_algorithm_short_names, HASH_SHA224);
+ "sha224",
+ "sha3_224",
+ "sha3_256",
+ "sha3_384",
+ "sha3_512");
+ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
/*
* Described in header.
@@ -73,6 +82,14 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
case OID_SHA512:
case OID_SHA512_WITH_RSA:
return HASH_SHA512;
+ case OID_SHA3_224:
+ return HASH_SHA3_224;
+ case OID_SHA3_256:
+ return HASH_SHA3_256;
+ case OID_SHA3_384:
+ return HASH_SHA3_384;
+ case OID_SHA3_512:
+ return HASH_SHA3_512;
default:
return HASH_UNKNOWN;
}
@@ -242,6 +259,10 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
case HASH_MD2:
case HASH_MD4:
case HASH_SHA224:
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512:
case HASH_UNKNOWN:
break;
}
@@ -265,6 +286,10 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
case HASH_MD4:
case HASH_MD5:
case HASH_SHA224:
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512:
break;
}
return FALSE;
@@ -300,6 +325,18 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg)
case HASH_SHA512:
oid = OID_SHA512;
break;
+ case HASH_SHA3_224:
+ oid = OID_SHA3_224;
+ break;
+ case HASH_SHA3_256:
+ oid = OID_SHA3_256;
+ break;
+ case HASH_SHA3_384:
+ oid = OID_SHA3_384;
+ break;
+ case HASH_SHA3_512:
+ oid = OID_SHA3_512;
+ break;
default:
oid = OID_UNKNOWN;
}
@@ -351,11 +388,17 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
switch (alg)
{
case HASH_SHA256:
- return OID_BLISS_WITH_SHA256;
+ return OID_BLISS_WITH_SHA2_256;
case HASH_SHA384:
- return OID_BLISS_WITH_SHA384;
+ return OID_BLISS_WITH_SHA2_384;
case HASH_SHA512:
- return OID_BLISS_WITH_SHA512;
+ return OID_BLISS_WITH_SHA2_512;
+ case HASH_SHA3_256:
+ return OID_BLISS_WITH_SHA3_256;
+ case HASH_SHA3_384:
+ return OID_BLISS_WITH_SHA3_384;
+ case HASH_SHA3_512:
+ return OID_BLISS_WITH_SHA3_512;
default:
return OID_UNKNOWN;
}
@@ -385,18 +428,24 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_SHA256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
return HASH_SHA256;
case SIGN_RSA_EMSA_PKCS1_SHA384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
return HASH_SHA384;
case SIGN_RSA_EMSA_PKCS1_SHA512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
return HASH_SHA512;
+ case SIGN_BLISS_WITH_SHA3_256:
+ return HASH_SHA3_256;
+ case SIGN_BLISS_WITH_SHA3_384:
+ return HASH_SHA3_384;
+ case SIGN_BLISS_WITH_SHA3_512:
+ return HASH_SHA3_512;
}
return HASH_UNKNOWN;
}
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 772586308..272502cf0 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -45,6 +45,10 @@ enum hash_algorithm_t {
HASH_MD4 = 1026,
HASH_MD5 = 1027,
HASH_SHA224 = 1028,
+ HASH_SHA3_224 = 1029,
+ HASH_SHA3_256 = 1030,
+ HASH_SHA3_384 = 1031,
+ HASH_SHA3_512 = 1032
};
#define HASH_SIZE_MD2 16
diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c
index 7d6570a74..c70627723 100644
--- a/src/libstrongswan/crypto/iv/iv_gen.c
+++ b/src/libstrongswan/crypto/iv/iv_gen.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2015 Martin Willi
* Copyright (C) 2015 revosec AG
*
@@ -16,6 +19,7 @@
#include "iv_gen.h"
#include "iv_gen_rand.h"
#include "iv_gen_seq.h"
+#include "iv_gen_null.h"
/**
* See header.
@@ -52,6 +56,7 @@ iv_gen_t* iv_gen_create_for_alg(encryption_algorithm_t alg)
case ENCR_NULL_AUTH_AES_GMAC:
return iv_gen_seq_create();
case ENCR_NULL:
+ return iv_gen_null_create();
case ENCR_UNDEFINED:
case ENCR_DES_ECB:
case ENCR_DES_IV32:
diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c
new file mode 100644
index 000000000..b13de0674
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_null.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "iv_gen_null.h"
+
+typedef struct private_iv_gen_t private_iv_gen_t;
+
+/**
+ * Private data of an iv_gen_t object.
+ */
+struct private_iv_gen_t {
+
+ /**
+ * Public iv_gen_t interface.
+ */
+ iv_gen_t public;
+};
+
+METHOD(iv_gen_t, get_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer)
+{
+ return size == 0;
+}
+
+METHOD(iv_gen_t, allocate_iv, bool,
+ private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk)
+{
+ *chunk = chunk_empty;
+ return size == 0;
+}
+
+METHOD(iv_gen_t, destroy, void,
+ private_iv_gen_t *this)
+{
+ free(this);
+}
+
+iv_gen_t *iv_gen_null_create()
+{
+ private_iv_gen_t *this;
+
+ INIT(this,
+ .public = {
+ .get_iv = _get_iv,
+ .allocate_iv = _allocate_iv,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.h b/src/libstrongswan/crypto/iv/iv_gen_null.h
new file mode 100644
index 000000000..b63f0c3e9
--- /dev/null
+++ b/src/libstrongswan/crypto/iv/iv_gen_null.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @{ @ingroup iv
+ */
+
+#ifndef IV_GEN_NULL_H_
+#define IV_GEN_NULL_H_
+
+#include <crypto/iv/iv_gen.h>
+
+/**
+ * Create an IV generator that does not actually generate an IV.
+ *
+ * @return IV generator
+ */
+iv_gen_t *iv_gen_null_create();
+
+#endif /** IV_GEN_NULL_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 07597c318..4adcf1e76 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -55,19 +55,31 @@ METHOD(plugin_t, get_features, int,
PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
/* signature schemes, private */
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
/* signature verification schemes */
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
};
*features = f;
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 1386eeb2d..20bbc6ac5 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -511,12 +511,18 @@ METHOD(private_key_t, sign, bool,
{
switch (scheme)
{
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
return sign_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
return sign_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
return sign_bliss(this, HASH_SHA512, data, signature);
+ case SIGN_BLISS_WITH_SHA3_256:
+ return sign_bliss(this, HASH_SHA3_256, data, signature);
+ case SIGN_BLISS_WITH_SHA3_384:
+ return sign_bliss(this, HASH_SHA3_384, data, signature);
+ case SIGN_BLISS_WITH_SHA3_512:
+ return sign_bliss(this, HASH_SHA3_512, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index 2b305f6c2..93d1165eb 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -193,12 +193,18 @@ METHOD(public_key_t, verify, bool,
{
switch (scheme)
{
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
return verify_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
return verify_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
return verify_bliss(this, HASH_SHA512, data, signature);
+ case SIGN_BLISS_WITH_SHA3_256:
+ return verify_bliss(this, HASH_SHA3_256, data, signature);
+ case SIGN_BLISS_WITH_SHA3_384:
+ return verify_bliss(this, HASH_SHA3_384, data, signature);
+ case SIGN_BLISS_WITH_SHA3_512:
+ return verify_bliss(this, HASH_SHA3_512, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
index 8b4e9cbf0..a3e4420a9 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
@@ -36,13 +36,13 @@ START_TEST(test_bliss_sign_all)
switch (k)
{
case 1:
- signature_scheme = SIGN_BLISS_WITH_SHA256;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_256;
break;
case 2:
- signature_scheme = SIGN_BLISS_WITH_SHA384;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_384;
break;
default:
- signature_scheme = SIGN_BLISS_WITH_SHA512;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_512;
}
/* enforce BLISS-B key for k = 2, 3 */
@@ -176,14 +176,14 @@ START_TEST(test_bliss_sign_fail)
/* generate valid signature */
msg = chunk_from_str("Hello Dolly!");
- ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature));
+ ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
/* verify with invalid signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
/* corrupt signature */
signature.ptr[signature.len - 1] ^= 0x80;
- ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
free(signature.ptr);
privkey->destroy(privkey);
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 7653c1986..9207f11b6 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -123,7 +123,7 @@ METHOD(fetcher_t, fetch, status_t,
curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers);
}
- DBG2(DBG_LIB, " sending http request to '%s'...", uri);
+ DBG2(DBG_LIB, " sending request to '%s'...", uri);
curl_status = curl_easy_perform(this->curl);
switch (curl_status)
{
@@ -137,10 +137,10 @@ METHOD(fetcher_t, fetch, status_t,
{
*this->result = result;
}
- status = (result >= 200 && result < 300) ? SUCCESS : FAILED;
+ status = (result < 400) ? SUCCESS : FAILED;
break;
default:
- DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status,
+ DBG1(DBG_LIB, "libcurl request failed [%d]: %s", curl_status,
error);
status = FAILED;
break;
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index cac442fc0..49ec48804 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -18,6 +18,7 @@
#ifndef OPENSSL_NO_DH
+#include <openssl/bn.h>
#include <openssl/dh.h>
#include "openssl_diffie_hellman.h"
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index a1af500e2..11d6e8ec5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -17,6 +17,7 @@
#ifndef OPENSSL_NO_EC
+#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/objects.h>
#include <openssl/bn.h>
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 10a35c1fd..de02f302d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -23,6 +23,7 @@
#include <utils/debug.h>
+#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_ENGINE
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index aa54d3bbd..db928569f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -23,6 +23,7 @@
#include <utils/debug.h>
+#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 0e61086b1..2f9813701 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -18,6 +18,7 @@
#include <utils/debug.h>
+#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index f7ac347d2..01d0495be 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -356,6 +356,7 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name,
{
plugin_entry_t *entry;
void *handle;
+ int flag = RTLD_LAZY;
switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, critical, &entry))
{
@@ -380,15 +381,19 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name,
return NULL;
}
}
- handle = dlopen(file, RTLD_LAZY
+ if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
+ lib->ns, FALSE))
+ {
+ flag = RTLD_NOW;
+ }
#ifdef RTLD_NODELETE
- /* if supported, do not unload library when unloading a plugin. It really
- * doesn't matter in productive systems, but causes many (dependency)
- * library reloads during unit tests. Some libraries can't handle that,
+ /* If supported, do not unload the library when unloading a plugin. It
+ * really doesn't matter in productive systems, but causes many (dependency)
+ * library reloads during unit tests. Some libraries can't handle that, e.g.
* GnuTLS leaks file descriptors in its library load/unload functions. */
- | RTLD_NODELETE
+ flag |= RTLD_NODELETE;
#endif
- );
+ handle = dlopen(file, flag);
if (handle == NULL)
{
DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror());
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 36d5446b8..177b3c2e5 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -56,6 +56,7 @@ METHOD(rng_t, get_bytes, bool,
DBG1(DBG_LIB, "reading from random FD %d failed: %s, retrying...",
this->fd, strerror(errno));
sleep(1);
+ continue;
}
done += got;
}
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 9fd5b2a22..fdcb9902b 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url)
return NULL;
}
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
- BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
+ BUILD_BLOB_PEM, chunk, BUILD_END);
chunk_free(&chunk);
if (!crl)
{
diff --git a/src/libstrongswan/plugins/sha3/Makefile.am b/src/libstrongswan/plugins/sha3/Makefile.am
new file mode 100644
index 000000000..7ccf58ce6
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/Makefile.am
@@ -0,0 +1,16 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sha3.la
+else
+plugin_LTLIBRARIES = libstrongswan-sha3.la
+endif
+
+libstrongswan_sha3_la_SOURCES = \
+ sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h
+
+libstrongswan_sha3_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
new file mode 100644
index 000000000..3034ea537
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -0,0 +1,774 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/sha3
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_sha3_la_LIBADD =
+am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo
+libstrongswan_sha3_la_OBJECTS = $(am_libstrongswan_sha3_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_sha3_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_sha3_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sha3_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sha3_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_sha3_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_sha3_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha3.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha3.la
+libstrongswan_sha3_la_SOURCES = \
+ sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h
+
+libstrongswan_sha3_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libstrongswan-sha3.la: $(libstrongswan_sha3_la_OBJECTS) $(libstrongswan_sha3_la_DEPENDENCIES) $(EXTRA_libstrongswan_sha3_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_sha3_la_LINK) $(am_libstrongswan_sha3_la_rpath) $(libstrongswan_sha3_la_OBJECTS) $(libstrongswan_sha3_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.c b/src/libstrongswan/plugins/sha3/sha3_hasher.c
new file mode 100644
index 000000000..b34a02594
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_hasher.c
@@ -0,0 +1,527 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely,
+ * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and
+ * Ronny Van Keer, hereby denoted as "the implementer".
+ *
+ * To the extent possible under law, the implementer has waived all copyright
+ * and related or neighboring rights to the source code in this file.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+#include <string.h>
+
+#include "sha3_hasher.h"
+
+typedef struct private_sha3_hasher_t private_sha3_hasher_t;
+
+#define KECCAK_STATE_SIZE 200 /* bytes */
+#define KECCAK_MAX_RATE 144 /* bytes */
+#define DELIMITED_SUFFIX 0x06
+
+static const uint64_t round_constants[] = {
+ 0x0000000000000001ULL,
+ 0x0000000000008082ULL,
+ 0x800000000000808aULL,
+ 0x8000000080008000ULL,
+ 0x000000000000808bULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008009ULL,
+ 0x000000000000008aULL,
+ 0x0000000000000088ULL,
+ 0x0000000080008009ULL,
+ 0x000000008000000aULL,
+ 0x000000008000808bULL,
+ 0x800000000000008bULL,
+ 0x8000000000008089ULL,
+ 0x8000000000008003ULL,
+ 0x8000000000008002ULL,
+ 0x8000000000000080ULL,
+ 0x000000000000800aULL,
+ 0x800000008000000aULL,
+ 0x8000000080008081ULL,
+ 0x8000000000008080ULL,
+ 0x0000000080000001ULL,
+ 0x8000000080008008ULL
+};
+
+/**
+ * Private data structure with hashing context for SHA-3
+ */
+struct private_sha3_hasher_t {
+
+ /**
+ * Public interface for this hasher.
+ */
+ sha3_hasher_t public;
+
+ /**
+ * SHA-3 algorithm to be used
+ */
+ hash_algorithm_t algorithm;
+
+ /**
+ * Internal state of 1600 bits as defined by FIPS-202
+ */
+ uint8_t state[KECCAK_STATE_SIZE];
+
+ /**
+ * Rate in bytes
+ */
+ u_int rate;
+
+ /**
+ * Rate input buffer
+ */
+ uint8_t rate_buffer[KECCAK_MAX_RATE];
+
+ /**
+ * Index pointing to the current position in the rate buffer
+ */
+ u_int rate_index;
+
+};
+
+#if BYTE_ORDER != LITTLE_ENDIAN
+/**
+ * Function to load a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static uint64_t load64(const uint8_t *x)
+{
+ int i;
+ uint64_t u = 0;
+
+ for (i = 7; i >= 0; --i)
+ {
+ u <<= 8;
+ u |= x[i];
+ }
+ return u;
+}
+
+/**
+ * Function to store a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static void store64(uint8_t *x, uint64_t u)
+{
+ u_int i;
+
+ for (i = 0; i < 8; ++i)
+ {
+ x[i] = u;
+ u >>= 8;
+ }
+}
+
+/**
+ * Function to XOR into a 64-bit value using the little-endian (LE) convention.
+ * On a LE platform, this could be greatly simplified using a cast.
+ */
+static void xor64(uint8_t *x, uint64_t u)
+{
+ u_int i;
+
+ for (i = 0; i < 8; ++i)
+ {
+ x[i] ^= u;
+ u >>= 8;
+ }
+}
+#endif
+
+/**
+ * Some macros used by the Keccak-f[1600] permutation.
+ */
+#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset)))
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ #define readLane(i) (((uint64_t*)state)[i])
+ #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane)
+ #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane)
+#elif BYTE_ORDER == BIG_ENDIAN
+ #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i))
+ #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane)
+ #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane)
+#endif
+
+/**
+ * Function that computes the Keccak-f[1600] permutation on the given state.
+ */
+static void keccak_f1600_state_permute(void *state)
+{
+ int round;
+
+ for (round = 0; round < 24; round++)
+ {
+ { /* θ step (see [Keccak Reference, Section 2.3.2]) */
+
+ uint64_t C[5], D;
+
+ /* Compute the parity of the columns */
+ C[0] = readLane(0) ^ readLane( 5) ^ readLane(10)
+ ^ readLane(15) ^ readLane(20);
+ C[1] = readLane(1) ^ readLane( 6) ^ readLane(11)
+ ^ readLane(16) ^ readLane(21);
+ C[2] = readLane(2) ^ readLane( 7) ^ readLane(12)
+ ^ readLane(17) ^ readLane(22);
+ C[3] = readLane(3) ^ readLane( 8) ^ readLane(13)
+ ^ readLane(18) ^ readLane(23);
+ C[4] = readLane(4) ^ readLane( 9) ^ readLane(14)
+ ^ readLane(19) ^ readLane(24);
+
+ /* Compute and add the θ effect to the whole column */
+ D = C[4] ^ ROL64(C[1], 1);
+ XORLane( 0, D);
+ XORLane( 5, D);
+ XORLane(10, D);
+ XORLane(15, D);
+ XORLane(20, D);
+
+ D = C[0] ^ ROL64(C[2], 1);
+ XORLane( 1, D);
+ XORLane( 6, D);
+ XORLane(11, D);
+ XORLane(16, D);
+ XORLane(21, D);
+
+ D = C[1] ^ ROL64(C[3], 1);
+ XORLane( 2, D);
+ XORLane( 7, D);
+ XORLane(12, D);
+ XORLane(17, D);
+ XORLane(22, D);
+
+ D = C[2] ^ ROL64(C[4], 1);
+ XORLane( 3, D);
+ XORLane( 8, D);
+ XORLane(13, D);
+ XORLane(18, D);
+ XORLane(23, D);
+
+ D = C[3] ^ ROL64(C[0], 1);
+ XORLane( 4, D);
+ XORLane( 9, D);
+ XORLane(14, D);
+ XORLane(19, D);
+ XORLane(24, D);
+ }
+
+ { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */
+
+ uint64_t t1, t2;
+
+ t1 = readLane( 1);
+
+ t2 = readLane(10);
+ writeLane(10, ROL64(t1, 1));
+
+ t1 = readLane( 7);
+ writeLane( 7, ROL64(t2, 3));
+
+ t2 = readLane(11);
+ writeLane(11, ROL64(t1, 6));
+
+ t1 = readLane(17);
+ writeLane(17, ROL64(t2, 10));
+
+ t2 = readLane(18);
+ writeLane(18, ROL64(t1, 15));
+
+ t1 = readLane( 3);
+ writeLane( 3, ROL64(t2, 21));
+
+ t2 = readLane( 5);
+ writeLane( 5, ROL64(t1, 28));
+
+ t1 = readLane(16);
+ writeLane(16, ROL64(t2, 36));
+
+ t2 = readLane( 8);
+ writeLane( 8, ROL64(t1, 45));
+
+ t1 = readLane(21);
+ writeLane(21, ROL64(t2, 55));
+
+ t2 = readLane(24);
+ writeLane(24, ROL64(t1, 2));
+
+ t1 = readLane( 4);
+ writeLane( 4, ROL64(t2, 14));
+
+ t2 = readLane(15);
+ writeLane(15, ROL64(t1, 27));
+
+ t1 = readLane(23);
+ writeLane(23, ROL64(t2, 41));
+
+ t2 = readLane(19);
+ writeLane(19, ROL64(t1, 56));
+
+ t1 = readLane(13);
+ writeLane(13, ROL64(t2, 8));
+
+ t2 = readLane(12);
+ writeLane(12, ROL64(t1, 25));
+
+ t1 = readLane( 2);
+ writeLane( 2, ROL64(t2, 43));
+
+ t2 = readLane(20);
+ writeLane(20, ROL64(t1, 62));
+
+ t1 = readLane(14);
+ writeLane(14, ROL64(t2, 18));
+
+ t2 = readLane(22);
+ writeLane(22, ROL64(t1, 39));
+
+ t1 = readLane( 9);
+ writeLane( 9, ROL64(t2, 61));
+
+ t2 = readLane( 6);
+ writeLane( 6, ROL64(t1, 20));
+
+ writeLane( 1, ROL64(t2, 44));
+ }
+
+ { /* χ step (see [Keccak Reference, Section 2.3.1]) */
+
+ uint64_t t[5];
+
+ t[0] = readLane(0);
+ t[1] = readLane(1);
+ t[2] = readLane(2);
+ t[3] = readLane(3);
+ t[4] = readLane(4);
+
+ writeLane(0, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(1, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(2, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(3, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(4, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(5);
+ t[1] = readLane(6);
+ t[2] = readLane(7);
+ t[3] = readLane(8);
+ t[4] = readLane(9);
+
+ writeLane(5, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(6, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(7, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(8, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(9, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(10);
+ t[1] = readLane(11);
+ t[2] = readLane(12);
+ t[3] = readLane(13);
+ t[4] = readLane(14);
+
+ writeLane(10, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(11, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(12, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(13, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(14, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(15);
+ t[1] = readLane(16);
+ t[2] = readLane(17);
+ t[3] = readLane(18);
+ t[4] = readLane(19);
+
+ writeLane(15, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(16, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(17, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(18, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(19, t[4] ^ ((~t[0]) & t[1]));
+
+ t[0] = readLane(20);
+ t[1] = readLane(21);
+ t[2] = readLane(22);
+ t[3] = readLane(23);
+ t[4] = readLane(24);
+
+ writeLane(20, t[0] ^ ((~t[1]) & t[2]));
+ writeLane(21, t[1] ^ ((~t[2]) & t[3]));
+ writeLane(22, t[2] ^ ((~t[3]) & t[4]));
+ writeLane(23, t[3] ^ ((~t[4]) & t[0]));
+ writeLane(24, t[4] ^ ((~t[0]) & t[1]));
+ }
+
+ { /* ι step (see [Keccak Reference, Section 2.3.5]) */
+
+ XORLane(0, round_constants[round]);
+ }
+ }
+}
+
+METHOD(hasher_t, reset, bool,
+ private_sha3_hasher_t *this)
+{
+ memset(this->state, 0x00, KECCAK_STATE_SIZE);
+ this->rate_index = 0;
+
+ return TRUE;
+}
+
+METHOD(hasher_t, get_hash_size, size_t,
+ private_sha3_hasher_t *this)
+{
+ switch (this->algorithm)
+ {
+ case HASH_SHA3_224:
+ return HASH_SIZE_SHA224;
+ case HASH_SHA3_256:
+ return HASH_SIZE_SHA256;
+ case HASH_SHA3_384:
+ return HASH_SIZE_SHA384;
+ case HASH_SHA3_512:
+ return HASH_SIZE_SHA512;
+ default:
+ return 0;
+ }
+}
+
+static void sha3_absorb(private_sha3_hasher_t *this, chunk_t data)
+{
+ uint64_t *buffer_lanes, *state_lanes;
+ size_t len, rate_lanes;
+ int i;
+
+ buffer_lanes = (uint64_t*)this->rate_buffer;
+ state_lanes = (uint64_t*)this->state;
+ rate_lanes = this->rate / sizeof(uint64_t);
+
+ while (data.len)
+ {
+ len = min(data.len, this->rate - this->rate_index);
+ memcpy(this->rate_buffer + this->rate_index, data.ptr, len);
+ this->rate_index += len;
+ data.ptr += len;
+ data.len -= len;
+
+ if (this->rate_index == this->rate)
+ {
+ for (i = 0; i < rate_lanes; i++)
+ {
+ state_lanes[i] ^= buffer_lanes[i];
+ }
+ this->rate_index = 0;
+
+ keccak_f1600_state_permute(this->state);
+ }
+ }
+}
+
+static void sha3_final(private_sha3_hasher_t *this)
+{
+ uint64_t *buffer_lanes, *state_lanes;
+ size_t rate_lanes, remainder;
+ int i;
+
+ /* Add the delimitedSuffix as the first bit of padding */
+ this->rate_buffer[this->rate_index++] = DELIMITED_SUFFIX;
+
+ buffer_lanes = (uint64_t*)this->rate_buffer;
+ state_lanes = (uint64_t*)this->state;
+ rate_lanes = this->rate_index / sizeof(uint64_t);
+
+ remainder = this->rate_index - rate_lanes * sizeof(uint64_t);
+ if (remainder)
+ {
+ memset(this->rate_buffer + this->rate_index, 0x00,
+ sizeof(uint64_t) - remainder);
+ rate_lanes++;
+ }
+ for (i = 0; i < rate_lanes; i++)
+ {
+ state_lanes[i] ^= buffer_lanes[i];
+ }
+
+ /* Add the second bit of padding */
+ this->state[this->rate - 1] ^= 0x80;
+
+ /* Switch to the squeezing phase */
+ keccak_f1600_state_permute(this->state);
+}
+
+METHOD(hasher_t, get_hash, bool,
+ private_sha3_hasher_t *this, chunk_t chunk, uint8_t *buffer)
+{
+ sha3_absorb(this, chunk);
+
+ if (buffer != NULL)
+ {
+ sha3_final(this);
+ memcpy(buffer, this->state, get_hash_size(this));
+ reset(this);
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, allocate_hash, bool,
+ private_sha3_hasher_t *this, chunk_t chunk, chunk_t *hash)
+{
+ chunk_t allocated_hash;
+
+ sha3_absorb(this, chunk);
+
+ if (hash != NULL)
+ {
+ sha3_final(this);
+ allocated_hash = chunk_alloc(get_hash_size(this));
+ memcpy(allocated_hash.ptr, this->state, allocated_hash.len);
+ reset(this);
+ *hash = allocated_hash;
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, destroy, void,
+ sha3_hasher_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm)
+{
+ private_sha3_hasher_t *this;
+
+ switch (algorithm)
+ {
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512:
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .reset = _reset,
+ .get_hash_size = _get_hash_size,
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .destroy = _destroy,
+ },
+ },
+ .algorithm = algorithm,
+ );
+
+ this->rate = KECCAK_STATE_SIZE - 2*get_hash_size(this);
+ reset(this);
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.h b/src/libstrongswan/plugins/sha3/sha3_hasher.h
new file mode 100644
index 000000000..2f18d35b0
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_hasher.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup sha3_hasher sha3_hasher
+ * @{ @ingroup sha3_p
+ */
+
+#ifndef SHA3_HASHER_H_
+#define SHA3_HASHER_H_
+
+typedef struct sha3_hasher_t sha3_hasher_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Implementation of hasher_t interface using the SHA-3 algorithm family
+ * SHA3_224, SHA3_256, SHA3_384 and SHA3_512 as defined by FIPS-202.
+ */
+struct sha3_hasher_t {
+
+ /**
+ * Generic hasher_t interface for this hasher.
+ */
+ hasher_t hasher_interface;
+};
+
+/**
+ * Creates a new sha3_hasher_t.
+ *
+ * @param algorithm HASH3_224, HASH_SHA3_256, HASH_SHA3_384 or HASH_SHA3_512
+ * @return sha3_hasher_t object, NULL if not supported
+ */
+sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm);
+
+#endif /** SHA3_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.c b/src/libstrongswan/plugins/sha3/sha3_plugin.c
new file mode 100644
index 000000000..28068f38e
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_plugin.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "sha3_plugin.h"
+
+#include <library.h>
+#include "sha3_hasher.h"
+
+typedef struct private_sha3_plugin_t private_sha3_plugin_t;
+
+/**
+ * private data of sha3_plugin
+ */
+struct private_sha3_plugin_t {
+
+ /**
+ * public functions
+ */
+ sha3_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_sha3_plugin_t *this)
+{
+ return "sha3";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_sha3_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(HASHER, sha3_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA3_224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_sha3_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *sha3_plugin_create()
+{
+ private_sha3_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.h b/src/libstrongswan/plugins/sha3/sha3_plugin.h
new file mode 100644
index 000000000..09c8e5d81
--- /dev/null
+++ b/src/libstrongswan/plugins/sha3/sha3_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup sha3_p sha3
+ * @ingroup plugins
+ *
+ * @defgroup sha3_plugin sha3_plugin
+ * @{ @ingroup sha3_p
+ */
+
+#ifndef SHA3_PLUGIN_H_
+#define SHA3_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct sha3_plugin_t sha3_plugin_t;
+
+/**
+ * Plugin implementing the SHA356, SHA384 and SHA512 algorithms in software.
+ */
+struct sha3_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** SHA3_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 72ba4ceef..ab540e78e 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -40,6 +40,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/sha1_hmac.c \
test_vectors/sha2.c \
test_vectors/sha2_hmac.c \
+ test_vectors/sha3.c \
test_vectors/fips_prf.c \
test_vectors/modp.c \
test_vectors/modpsub.c \
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index fa7c3cb82..100f3b15a 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -142,9 +142,10 @@ am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
test_vectors/md2.lo test_vectors/md4.lo test_vectors/md5.lo \
test_vectors/md5_hmac.lo test_vectors/sha1.lo \
test_vectors/sha1_hmac.lo test_vectors/sha2.lo \
- test_vectors/sha2_hmac.lo test_vectors/fips_prf.lo \
- test_vectors/modp.lo test_vectors/modpsub.lo \
- test_vectors/ecp.lo test_vectors/ecpbp.lo test_vectors/rng.lo
+ test_vectors/sha2_hmac.lo test_vectors/sha3.lo \
+ test_vectors/fips_prf.lo test_vectors/modp.lo \
+ test_vectors/modpsub.lo test_vectors/ecp.lo \
+ test_vectors/ecpbp.lo test_vectors/rng.lo
libstrongswan_test_vectors_la_OBJECTS = \
$(am_libstrongswan_test_vectors_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
@@ -482,6 +483,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/sha1_hmac.c \
test_vectors/sha2.c \
test_vectors/sha2_hmac.c \
+ test_vectors/sha3.c \
test_vectors/fips_prf.c \
test_vectors/modp.c \
test_vectors/modpsub.c \
@@ -632,6 +634,8 @@ test_vectors/sha2.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/sha2_hmac.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
+test_vectors/sha3.lo: test_vectors/$(am__dirstamp) \
+ test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/fips_prf.lo: test_vectors/$(am__dirstamp) \
test_vectors/$(DEPDIR)/$(am__dirstamp)
test_vectors/modp.lo: test_vectors/$(am__dirstamp) \
@@ -690,6 +694,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha1_hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/twofish_cbc.Plo@am__quote@
.c.o:
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index 57c218c16..3ff211da8 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -184,6 +184,30 @@ TEST_VECTOR_HASHER(sha384_3)
TEST_VECTOR_HASHER(sha512_1)
TEST_VECTOR_HASHER(sha512_2)
TEST_VECTOR_HASHER(sha512_3)
+TEST_VECTOR_HASHER(sha3_224_0)
+TEST_VECTOR_HASHER(sha3_256_0)
+TEST_VECTOR_HASHER(sha3_384_0)
+TEST_VECTOR_HASHER(sha3_512_0)
+TEST_VECTOR_HASHER(sha3_224_1)
+TEST_VECTOR_HASHER(sha3_256_1)
+TEST_VECTOR_HASHER(sha3_384_1)
+TEST_VECTOR_HASHER(sha3_512_1)
+TEST_VECTOR_HASHER(sha3_224_2)
+TEST_VECTOR_HASHER(sha3_256_2)
+TEST_VECTOR_HASHER(sha3_384_2)
+TEST_VECTOR_HASHER(sha3_512_2)
+TEST_VECTOR_HASHER(sha3_224_143)
+TEST_VECTOR_HASHER(sha3_256_135)
+TEST_VECTOR_HASHER(sha3_384_103)
+TEST_VECTOR_HASHER(sha3_512_71)
+TEST_VECTOR_HASHER(sha3_224_144)
+TEST_VECTOR_HASHER(sha3_256_136)
+TEST_VECTOR_HASHER(sha3_384_104)
+TEST_VECTOR_HASHER(sha3_512_72)
+TEST_VECTOR_HASHER(sha3_224_255)
+TEST_VECTOR_HASHER(sha3_256_255)
+TEST_VECTOR_HASHER(sha3_384_255)
+TEST_VECTOR_HASHER(sha3_512_255)
TEST_VECTOR_PRF(aes_xcbc_p1)
TEST_VECTOR_PRF(aes_xcbc_p2)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c
new file mode 100644
index 000000000..e659f66f4
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c
@@ -0,0 +1,328 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHA-3_224 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+hasher_test_vector_t sha3_224_0 = {
+ .alg = HASH_SHA3_224, .len = 0,
+ .data = "",
+ .hash = "\x6B\x4E\x03\x42\x36\x67\xDB\xB7\x3B\x6E\x15\x45\x4F\x0E\xB1\xAB"
+ "\xD4\x59\x7F\x9A\x1B\x07\x8E\x3F\x5B\x5A\x6B\xC7"
+
+};
+
+hasher_test_vector_t sha3_224_1 = {
+ .alg = HASH_SHA3_224, .len = 1,
+ .data = "\xCC",
+ .hash = "\xDF\x70\xAD\xC4\x9B\x2E\x76\xEE\xE3\xA6\x93\x1B\x93\xFA\x41\x84"
+ "\x1C\x3A\xF2\xCD\xF5\xB3\x2A\x18\xB5\x47\x8C\x39"
+};
+
+hasher_test_vector_t sha3_224_2 = {
+ .alg = HASH_SHA3_224, .len = 2,
+ .data = "\x41\xFB",
+ .hash = "\xBF\xF2\x95\x86\x1D\xAE\xDF\x33\xE7\x05\x19\xB1\xE2\xBC\xB4\xC2"
+ "\xE9\xFE\x33\x64\xD7\x89\xBC\x3B\x17\x30\x1C\x15"
+};
+
+hasher_test_vector_t sha3_224_143 = {
+ .alg = HASH_SHA3_224, .len = 143,
+ .data = "\xEA\x40\xE8\x3C\xB1\x8B\x3A\x24\x2C\x1E\xCC\x6C\xCD\x0B\x78\x53"
+ "\xA4\x39\xDA\xB2\xC5\x69\xCF\xC6\xDC\x38\xA1\x9F\x5C\x90\xAC\xBF"
+ "\x76\xAE\xF9\xEA\x37\x42\xFF\x3B\x54\xEF\x7D\x36\xEB\x7C\xE4\xFF"
+ "\x1C\x9A\xB3\xBC\x11\x9C\xFF\x6B\xE9\x3C\x03\xE2\x08\x78\x33\x35"
+ "\xC0\xAB\x81\x37\xBE\x5B\x10\xCD\xC6\x6F\xF3\xF8\x9A\x1B\xDD\xC6"
+ "\xA1\xEE\xD7\x4F\x50\x4C\xBE\x72\x90\x69\x0B\xB2\x95\xA8\x72\xB9"
+ "\xE3\xFE\x2C\xEE\x9E\x6C\x67\xC4\x1D\xB8\xEF\xD7\xD8\x63\xCF\x10"
+ "\xF8\x40\xFE\x61\x8E\x79\x36\xDA\x3D\xCA\x5C\xA6\xDF\x93\x3F\x24"
+ "\xF6\x95\x4B\xA0\x80\x1A\x12\x94\xCD\x8D\x7E\x66\xDF\xAF\xEC",
+ .hash = "\xAB\x0F\xD3\x08\x59\x05\x74\xD6\xF6\x13\x02\x32\xD9\xFA\xFA\x9F"
+ "\xFC\xFE\xA7\x85\x79\xA6\xA8\xF6\x7C\x59\x04\x20"
+};
+
+hasher_test_vector_t sha3_224_144 = {
+ .alg = HASH_SHA3_224, .len = 144,
+ .data = "\x15\x7D\x5B\x7E\x45\x07\xF6\x6D\x9A\x26\x74\x76\xD3\x38\x31\xE7"
+ "\xBB\x76\x8D\x4D\x04\xCC\x34\x38\xDA\x12\xF9\x01\x02\x63\xEA\x5F"
+ "\xCA\xFB\xDE\x25\x79\xDB\x2F\x6B\x58\xF9\x11\xD5\x93\xD5\xF7\x9F"
+ "\xB0\x5F\xE3\x59\x6E\x3F\xA8\x0F\xF2\xF7\x61\xD1\xB0\xE5\x70\x80"
+ "\x05\x5C\x11\x8C\x53\xE5\x3C\xDB\x63\x05\x52\x61\xD7\xC9\xB2\xB3"
+ "\x9B\xD9\x0A\xCC\x32\x52\x0C\xBB\xDB\xDA\x2C\x4F\xD8\x85\x6D\xBC"
+ "\xEE\x17\x31\x32\xA2\x67\x91\x98\xDA\xF8\x30\x07\xA9\xB5\xC5\x15"
+ "\x11\xAE\x49\x76\x6C\x79\x2A\x29\x52\x03\x88\x44\x4E\xBE\xFE\x28"
+ "\x25\x6F\xB3\x3D\x42\x60\x43\x9C\xBA\x73\xA9\x47\x9E\xE0\x0C\x63",
+ .hash = "\xD5\x13\x42\x00\xDC\x98\xF4\xCA\x48\x0C\xD2\x4D\x24\x49\x77\x37"
+ "\x25\x2B\x55\x97\x7A\xE5\xA8\x69\xBA\x27\x08\x9D"
+};
+
+hasher_test_vector_t sha3_224_255 = {
+ .alg = HASH_SHA3_224, .len = 255,
+ .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .hash = "\x94\x68\x9E\xA9\xF3\x47\xDD\xA8\xDD\x79\x8A\x85\x86\x05\x86\x87"
+ "\x43\xC6\xBD\x03\xA6\xA6\x5C\x60\x85\xD5\x2B\xED"
+};
+
+/**
+ * SHA-3_256 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+hasher_test_vector_t sha3_256_0 = {
+ .alg = HASH_SHA3_256, .len = 0,
+ .data = "",
+ .hash = "\xA7\xFF\xC6\xF8\xBF\x1E\xD7\x66\x51\xC1\x47\x56\xA0\x61\xD6\x62"
+ "\xF5\x80\xFF\x4D\xE4\x3B\x49\xFA\x82\xD8\x0A\x4B\x80\xF8\x43\x4A"
+};
+
+hasher_test_vector_t sha3_256_1 = {
+ .alg = HASH_SHA3_256, .len = 1,
+ .data = "\xCC",
+ .hash = "\x67\x70\x35\x39\x1C\xD3\x70\x12\x93\xD3\x85\xF0\x37\xBA\x32\x79"
+ "\x62\x52\xBB\x7C\xE1\x80\xB0\x0B\x58\x2D\xD9\xB2\x0A\xAA\xD7\xF0"
+};
+
+hasher_test_vector_t sha3_256_2 = {
+ .alg = HASH_SHA3_256, .len = 2,
+ .data = "\x41\xFB",
+ .hash = "\x39\xF3\x1B\x6E\x65\x3D\xFC\xD9\xCA\xED\x26\x02\xFD\x87\xF6\x1B"
+ "\x62\x54\xF5\x81\x31\x2F\xB6\xEE\xEC\x4D\x71\x48\xFA\x2E\x72\xAA"
+};
+
+hasher_test_vector_t sha3_256_135 = {
+ .alg = HASH_SHA3_256, .len = 135,
+ .data = "\xB7\x71\xD5\xCE\xF5\xD1\xA4\x1A\x93\xD1\x56\x43\xD7\x18\x1D\x2A"
+ "\x2E\xF0\xA8\xE8\x4D\x91\x81\x2F\x20\xED\x21\xF1\x47\xBE\xF7\x32"
+ "\xBF\x3A\x60\xEF\x40\x67\xC3\x73\x4B\x85\xBC\x8C\xD4\x71\x78\x0F"
+ "\x10\xDC\x9E\x82\x91\xB5\x83\x39\xA6\x77\xB9\x60\x21\x8F\x71\xE7"
+ "\x93\xF2\x79\x7A\xEA\x34\x94\x06\x51\x28\x29\x06\x5D\x37\xBB\x55"
+ "\xEA\x79\x6F\xA4\xF5\x6F\xD8\x89\x6B\x49\xB2\xCD\x19\xB4\x32\x15"
+ "\xAD\x96\x7C\x71\x2B\x24\xE5\x03\x2D\x06\x52\x32\xE0\x2C\x12\x74"
+ "\x09\xD2\xED\x41\x46\xB9\xD7\x5D\x76\x3D\x52\xDB\x98\xD9\x49\xD3"
+ "\xB0\xFE\xD6\xA8\x05\x2F\xBB",
+ .hash = "\xA1\x9E\xEE\x92\xBB\x20\x97\xB6\x4E\x82\x3D\x59\x77\x98\xAA\x18"
+ "\xBE\x9B\x7C\x73\x6B\x80\x59\xAB\xFD\x67\x79\xAC\x35\xAC\x81\xB5"
+};
+
+hasher_test_vector_t sha3_256_136 = {
+ .alg = HASH_SHA3_256, .len = 136,
+ .data = "\xB3\x2D\x95\xB0\xB9\xAA\xD2\xA8\x81\x6D\xE6\xD0\x6D\x1F\x86\x00"
+ "\x85\x05\xBD\x8C\x14\x12\x4F\x6E\x9A\x16\x3B\x5A\x2A\xDE\x55\xF8"
+ "\x35\xD0\xEC\x38\x80\xEF\x50\x70\x0D\x3B\x25\xE4\x2C\xC0\xAF\x05"
+ "\x0C\xCD\x1B\xE5\xE5\x55\xB2\x30\x87\xE0\x4D\x7B\xF9\x81\x36\x22"
+ "\x78\x0C\x73\x13\xA1\x95\x4F\x87\x40\xB6\xEE\x2D\x3F\x71\xF7\x68"
+ "\xDD\x41\x7F\x52\x04\x82\xBD\x3A\x08\xD4\xF2\x22\xB4\xEE\x9D\xBD"
+ "\x01\x54\x47\xB3\x35\x07\xDD\x50\xF3\xAB\x42\x47\xC5\xDE\x9A\x8A"
+ "\xBD\x62\xA8\xDE\xCE\xA0\x1E\x3B\x87\xC8\xB9\x27\xF5\xB0\x8B\xEB"
+ "\x37\x67\x4C\x6F\x8E\x38\x0C\x04",
+ .hash = "\xDF\x67\x3F\x41\x05\x37\x9F\xF6\xB7\x55\xEE\xAB\x20\xCE\xB0\xDC"
+ "\x77\xB5\x28\x63\x64\xFE\x16\xC5\x9C\xC8\xA9\x07\xAF\xF0\x77\x32"
+};
+
+hasher_test_vector_t sha3_256_255 = {
+ .alg = HASH_SHA3_256, .len = 255,
+ .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .hash = "\xC1\x1F\x35\x22\xA8\xFB\x7B\x35\x32\xD8\x0B\x6D\x40\x02\x3A\x92"
+ "\xB4\x89\xAD\xDA\xD9\x3B\xF5\xD6\x4B\x23\xF3\x5E\x96\x63\x52\x1C"
+};
+
+/**
+ * SHA-3_384 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+hasher_test_vector_t sha3_384_0 = {
+ .alg = HASH_SHA3_384, .len = 0,
+ .data = "",
+ .hash = "\x0C\x63\xA7\x5B\x84\x5E\x4F\x7D\x01\x10\x7D\x85\x2E\x4C\x24\x85"
+ "\xC5\x1A\x50\xAA\xAA\x94\xFC\x61\x99\x5E\x71\xBB\xEE\x98\x3A\x2A"
+ "\xC3\x71\x38\x31\x26\x4A\xDB\x47\xFB\x6B\xD1\xE0\x58\xD5\xF0\x04"
+};
+
+hasher_test_vector_t sha3_384_1 = {
+ .alg = HASH_SHA3_384, .len = 1,
+ .data = "\xCC",
+ .hash = "\x5E\xE7\xF3\x74\x97\x3C\xD4\xBB\x3D\xC4\x1E\x30\x81\x34\x67\x98"
+ "\x49\x7F\xF6\xE3\x6C\xB9\x35\x22\x81\xDF\xE0\x7D\x07\xFC\x53\x0C"
+ "\xA9\xAD\x8E\xF7\xAA\xD5\x6E\xF5\xD4\x1B\xE8\x3D\x5E\x54\x38\x07"
+};
+
+hasher_test_vector_t sha3_384_2 = {
+ .alg = HASH_SHA3_384, .len = 2,
+ .data = "\x41\xFB",
+ .hash = "\x1D\xD8\x16\x09\xDC\xC2\x90\xEF\xFD\x7A\xC0\xA9\x5D\x4A\x20\x82"
+ "\x15\x80\xE5\x6B\xD5\x0D\xBD\x84\x39\x20\x65\x0B\xE7\xA8\x0A\x17"
+ "\x19\x57\x7D\xA3\x37\xCF\xDF\x86\xE5\x1C\x76\x4C\xAA\x2E\x10\xBD"
+};
+
+hasher_test_vector_t sha3_384_103 = {
+ .alg = HASH_SHA3_384, .len = 103,
+ .data = "\xF1\x3C\x97\x2C\x52\xCB\x3C\xC4\xA4\xDF\x28\xC9\x7F\x2D\xF1\x1C"
+ "\xE0\x89\xB8\x15\x46\x6B\xE8\x88\x63\x24\x3E\xB3\x18\xC2\xAD\xB1"
+ "\xA4\x17\xCB\x10\x41\x30\x85\x98\x54\x17\x20\x19\x7B\x9B\x1C\xB5"
+ "\xBA\x23\x18\xBD\x55\x74\xD1\xDF\x21\x74\xAF\x14\x88\x41\x49\xBA"
+ "\x9B\x2F\x44\x6D\x60\x9D\xF2\x40\xCE\x33\x55\x99\x95\x7B\x8E\xC8"
+ "\x08\x76\xD9\xA0\x85\xAE\x08\x49\x07\xBC\x59\x61\xB2\x0B\xF5\xF6"
+ "\xCA\x58\xD5\xDA\xB3\x8A\xDB",
+ .hash = "\x0A\x83\x4E\x11\x1B\x4E\x84\x0E\x78\x7C\x19\x74\x84\x65\xA4\x7D"
+ "\x88\xB3\xF0\xF3\xDA\xAF\x15\xDB\x25\x53\x6B\xDC\x60\x78\xFA\x9C"
+ "\x05\xE6\xC9\x53\x83\x02\x74\x22\x39\x68\x84\x7D\xA8\xBF\xD2\x0D"
+};
+
+hasher_test_vector_t sha3_384_104 = {
+ .alg = HASH_SHA3_384, .len = 104,
+ .data = "\xE3\x57\x80\xEB\x97\x99\xAD\x4C\x77\x53\x5D\x4D\xDB\x68\x3C\xF3"
+ "\x3E\xF3\x67\x71\x53\x27\xCF\x4C\x4A\x58\xED\x9C\xBD\xCD\xD4\x86"
+ "\xF6\x69\xF8\x01\x89\xD5\x49\xA9\x36\x4F\xA8\x2A\x51\xA5\x26\x54"
+ "\xEC\x72\x1B\xB3\xAA\xB9\x5D\xCE\xB4\xA8\x6A\x6A\xFA\x93\x82\x6D"
+ "\xB9\x23\x51\x7E\x92\x8F\x33\xE3\xFB\xA8\x50\xD4\x56\x60\xEF\x83"
+ "\xB9\x87\x6A\xCC\xAF\xA2\xA9\x98\x7A\x25\x4B\x13\x7C\x6E\x14\x0A"
+ "\x21\x69\x1E\x10\x69\x41\x38\x48",
+ .hash = "\xD1\xC0\xFA\x85\xC8\xD1\x83\xBE\xFF\x99\xAD\x9D\x75\x2B\x26\x3E"
+ "\x28\x6B\x47\x7F\x79\xF0\x71\x0B\x01\x03\x17\x01\x73\x97\x81\x33"
+ "\x44\xB9\x9D\xAF\x3B\xB7\xB1\xBC\x5E\x8D\x72\x2B\xAC\x85\x94\x3A"
+};
+
+hasher_test_vector_t sha3_384_255 = {
+ .alg = HASH_SHA3_384, .len = 255,
+ .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .hash = "\x12\x8D\xC6\x11\x76\x2B\xE9\xB1\x35\xB3\x73\x94\x84\xCF\xAA\xDC"
+ "\xA7\x48\x1D\x68\x51\x4F\x3D\xFD\x6F\x5D\x78\xBB\x18\x63\xAE\x68"
+ "\x13\x08\x35\xCD\xC7\x06\x1A\x7E\xD9\x64\xB3\x2F\x1D\xB7\x5E\xE1"
+};
+
+/**
+ * SHA-3_512 vectors from "https://github.com/gvanas/KeccakCodePackage/"
+ */
+hasher_test_vector_t sha3_512_0 = {
+ .alg = HASH_SHA3_512, .len = 0,
+ .data = "",
+ .hash = "\xA6\x9F\x73\xCC\xA2\x3A\x9A\xC5\xC8\xB5\x67\xDC\x18\x5A\x75\x6E"
+ "\x97\xC9\x82\x16\x4F\xE2\x58\x59\xE0\xD1\xDC\xC1\x47\x5C\x80\xA6"
+ "\x15\xB2\x12\x3A\xF1\xF5\xF9\x4C\x11\xE3\xE9\x40\x2C\x3A\xC5\x58"
+ "\xF5\x00\x19\x9D\x95\xB6\xD3\xE3\x01\x75\x85\x86\x28\x1D\xCD\x26"
+};
+
+hasher_test_vector_t sha3_512_1 = {
+ .alg = HASH_SHA3_512, .len = 1,
+ .data = "\xCC",
+ .hash = "\x39\x39\xFC\xC8\xB5\x7B\x63\x61\x25\x42\xDA\x31\xA8\x34\xE5\xDC"
+ "\xC3\x6E\x2E\xE0\xF6\x52\xAC\x72\xE0\x26\x24\xFA\x2E\x5A\xDE\xEC"
+ "\xC7\xDD\x6B\xB3\x58\x02\x24\xB4\xD6\x13\x87\x06\xFC\x6E\x80\x59"
+ "\x7B\x52\x80\x51\x23\x0B\x00\x62\x1C\xC2\xB2\x29\x99\xEA\xA2\x05"
+};
+
+hasher_test_vector_t sha3_512_2 = {
+ .alg = HASH_SHA3_512, .len = 2,
+ .data = "\x41\xFB",
+ .hash = "\xAA\x09\x28\x65\xA4\x06\x94\xD9\x17\x54\xDB\xC7\x67\xB5\x20\x2C"
+ "\x54\x6E\x22\x68\x77\x14\x7A\x95\xCB\x8B\x4C\x8F\x87\x09\xFE\x8C"
+ "\xD6\x90\x52\x56\xB0\x89\xDA\x37\x89\x6E\xA5\xCA\x19\xD2\xCD\x9A"
+ "\xB9\x4C\x71\x92\xFC\x39\xF7\xCD\x4D\x59\x89\x75\xA3\x01\x3C\x69"
+};
+
+hasher_test_vector_t sha3_512_71 = {
+ .alg = HASH_SHA3_512, .len = 71,
+ .data = "\x13\xBD\x28\x11\xF6\xED\x2B\x6F\x04\xFF\x38\x95\xAC\xEE\xD7\xBE"
+ "\xF8\xDC\xD4\x5E\xB1\x21\x79\x1B\xC1\x94\xA0\xF8\x06\x20\x6B\xFF"
+ "\xC3\xB9\x28\x1C\x2B\x30\x8B\x1A\x72\x9C\xE0\x08\x11\x9D\xD3\x06"
+ "\x6E\x93\x78\xAC\xDC\xC5\x0A\x98\xA8\x2E\x20\x73\x88\x00\xB6\xCD"
+ "\xDB\xE5\xFE\x96\x94\xAD\x6D",
+ .hash = "\xDE\xF4\xAB\x6C\xDA\x88\x39\x72\x9A\x03\xE0\x00\x84\x66\x04\xB1"
+ "\x7F\x03\xC5\xD5\xD7\xEC\x23\xC4\x83\x67\x0A\x13\xE1\x15\x73\xC1"
+ "\xE9\x34\x7A\x63\xEC\x69\xA5\xAB\xB2\x13\x05\xF9\x38\x2E\xCD\xAA"
+ "\xAB\xC6\x85\x0F\x92\x84\x0E\x86\xF8\x8F\x4D\xAB\xFC\xD9\x3C\xC0"
+};
+
+hasher_test_vector_t sha3_512_72 = {
+ .alg = HASH_SHA3_512, .len = 72,
+ .data = "\x1E\xED\x9C\xBA\x17\x9A\x00\x9E\xC2\xEC\x55\x08\x77\x3D\xD3\x05"
+ "\x47\x7C\xA1\x17\xE6\xD5\x69\xE6\x6B\x5F\x64\xC6\xBC\x64\x80\x1C"
+ "\xE2\x5A\x84\x24\xCE\x4A\x26\xD5\x75\xB8\xA6\xFB\x10\xEA\xD3\xFD"
+ "\x19\x92\xED\xDD\xEE\xC2\xEB\xE7\x15\x0D\xC9\x8F\x63\xAD\xC3\x23"
+ "\x7E\xF5\x7B\x91\x39\x7A\xA8\xA7",
+ .hash = "\xA3\xE1\x68\xB0\xD6\xC1\x43\xEE\x9E\x17\xEA\xE9\x29\x30\xB9\x7E"
+ "\x66\x00\x35\x6B\x73\xAE\xBB\x5D\x68\x00\x5D\xD1\xD0\x74\x94\x45"
+ "\x1A\x37\x05\x2F\x7B\x39\xFF\x03\x0C\x1A\xE1\xD7\xEF\xC4\xE0\xC3"
+ "\x66\x7E\xB7\xA7\x6C\x62\x7E\xC1\x43\x54\xC4\xF6\xA7\x96\xE2\xC6"
+};
+
+hasher_test_vector_t sha3_512_255 = {
+ .alg = HASH_SHA3_512, .len = 255,
+ .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B"
+ "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5"
+ "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A"
+ "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A"
+ "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD"
+ "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0"
+ "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE"
+ "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64"
+ "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5"
+ "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43"
+ "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4"
+ "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D"
+ "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4"
+ "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08"
+ "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7"
+ "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1",
+ .hash = "\x6E\x8B\x8B\xD1\x95\xBD\xD5\x60\x68\x9A\xF2\x34\x8B\xDC\x74\xAB"
+ "\x7C\xD0\x5E\xD8\xB9\xA5\x77\x11\xE9\xBE\x71\xE9\x72\x6F\xDA\x45"
+ "\x91\xFE\xE1\x22\x05\xED\xAC\xAF\x82\xFF\xBB\xAF\x16\xDF\xF9\xE7"
+ "\x02\xA7\x08\x86\x20\x80\x16\x6C\x2F\xF6\xBA\x37\x9B\xC7\xFF\xC2"
+};
+
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index eb5b01986..e32f8eefe 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -266,8 +266,8 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
scheme = SIGN_ECDSA_WITH_SHA1_DER;
break;
case KEY_BLISS:
- oid = OID_BLISS_WITH_SHA512;
- scheme = SIGN_BLISS_WITH_SHA512;
+ oid = OID_BLISS_WITH_SHA2_512;
+ scheme = SIGN_BLISS_WITH_SHA2_512;
break;
default:
DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index 668632459..a6298b394 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -219,9 +219,8 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
enumerator_t *enumerator;
char from_str[INET6_ADDRSTRLEN] = "";
char to_str[INET6_ADDRSTRLEN] = "";
- char *serv_proto = NULL;
- bool has_proto;
- bool has_ports;
+ char *serv_proto = NULL, *sep = "";
+ bool has_proto, has_ports;
size_t written = 0;
u_int32_t from[4], to[4];
@@ -235,8 +234,8 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, (void**)&this))
{
- /* call recursivly */
- written += print_in_hook(data, "%R ", this);
+ written += print_in_hook(data, "%s%R", sep, this);
+ sep = " ";
}
enumerator->destroy(enumerator);
return written;
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index 305ebe620..56cc2f19b 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -540,6 +540,31 @@ METHOD(settings_t, get_int, int,
/**
* Described in header
*/
+inline u_int64_t settings_value_as_uint64(char *value, u_int64_t def)
+{
+ u_int64_t intval;
+ char *end;
+ int base = 10;
+
+ if (value)
+ {
+ errno = 0;
+ if (value[0] == '0' && value[1] == 'x')
+ { /* manually detect 0x prefix as we want to avoid octal encoding */
+ base = 16;
+ }
+ intval = strtoull(value, &end, base);
+ if (errno == 0 && *end == 0 && end != value)
+ {
+ return intval;
+ }
+ }
+ return def;
+}
+
+/**
+ * Described in header
+ */
inline double settings_value_as_double(char *value, double def)
{
double dval;
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index 4ef80d0f6..a133a3681 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -51,6 +51,15 @@ bool settings_value_as_bool(char *value, bool def);
int settings_value_as_int(char *value, int def);
/**
+ * Convert a string value returned by a key/value enumerator to an u_int64_t.
+ *
+ * @see settings_t.create_key_value_enumerator()
+ * @param value the string value
+ * @param def the default value, if value is NULL or invalid
+ */
+u_int64_t settings_value_as_uint64(char *value, u_int64_t def);
+
+/**
* Convert a string value returned by a key/value enumerator to a double.
*
* @see settings_t.create_key_value_enumerator()
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 14cc32122..067abf0d9 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,30 +28,38 @@ typedef struct {
}hasher_oid_t;
static hasher_oid_t oids[] = {
- { OID_MD2, HASH_MD2, KEY_ANY },
- { OID_MD5, HASH_MD5, KEY_ANY },
- { OID_SHA1, HASH_SHA1, KEY_ANY },
- { OID_SHA224, HASH_SHA224, KEY_ANY },
- { OID_SHA256, HASH_SHA256, KEY_ANY },
- { OID_SHA384, HASH_SHA384, KEY_ANY },
- { OID_SHA512, HASH_SHA512, KEY_ANY },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },
- { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },
- { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },
- { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },
- { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },
- { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },
- { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },
- { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },
- { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },
- { OID_BLISS_WITH_SHA256, HASH_SHA256, KEY_BLISS },
- { OID_BLISS_WITH_SHA384, HASH_SHA384, KEY_BLISS },
- { OID_BLISS_WITH_SHA512, HASH_SHA512, KEY_BLISS },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }
+ { OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
+ { OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
+ { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
+ { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
+ { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
+ { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
+ { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
+ { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
+ { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
+ { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
+ { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
+ { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
+ { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
+ { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
+ { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
+ { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
+ { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
+ { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 19 */
+ { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 20 */
+ { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 21 */
+ { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 22 */
+ { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 23 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 24 */
+ { OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 25 */
+ { OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 26 */
+ { OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 27 */
+ { OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 28 */
+ { OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 29 */
+ { OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 30 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS } /* 31 */
};
START_TEST(test_hasher_from_oid)
@@ -74,6 +82,44 @@ START_TEST(test_hasher_sig_to_oid)
END_TEST
typedef struct {
+ signature_scheme_t scheme;
+ hash_algorithm_t alg;
+}hasher_sig_scheme_t;
+
+static hasher_sig_scheme_t sig_schemes[] = {
+ { SIGN_UNKNOWN, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
+ { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 },
+ { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 },
+ { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 },
+ { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 },
+ { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 },
+ { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
+ { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
+ { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
+ { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 },
+ { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN },
+ { SIGN_ECDSA_256, HASH_SHA256 },
+ { SIGN_ECDSA_384, HASH_SHA384 },
+ { SIGN_ECDSA_521, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
+ { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
+ { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
+ { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
+ { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
+ { 30, HASH_UNKNOWN }
+};
+
+START_TEST(test_hasher_from_sig_scheme)
+{
+ ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme) ==
+ sig_schemes[_i].alg);
+}
+END_TEST
+
+typedef struct {
pseudo_random_function_t prf;
hash_algorithm_t alg;
}hasher_prf_t;
@@ -157,6 +203,35 @@ START_TEST(test_hasher_to_integrity)
}
END_TEST
+
+typedef struct {
+ hash_algorithm_t alg;
+ bool ikev2;
+}hasher_ikev2_t;
+
+static hasher_ikev2_t ikev2[] = {
+ { HASH_SHA1, TRUE },
+ { HASH_SHA256, TRUE },
+ { HASH_SHA384, TRUE },
+ { HASH_SHA512, TRUE },
+ { HASH_UNKNOWN, FALSE },
+ { HASH_MD2, FALSE },
+ { HASH_MD4, FALSE },
+ { HASH_MD5, FALSE },
+ { HASH_SHA224, FALSE },
+ { HASH_SHA3_224, FALSE },
+ { HASH_SHA3_256, FALSE },
+ { HASH_SHA3_384, FALSE },
+ { HASH_SHA3_512, FALSE },
+ { 30, FALSE }
+};
+
+START_TEST(test_hasher_for_ikev2)
+{
+ ck_assert(hasher_algorithm_for_ikev2(ikev2[_i].alg) == ikev2[_i].ikev2);
+}
+END_TEST
+
Suite *hasher_suite_create()
{
Suite *s;
@@ -169,11 +244,15 @@ Suite *hasher_suite_create()
suite_add_tcase(s, tc);
tc = tcase_create("to_oid");
- tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8);
+ tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12);
suite_add_tcase(s, tc);
tc = tcase_create("sig_to_oid");
- tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids));
+ tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("from_sig_scheme");
+ tcase_add_loop_test(tc, test_hasher_from_sig_scheme, 0, countof(sig_schemes));
suite_add_tcase(s, tc);
tc = tcase_create("from_prf");
@@ -188,5 +267,9 @@ Suite *hasher_suite_create()
tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17);
suite_add_tcase(s, tc);
+ tc = tcase_create("for_ikev2");
+ tcase_add_loop_test(tc, test_hasher_for_ikev2, 0, countof(ikev2));
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index ff14ba897..9554d2919 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -550,6 +550,7 @@ START_TEST(test_matches)
a = identification_create_from_string("C=CH, E=moon@strongswan.org, CN=moon");
ck_assert(id_matches(a, "C=CH, E=moon@strongswan.org, CN=moon", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "C=CH, E=*@strongswan.org, CN=moon", ID_MATCH_NONE));
ck_assert(id_matches(a, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD));
ck_assert(id_matches(a, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 1));
ck_assert(id_matches(a, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 2));
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
index bead9d795..5ddd0bb9a 100644
--- a/src/libstrongswan/tests/suites/test_settings.c
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -317,6 +317,26 @@ START_TEST(test_set_int)
}
END_TEST
+START_TEST(test_value_as_unit64)
+{
+ test_int_eq(1, settings_value_as_uint64(NULL, 1));
+ test_int_eq(1, settings_value_as_uint64("", 1));
+ test_int_eq(1, settings_value_as_uint64("2a", 1));
+ test_int_eq(1, settings_value_as_uint64("a2", 1));
+ test_int_eq(1, settings_value_as_uint64("2.0", 1));
+
+ test_int_eq(10, settings_value_as_uint64("10", 0));
+ test_int_eq(10, settings_value_as_uint64("010", 0));
+ test_int_eq(16, settings_value_as_uint64("0x010", 0));
+ test_int_eq(0x2a, settings_value_as_uint64("0x2a", 0));
+
+ test_int_eq(0xffffffffffffffffLL, settings_value_as_uint64("0xffffffffffffffff", 0));
+ test_int_eq(0xffffffff00000000LL, settings_value_as_uint64("0xffffffff00000000", 0));
+ test_int_eq(0xffffffff00000000LL, settings_value_as_uint64("18446744069414584320", 0));
+ test_int_eq(0xffffffff00000001LL, settings_value_as_uint64("18446744069414584321", 0));
+}
+END_TEST
+
START_SETUP(setup_double_config)
{
create_settings(chunk_from_str(
@@ -1158,6 +1178,10 @@ Suite *settings_suite_create()
tcase_add_test(tc, test_set_int);
suite_add_tcase(s, tc);
+ tc = tcase_create("settings_value_as_uint64");
+ tcase_add_test(tc, test_value_as_unit64);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("get/set_double");
tcase_add_checked_fixture(tc, setup_double_config, teardown_config);
tcase_add_test(tc, test_get_double);
diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c
index bec32d2d8..5c0fb754d 100644
--- a/src/libstrongswan/tests/suites/test_traffic_selector.c
+++ b/src/libstrongswan/tests/suites/test_traffic_selector.c
@@ -770,17 +770,17 @@ START_TEST(test_printf_hook_hash)
list = linked_list_create_with_items(
traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535),
NULL);
- verify_list("10.1.0.0/16 ", NULL, list);
+ verify_list("10.1.0.0/16", NULL, list);
list = linked_list_create_with_items(
traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535),
traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP, 1234, 1235),
NULL);
- verify_list("10.1.0.0/16 10.1.0.1/32[udp/1234-1235] ", "10.1.0.0/16 10.1.0.1/32[17/1234-1235] ", list);
+ verify_list("10.1.0.0/16 10.1.0.1/32[udp/1234-1235]", "10.1.0.0/16 10.1.0.1/32[17/1234-1235]", list);
list = linked_list_create_with_items(
traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535),
traffic_selector_create_from_string(IPPROTO_UDP, TS_IPV4_ADDR_RANGE, "10.1.0.1", 1234, "10.1.0.99", 1235),
NULL);
- verify_list("10.1.0.0/16 10.1.0.1..10.1.0.99[udp/1234-1235] ", "10.1.0.0/16 10.1.0.1..10.1.0.99[17/1234-1235] ", list);
+ verify_list("10.1.0.0/16 10.1.0.1..10.1.0.99[udp/1234-1235]", "10.1.0.0/16 10.1.0.1..10.1.0.99[17/1234-1235]", list);
}
END_TEST
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index b38f2cb52..104b0b2c0 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -789,9 +789,9 @@ static struct {
{KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
{KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
{KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA256, SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
- {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
- {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
};
START_TEST(test_signature_schemes_for_key)
diff --git a/src/libstrongswan/AndroidConfigLocal.h b/src/libstrongswan/utils/compat/android.h
index ae0e60633..b3ea9c475 100644
--- a/src/libstrongswan/AndroidConfigLocal.h
+++ b/src/libstrongswan/utils/compat/android.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,10 +13,19 @@
* for more details.
*/
+/**
+ * @defgroup android android
+ * @{ @ingroup compat
+ */
+
+#ifndef ANDROID_H_
+#define ANDROID_H_
+
/* stuff defined in AndroidConfig.h, which is included using the -include
* command-line option, thus cannot be undefined using -U CFLAGS options.
* the reason we have to undefine these flags in the first place, is that
* AndroidConfig.h defines them as 0, which in turn means that they are
* actually defined. */
-
#undef HAVE_BACKTRACE
+
+#endif /** ANDROID_H_ @}*/
diff --git a/src/libstrongswan/utils/compat/windows.h b/src/libstrongswan/utils/compat/windows.h
index fd4f1f196..f7e6207a5 100644
--- a/src/libstrongswan/utils/compat/windows.h
+++ b/src/libstrongswan/utils/compat/windows.h
@@ -221,6 +221,11 @@ static inline int setenv(const char *name, const char *value, int overwrite)
#define RTLD_LAZY 1
/**
+ * Immediate binding, ignored on Windows
+ */
+#define RTLD_NOW 2
+
+/**
* Default handle targeting .exe
*/
#define RTLD_DEFAULT (NULL)
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index b4a4db802..47d72ee98 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -20,6 +20,7 @@
#include <unistd.h>
#include <limits.h>
#include <ctype.h>
+#include <errno.h>
#ifndef WIN32
# include <signal.h>
#endif
@@ -117,17 +118,35 @@ void wait_sigint()
void wait_sigint()
{
sigset_t set;
- int sig;
sigemptyset(&set);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigprocmask(SIG_BLOCK, &set, NULL);
- sigwait(&set, &sig);
+ sigwaitinfo(&set, NULL);
}
-#endif
+#ifndef HAVE_SIGWAITINFO
+int sigwaitinfo(const sigset_t *set, void *info)
+{
+ int sig, err;
+
+ if (info)
+ { /* we don't replicate siginfo_t, fail if anybody tries to use it */
+ errno = EINVAL;
+ return -1;
+ }
+ err = sigwait(set, &sig);
+ if (err != 0)
+ {
+ errno = err;
+ sig = -1;
+ }
+ return sig;
+}
+#endif /* HAVE_SIGWAITINFO */
+#endif /* WIN32 */
#ifndef HAVE_CLOSEFROM
/**
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index acc15c42a..18b17b120 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2014 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -38,6 +38,7 @@
# include <netinet/in.h>
# include <sched.h>
# include <poll.h>
+# include <signal.h>
#endif
#include "utils/types.h"
@@ -56,6 +57,9 @@
#ifdef __APPLE__
# include "compat/apple.h"
#endif
+#ifdef __ANDROID__
+# include "compat/android.h"
+#endif
/**
* Initialize utility functions
@@ -148,6 +152,19 @@ void utils_deinit();
*/
#define ignore_result(call) { if(call){}; }
+#if !defined(HAVE_SIGWAITINFO) && !defined(WIN32)
+/**
+ * Block and wait for a set of signals
+ *
+ * We don't replicate the functionality of siginfo_t. If info is not NULL
+ * -1 is returend and errno is set to EINVAL.
+ *
+ * @param set set of signals to wait for
+ * @param info must be NULL
+ */
+int sigwaitinfo(const sigset_t *set, void *info);
+#endif
+
/**
* Portable function to wait for SIGINT/SIGTERM (or equivalent).
*/
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
index 623da7f62..822df3f27 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
@@ -349,10 +349,16 @@ static private_tnc_imc_t* tnc_imc_create_empty(char *name)
imc_t* tnc_imc_create(char *name, char *path)
{
private_tnc_imc_t *this;
+ int flag = RTLD_LAZY;
this = tnc_imc_create_empty(name);
- this->handle = dlopen(path, RTLD_LAZY);
+ if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
+ lib->ns, FALSE))
+ {
+ flag = RTLD_NOW;
+ }
+ this->handle = dlopen(path, flag);
if (!this->handle)
{
DBG1(DBG_TNC, "IMC \"%s\" failed to load: %s", name, dlerror());
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
index 039f1fcf1..9a0304172 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
@@ -345,10 +345,16 @@ static private_tnc_imv_t* tnc_imv_create_empty(char *name)
imv_t* tnc_imv_create(char *name, char *path)
{
private_tnc_imv_t *this;
+ int flag = RTLD_LAZY;
this = tnc_imv_create_empty(name);
- this->handle = dlopen(path, RTLD_LAZY);
+ if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
+ lib->ns, FALSE))
+ {
+ flag = RTLD_NOW;
+ }
+ this->handle = dlopen(path, flag);
if (!this->handle)
{
DBG1(DBG_TNC, "IMV \"%s\" failed to load: %s", name, dlerror());
diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am
index 94ab0cf67..bee7ae1f0 100644
--- a/src/medsrv/Makefile.am
+++ b/src/medsrv/Makefile.am
@@ -35,11 +35,11 @@ templates/peer/list.cs
medsrv_templates_staticdir = ${medsrv_templatesdir}/static
medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \
templates/static/style.css templates/static/strongswan.png \
-templates/static/favicon.ico templates/static/mootools.js templates/static/script.js
+templates/static/favicon.ico
EXTRA_DIST = templates/header.cs templates/footer.cs \
templates/static/style.css templates/static/strongswan.png \
-templates/static/favicon.ico templates/static/mootools.js templates/static/script.js \
+templates/static/favicon.ico \
templates/peer/add.cs templates/peer/edit.cs templates/peer/list.cs \
templates/user/login.cs templates/user/add.cs templates/user/edit.cs \
templates/user/help.cs
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 7265457f1..42830e186 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -466,11 +466,11 @@ templates/peer/list.cs
medsrv_templates_staticdir = ${medsrv_templatesdir}/static
medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \
templates/static/style.css templates/static/strongswan.png \
-templates/static/favicon.ico templates/static/mootools.js templates/static/script.js
+templates/static/favicon.ico
EXTRA_DIST = templates/header.cs templates/footer.cs \
templates/static/style.css templates/static/strongswan.png \
-templates/static/favicon.ico templates/static/mootools.js templates/static/script.js \
+templates/static/favicon.ico \
templates/peer/add.cs templates/peer/edit.cs templates/peer/list.cs \
templates/user/login.cs templates/user/add.cs templates/user/edit.cs \
templates/user/help.cs
diff --git a/src/medsrv/templates/peer/add.cs b/src/medsrv/templates/peer/add.cs
index 28a994f7f..27fdf0685 100644
--- a/src/medsrv/templates/peer/add.cs
+++ b/src/medsrv/templates/peer/add.cs
@@ -6,7 +6,7 @@
<table class="peer">
<tr>
<td><label for="alias">Alias</label></td>
- <td><input type="text" id="alias" name="alias" class="focus" maxlength="30" value="<?cs var:alias ?>";"/></td>
+ <td><input type="text" id="alias" name="alias" autofocus maxlength="30" value="<?cs var:alias ?>";"/></td>
</tr>
<tr>
<td valign="top"><label for="public_key">Public Key</label></td>
diff --git a/src/medsrv/templates/peer/edit.cs b/src/medsrv/templates/peer/edit.cs
index 76fb9dafc..942762b49 100644
--- a/src/medsrv/templates/peer/edit.cs
+++ b/src/medsrv/templates/peer/edit.cs
@@ -6,7 +6,7 @@
<table class="peer">
<tr>
<td><label for="alias">Alias</label></td>
- <td><input type="text" id="alias" name="alias" maxlength="30" class="focus" value="<?cs var:alias ?>"/></td>
+ <td><input type="text" id="alias" name="alias" maxlength="30" autofocus value="<?cs var:alias ?>"/></td>
</tr>
<tr>
<td valign="top"><label for="public_key">Public Key</label></td>
diff --git a/src/medsrv/templates/static/mootools.js b/src/medsrv/templates/static/mootools.js
deleted file mode 100644
index d953a1c06..000000000
--- a/src/medsrv/templates/static/mootools.js
+++ /dev/null
@@ -1,341 +0,0 @@
-//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2008 Valerio Proietti, <http://mad4milk.net>, MIT Style License.
-
-var MooTools={version:"1.2dev",build:""};var Native=function(J){J=J||{};var F=J.afterImplement||function(){};var G=J.generics;G=(G!==false);var H=J.legacy;
-var E=J.initialize;var B=J.protect;var A=J.name;var C=E||H;C.constructor=Native;C.$family={name:"native"};if(H&&E){C.prototype=H.prototype;}C.prototype.constructor=C;
-if(A){var D=A.toLowerCase();C.prototype.$family={name:D};Native.typize(C,D);}var I=function(M,K,N,L){if(!B||L||!M.prototype[K]){M.prototype[K]=N;}if(G){Native.genericize(M,K,B);
-}F.call(M,K,N);return M;};C.implement=function(L,K,N){if(typeof L=="string"){return I(this,L,K,N);}for(var M in L){I(this,M,L[M],K);}return this;};C.alias=function(M,K,N){if(typeof M=="string"){M=this.prototype[M];
-if(M){I(this,K,M,N);}}else{for(var L in M){this.alias(L,M[L],K);}}return this;};return C;};Native.implement=function(D,C){for(var B=0,A=D.length;B<A;B++){D[B].implement(C);
-}};Native.genericize=function(B,C,A){if((!A||!B[C])&&typeof B.prototype[C]=="function"){B[C]=function(){var D=Array.prototype.slice.call(arguments);return B.prototype[C].apply(D.shift(),D);
-};}};Native.typize=function(A,B){if(!A.type){A.type=function(C){return($type(C)===B);};}};Native.alias=function(E,B,A,F){for(var D=0,C=E.length;D<C;D++){E[D].alias(B,A,F);
-}};(function(B){for(var A in B){Native.typize(B[A],A);}})({"boolean":Boolean,"native":Native,object:Object});(function(B){for(var A in B){new Native({name:A,initialize:B[A],protect:true});
-}})({String:String,Function:Function,Number:Number,Array:Array,RegExp:RegExp,Date:Date});(function(B,A){for(var C=A.length;C--;C){Native.genericize(B,A[C],true);
-}return arguments.callee;})(Array,["pop","push","reverse","shift","sort","splice","unshift","concat","join","slice","toString","valueOf","indexOf","lastIndexOf"])(String,["charAt","charCodeAt","concat","indexOf","lastIndexOf","match","replace","search","slice","split","substr","substring","toLowerCase","toUpperCase","valueOf"]);
-function $chk(A){return !!(A||A===0);}function $clear(A){clearTimeout(A);clearInterval(A);return null;}function $defined(A){return(A!=undefined);}function $empty(){}function $arguments(A){return function(){return arguments[A];
-};}function $lambda(A){return(typeof A=="function")?A:function(){return A;};}function $extend(C,A){for(var B in (A||{})){C[B]=A[B];}return C;}function $unlink(C){var B;
-switch($type(C)){case"object":B={};for(var E in C){B[E]=$unlink(C[E]);}break;case"hash":B=$unlink(C.getClean());break;case"array":B=[];for(var D=0,A=C.length;
-D<A;D++){B[D]=$unlink(C[D]);}break;default:return C;}return B;}function $merge(){var E={};for(var D=0,A=arguments.length;D<A;D++){var B=arguments[D];if($type(B)!="object"){continue;
-}for(var C in B){var G=B[C],F=E[C];E[C]=(F&&$type(G)=="object"&&$type(F)=="object")?$merge(F,G):$unlink(G);}}return E;}function $pick(){for(var B=0,A=arguments.length;
-B<A;B++){if(arguments[B]!=undefined){return arguments[B];}}return null;}function $random(B,A){return Math.floor(Math.random()*(A-B+1)+B);}function $splat(B){var A=$type(B);
-return(A)?((A!="array"&&A!="arguments")?[B]:B):[];}var $time=Date.now||function(){return new Date().getTime();};function $try(){for(var B=0,A=arguments.length;
-B<A;B++){try{return arguments[B]();}catch(C){}}return null;}function $type(A){if(A==undefined){return false;}if(A.$family){return(A.$family.name=="number"&&!isFinite(A))?false:A.$family.name;
-}if(A.nodeName){switch(A.nodeType){case 1:return"element";case 3:return(/\S/).test(A.nodeValue)?"textnode":"whitespace";}}else{if(typeof A.length=="number"){if(A.callee){return"arguments";
-}else{if(A.item){return"collection";}}}}return typeof A;}var Hash=new Native({name:"Hash",initialize:function(A){if($type(A)=="hash"){A=$unlink(A.getClean());
-}for(var B in A){this[B]=A[B];}return this;}});Hash.implement({getLength:function(){var B=0;for(var A in this){if(this.hasOwnProperty(A)){B++;}}return B;
-},forEach:function(B,C){for(var A in this){if(this.hasOwnProperty(A)){B.call(C,this[A],A,this);}}},getClean:function(){var B={};for(var A in this){if(this.hasOwnProperty(A)){B[A]=this[A];
-}}return B;}});Hash.alias("forEach","each");function $H(A){return new Hash(A);}Array.implement({forEach:function(C,D){for(var B=0,A=this.length;B<A;B++){C.call(D,this[B],B,this);
-}}});Array.alias("forEach","each");function $A(C){if(C.item){var D=[];for(var B=0,A=C.length;B<A;B++){D[B]=C[B];}return D;}return Array.prototype.slice.call(C);
-}function $each(C,B,D){var A=$type(C);((A=="arguments"||A=="collection"||A=="array")?Array:Hash).each(C,B,D);}var Browser=new Hash({Engine:{name:"unknown",version:""},Platform:{name:(navigator.platform.match(/mac|win|linux/i)||["other"])[0].toLowerCase()},Features:{xpath:!!(document.evaluate),air:!!(window.runtime)},Plugins:{}});
-if(window.opera){Browser.Engine={name:"presto",version:(document.getElementsByClassName)?950:925};}else{if(window.ActiveXObject){Browser.Engine={name:"trident",version:(window.XMLHttpRequest)?5:4};
-}else{if(!navigator.taintEnabled){Browser.Engine={name:"webkit",version:(Browser.Features.xpath)?420:419};}else{if(document.getBoxObjectFor!=null){Browser.Engine={name:"gecko",version:(document.getElementsByClassName)?19:18};
-}}}}Browser.Engine[Browser.Engine.name]=Browser.Engine[Browser.Engine.name+Browser.Engine.version]=true;if(window.orientation!=undefined){Browser.Platform.name="ipod";
-}Browser.Platform[Browser.Platform.name]=true;Browser.Request=function(){return $try(function(){return new XMLHttpRequest();},function(){return new ActiveXObject("MSXML2.XMLHTTP");
-});};Browser.Features.xhr=!!(Browser.Request());Browser.Plugins.Flash=(function(){var A=($try(function(){return navigator.plugins["Shockwave Flash"].description;
-},function(){return new ActiveXObject("ShockwaveFlash.ShockwaveFlash").GetVariable("$version");})||"0 r0").match(/\d+/g);return{version:parseInt(A[0]||0+"."+A[1]||0),build:parseInt(A[2]||0)};
-})();function $exec(B){if(!B){return B;}if(window.execScript){window.execScript(B);}else{var A=document.createElement("script");A.setAttribute("type","text/javascript");
-A.text=B;document.head.appendChild(A);document.head.removeChild(A);}return B;}Native.UID=1;var $uid=(Browser.Engine.trident)?function(A){return(A.uid||(A.uid=[Native.UID++]))[0];
-}:function(A){return A.uid||(A.uid=Native.UID++);};var Window=new Native({name:"Window",legacy:(Browser.Engine.trident)?null:window.Window,initialize:function(A){$uid(A);
-if(!A.Element){A.Element=$empty;if(Browser.Engine.webkit){A.document.createElement("iframe");}A.Element.prototype=(Browser.Engine.webkit)?window["[[DOMElement.prototype]]"]:{};
-}return $extend(A,Window.Prototype);},afterImplement:function(B,A){window[B]=Window.Prototype[B]=A;}});Window.Prototype={$family:{name:"window"}};new Window(window);
-var Document=new Native({name:"Document",legacy:(Browser.Engine.trident)?null:window.Document,initialize:function(A){$uid(A);A.head=A.getElementsByTagName("head")[0];
-A.html=A.getElementsByTagName("html")[0];A.window=A.defaultView||A.parentWindow;if(Browser.Engine.trident4){$try(function(){A.execCommand("BackgroundImageCache",false,true);
-});}return $extend(A,Document.Prototype);},afterImplement:function(B,A){document[B]=Document.Prototype[B]=A;}});Document.Prototype={$family:{name:"document"}};
-new Document(document);Array.implement({every:function(C,D){for(var B=0,A=this.length;B<A;B++){if(!C.call(D,this[B],B,this)){return false;}}return true;
-},filter:function(D,E){var C=[];for(var B=0,A=this.length;B<A;B++){if(D.call(E,this[B],B,this)){C.push(this[B]);}}return C;},clean:function(){return this.filter($defined);
-},indexOf:function(C,D){var A=this.length;for(var B=(D<0)?Math.max(0,A+D):D||0;B<A;B++){if(this[B]===C){return B;}}return -1;},map:function(D,E){var C=[];
-for(var B=0,A=this.length;B<A;B++){C[B]=D.call(E,this[B],B,this);}return C;},some:function(C,D){for(var B=0,A=this.length;B<A;B++){if(C.call(D,this[B],B,this)){return true;
-}}return false;},associate:function(C){var D={},B=Math.min(this.length,C.length);for(var A=0;A<B;A++){D[C[A]]=this[A];}return D;},link:function(C){var A={};
-for(var E=0,B=this.length;E<B;E++){for(var D in C){if(C[D](this[E])){A[D]=this[E];delete C[D];break;}}}return A;},contains:function(A,B){return this.indexOf(A,B)!=-1;
-},extend:function(C){for(var B=0,A=C.length;B<A;B++){this.push(C[B]);}return this;},getLast:function(){return(this.length)?this[this.length-1]:null;},getRandom:function(){return(this.length)?this[$random(0,this.length-1)]:null;
-},include:function(A){if(!this.contains(A)){this.push(A);}return this;},combine:function(C){for(var B=0,A=C.length;B<A;B++){this.include(C[B]);}return this;
-},erase:function(B){for(var A=this.length;A--;A){if(this[A]===B){this.splice(A,1);}}return this;},empty:function(){this.length=0;return this;},flatten:function(){var D=[];
-for(var B=0,A=this.length;B<A;B++){var C=$type(this[B]);if(!C){continue;}D=D.concat((C=="array"||C=="collection"||C=="arguments")?Array.flatten(this[B]):this[B]);
-}return D;},hexToRgb:function(B){if(this.length!=3){return null;}var A=this.map(function(C){if(C.length==1){C+=C;}return C.toInt(16);});return(B)?A:"rgb("+A+")";
-},rgbToHex:function(D){if(this.length<3){return null;}if(this.length==4&&this[3]==0&&!D){return"transparent";}var B=[];for(var A=0;A<3;A++){var C=(this[A]-0).toString(16);
-B.push((C.length==1)?"0"+C:C);}return(D)?B:"#"+B.join("");}});Function.implement({extend:function(A){for(var B in A){this[B]=A[B];}return this;},create:function(B){var A=this;
-B=B||{};return function(D){var C=B.arguments;C=(C!=undefined)?$splat(C):Array.slice(arguments,(B.event)?1:0);if(B.event){C=[D||window.event].extend(C);
-}var E=function(){return A.apply(B.bind||null,C);};if(B.delay){return setTimeout(E,B.delay);}if(B.periodical){return setInterval(E,B.periodical);}if(B.attempt){return $try(E);
-}return E();};},pass:function(A,B){return this.create({arguments:A,bind:B});},attempt:function(A,B){return this.create({arguments:A,bind:B,attempt:true})();
-},bind:function(B,A){return this.create({bind:B,arguments:A});},bindWithEvent:function(B,A){return this.create({bind:B,event:true,arguments:A});},delay:function(B,C,A){return this.create({delay:B,bind:C,arguments:A})();
-},periodical:function(A,C,B){return this.create({periodical:A,bind:C,arguments:B})();},run:function(A,B){return this.apply(B,$splat(A));}});Number.implement({limit:function(B,A){return Math.min(A,Math.max(B,this));
-},round:function(A){A=Math.pow(10,A||0);return Math.round(this*A)/A;},times:function(B,C){for(var A=0;A<this;A++){B.call(C,A,this);}},toFloat:function(){return parseFloat(this);
-},toInt:function(A){return parseInt(this,A||10);}});Number.alias("times","each");(function(B){var A={};B.each(function(C){if(!Number[C]){A[C]=function(){return Math[C].apply(null,[this].concat($A(arguments)));
-};}});Number.implement(A);})(["abs","acos","asin","atan","atan2","ceil","cos","exp","floor","log","max","min","pow","sin","sqrt","tan"]);String.implement({test:function(A,B){return((typeof A=="string")?new RegExp(A,B):A).test(this);
-},contains:function(A,B){return(B)?(B+this+B).indexOf(B+A+B)>-1:this.indexOf(A)>-1;},trim:function(){return this.replace(/^\s+|\s+$/g,"");},clean:function(){return this.replace(/\s+/g," ").trim();
-},camelCase:function(){return this.replace(/-\D/g,function(A){return A.charAt(1).toUpperCase();});},hyphenate:function(){return this.replace(/[A-Z]/g,function(A){return("-"+A.charAt(0).toLowerCase());
-});},capitalize:function(){return this.replace(/\b[a-z]/g,function(A){return A.toUpperCase();});},escapeRegExp:function(){return this.replace(/([-.*+?^${}()|[\]\/\\])/g,"\\$1");
-},toInt:function(A){return parseInt(this,A||10);},toFloat:function(){return parseFloat(this);},hexToRgb:function(B){var A=this.match(/^#?(\w{1,2})(\w{1,2})(\w{1,2})$/);
-return(A)?A.slice(1).hexToRgb(B):null;},rgbToHex:function(B){var A=this.match(/\d{1,3}/g);return(A)?A.rgbToHex(B):null;},stripScripts:function(B){var A="";
-var C=this.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi,function(){A+=arguments[1]+"\n";return"";});if(B===true){$exec(A);}else{if($type(B)=="function"){B(A,C);
-}}return C;},substitute:function(A,B){return this.replace(B||(/\\?\{([^}]+)\}/g),function(D,C){if(D.charAt(0)=="\\"){return D.slice(1);}return(A[C]!=undefined)?A[C]:"";
-});}});Hash.implement({has:Object.prototype.hasOwnProperty,keyOf:function(B){for(var A in this){if(this.hasOwnProperty(A)&&this[A]===B){return A;}}return null;
-},hasValue:function(A){return(Hash.keyOf(this,A)!==null);},extend:function(A){Hash.each(A,function(C,B){Hash.set(this,B,C);},this);return this;},combine:function(A){Hash.each(A,function(C,B){Hash.include(this,B,C);
-},this);return this;},erase:function(A){if(this.hasOwnProperty(A)){delete this[A];}return this;},get:function(A){return(this.hasOwnProperty(A))?this[A]:null;
-},set:function(A,B){if(!this[A]||this.hasOwnProperty(A)){this[A]=B;}return this;},empty:function(){Hash.each(this,function(B,A){delete this[A];},this);
-return this;},include:function(B,C){var A=this[B];if(A==undefined){this[B]=C;}return this;},map:function(B,C){var A=new Hash;Hash.each(this,function(E,D){A.set(D,B.call(C,E,D,this));
-},this);return A;},filter:function(B,C){var A=new Hash;Hash.each(this,function(E,D){if(B.call(C,E,D,this)){A.set(D,E);}},this);return A;},every:function(B,C){for(var A in this){if(this.hasOwnProperty(A)&&!B.call(C,this[A],A)){return false;
-}}return true;},some:function(B,C){for(var A in this){if(this.hasOwnProperty(A)&&B.call(C,this[A],A)){return true;}}return false;},getKeys:function(){var A=[];
-Hash.each(this,function(C,B){A.push(B);});return A;},getValues:function(){var A=[];Hash.each(this,function(B){A.push(B);});return A;},toQueryString:function(A){var B=[];
-Hash.each(this,function(F,E){if(A){E=A+"["+E+"]";}var D;switch($type(F)){case"object":D=Hash.toQueryString(F,E);break;case"array":var C={};F.each(function(H,G){C[G]=H;
-});D=Hash.toQueryString(C,E);break;default:D=E+"="+encodeURIComponent(F);}if(F!=undefined){B.push(D);}});return B.join("&");}});Hash.alias({keyOf:"indexOf",hasValue:"contains"});
-var Event=new Native({name:"Event",initialize:function(A,F){F=F||window;var K=F.document;A=A||F.event;if(A.$extended){return A;}this.$extended=true;var J=A.type;
-var G=A.target||A.srcElement;while(G&&G.nodeType==3){G=G.parentNode;}if(J.test(/key/)){var B=A.which||A.keyCode;var M=Event.Keys.keyOf(B);if(J=="keydown"){var D=B-111;
-if(D>0&&D<13){M="f"+D;}}M=M||String.fromCharCode(B).toLowerCase();}else{if(J.match(/(click|mouse|menu)/i)){K=(!K.compatMode||K.compatMode=="CSS1Compat")?K.html:K.body;
-var I={x:A.pageX||A.clientX+K.scrollLeft,y:A.pageY||A.clientY+K.scrollTop};var C={x:(A.pageX)?A.pageX-F.pageXOffset:A.clientX,y:(A.pageY)?A.pageY-F.pageYOffset:A.clientY};
-if(J.match(/DOMMouseScroll|mousewheel/)){var H=(A.wheelDelta)?A.wheelDelta/120:-(A.detail||0)/3;}var E=(A.which==3)||(A.button==2);var L=null;if(J.match(/over|out/)){switch(J){case"mouseover":L=A.relatedTarget||A.fromElement;
-break;case"mouseout":L=A.relatedTarget||A.toElement;}if(!(function(){while(L&&L.nodeType==3){L=L.parentNode;}return true;}).create({attempt:Browser.Engine.gecko})()){L=false;
-}}}}return $extend(this,{event:A,type:J,page:I,client:C,rightClick:E,wheel:H,relatedTarget:L,target:G,code:B,key:M,shift:A.shiftKey,control:A.ctrlKey,alt:A.altKey,meta:A.metaKey});
-}});Event.Keys=new Hash({enter:13,up:38,down:40,left:37,right:39,esc:27,space:32,backspace:8,tab:9,"delete":46});Event.implement({stop:function(){return this.stopPropagation().preventDefault();
-},stopPropagation:function(){if(this.event.stopPropagation){this.event.stopPropagation();}else{this.event.cancelBubble=true;}return this;},preventDefault:function(){if(this.event.preventDefault){this.event.preventDefault();
-}else{this.event.returnValue=false;}return this;}});var Class=new Native({name:"Class",initialize:function(B){B=B||{};var A=function(E){for(var D in this){this[D]=$unlink(this[D]);
-}for(var F in Class.Mutators){if(!this[F]){continue;}Class.Mutators[F](this,this[F]);delete this[F];}this.constructor=A;if(E===$empty){return this;}var C=(this.initialize)?this.initialize.apply(this,arguments):this;
-if(this.options&&this.options.initialize){this.options.initialize.call(this);}return C;};$extend(A,this);A.constructor=Class;A.prototype=B;return A;}});
-Class.implement({implement:function(){Class.Mutators.Implements(this.prototype,Array.slice(arguments));return this;}});Class.Mutators={Implements:function(A,B){$splat(B).each(function(C){$extend(A,($type(C)=="class")?new C($empty):C);
-});},Extends:function(self,klass){var instance=new klass($empty);delete instance.parent;delete instance.parentOf;for(var key in instance){var current=self[key],previous=instance[key];
-if(current==undefined){self[key]=previous;continue;}var ctype=$type(current),ptype=$type(previous);if(ctype!=ptype){continue;}switch(ctype){case"function":if(!arguments.callee.caller){self[key]=eval("("+String(current).replace(/\bthis\.parent\(\s*(\))?/g,function(full,close){return"arguments.callee._parent_.call(this"+(close||", ");
-})+")");}self[key]._parent_=previous;break;case"object":self[key]=$merge(previous,current);}}self.parent=function(){return arguments.callee.caller._parent_.apply(this,arguments);
-};self.parentOf=function(descendant){return descendant._parent_.apply(this,Array.slice(arguments,1));};}};var Chain=new Class({chain:function(){this.$chain=(this.$chain||[]).extend(arguments);
-return this;},callChain:function(){return(this.$chain&&this.$chain.length)?this.$chain.shift().apply(this,arguments):false;},clearChain:function(){if(this.$chain){this.$chain.empty();
-}return this;}});var Events=new Class({addEvent:function(C,B,A){C=Events.removeOn(C);if(B!=$empty){this.$events=this.$events||{};this.$events[C]=this.$events[C]||[];
-this.$events[C].include(B);if(A){B.internal=true;}}return this;},addEvents:function(A){for(var B in A){this.addEvent(B,A[B]);}return this;},fireEvent:function(C,B,A){C=Events.removeOn(C);
-if(!this.$events||!this.$events[C]){return this;}this.$events[C].each(function(D){D.create({bind:this,delay:A,"arguments":B})();},this);return this;},removeEvent:function(B,A){B=Events.removeOn(B);
-if(!this.$events||!this.$events[B]){return this;}if(!A.internal){this.$events[B].erase(A);}return this;},removeEvents:function(C){for(var D in this.$events){if(C&&C!=D){continue;
-}var B=this.$events[D];for(var A=B.length;A--;A){this.removeEvent(D,B[A]);}}return this;}});Events.removeOn=function(A){return A.replace(/^on([A-Z])/,function(B,C){return C.toLowerCase();
-});};var Options=new Class({setOptions:function(){this.options=$merge.run([this.options].extend(arguments));if(!this.addEvent){return this;}for(var A in this.options){if($type(this.options[A])!="function"||!(/^on[A-Z]/).test(A)){continue;
-}this.addEvent(A,this.options[A]);delete this.options[A];}return this;}});Document.implement({newElement:function(A,B){if(Browser.Engine.trident&&B){["name","type","checked"].each(function(C){if(!B[C]){return ;
-}A+=" "+C+'="'+B[C]+'"';if(C!="checked"){delete B[C];}});A="<"+A+">";}return $.element(this.createElement(A)).set(B);},newTextNode:function(A){return this.createTextNode(A);
-},getDocument:function(){return this;},getWindow:function(){return this.defaultView||this.parentWindow;},purge:function(){var C=this.getElementsByTagName("*");
-for(var B=0,A=C.length;B<A;B++){Browser.freeMem(C[B]);}}});var Element=new Native({name:"Element",legacy:window.Element,initialize:function(A,B){var C=Element.Constructors.get(A);
-if(C){return C(B);}if(typeof A=="string"){return document.newElement(A,B);}return $(A).set(B);},afterImplement:function(A,B){if(!Array[A]){Elements.implement(A,Elements.multi(A));
-}Element.Prototype[A]=B;}});Element.Prototype={$family:{name:"element"}};Element.Constructors=new Hash;var IFrame=new Native({name:"IFrame",generics:false,initialize:function(){var E=Array.link(arguments,{properties:Object.type,iframe:$defined});
-var C=E.properties||{};var B=$(E.iframe)||false;var D=C.onload||$empty;delete C.onload;C.id=C.name=$pick(C.id,C.name,B.id,B.name,"IFrame_"+$time());B=new Element(B||"iframe",C);
-var A=function(){var F=$try(function(){return B.contentWindow.location.host;});if(F&&F==window.location.host){var H=new Window(B.contentWindow);var G=new Document(B.contentWindow.document);
-$extend(H.Element.prototype,Element.Prototype);}D.call(B.contentWindow,B.contentWindow.document);};(!window.frames[C.id])?B.addListener("load",A):A();return B;
-}});var Elements=new Native({initialize:function(F,B){B=$extend({ddup:true,cash:true},B);F=F||[];if(B.ddup||B.cash){var G={},E=[];for(var C=0,A=F.length;
-C<A;C++){var D=$.element(F[C],!B.cash);if(B.ddup){if(G[D.uid]){continue;}G[D.uid]=true;}E.push(D);}F=E;}return(B.cash)?$extend(F,this):F;}});Elements.implement({filter:function(A,B){if(!A){return this;
-}return new Elements(Array.filter(this,(typeof A=="string")?function(C){return C.match(A);}:A,B));}});Elements.multi=function(A){return function(){var B=[];
-var F=true;for(var D=0,C=this.length;D<C;D++){var E=this[D][A].apply(this[D],arguments);B.push(E);if(F){F=($type(E)=="element");}}return(F)?new Elements(B):B;
-};};Window.implement({$:function(B,C){if(B&&B.$family&&B.uid){return B;}var A=$type(B);return($[A])?$[A](B,C,this.document):null;},$$:function(A){if(arguments.length==1&&typeof A=="string"){return this.document.getElements(A);
-}var F=[];var C=Array.flatten(arguments);for(var D=0,B=C.length;D<B;D++){var E=C[D];switch($type(E)){case"element":E=[E];break;case"string":E=this.document.getElements(E,true);
-break;default:E=false;}if(E){F.extend(E);}}return new Elements(F);},getDocument:function(){return this.document;},getWindow:function(){return this;}});
-$.string=function(C,B,A){C=A.getElementById(C);return(C)?$.element(C,B):null;};$.element=function(A,D){$uid(A);if(!D&&!A.$family&&!(/^object|embed$/i).test(A.tagName)){var B=Element.Prototype;
-for(var C in B){A[C]=B[C];}}return A;};$.object=function(B,C,A){if(B.toElement){return $.element(B.toElement(A),C);}return null;};$.textnode=$.whitespace=$.window=$.document=$arguments(0);
-Native.implement([Element,Document],{getElement:function(A,B){return $(this.getElements(A,true)[0]||null,B);},getElements:function(A,D){A=A.split(",");
-var C=[];var B=(A.length>1);A.each(function(E){var F=this.getElementsByTagName(E.trim());(B)?C.extend(F):C=F;},this);return new Elements(C,{ddup:B,cash:!D});
-}});Element.Storage={get:function(A){return(this[A]||(this[A]={}));}};Element.Inserters=new Hash({before:function(B,A){if(A.parentNode){A.parentNode.insertBefore(B,A);
-}},after:function(B,A){if(!A.parentNode){return ;}var C=A.nextSibling;(C)?A.parentNode.insertBefore(B,C):A.parentNode.appendChild(B);},bottom:function(B,A){A.appendChild(B);
-},top:function(B,A){var C=A.firstChild;(C)?A.insertBefore(B,C):A.appendChild(B);}});Element.Inserters.inside=Element.Inserters.bottom;Element.Inserters.each(function(C,B){var A=B.capitalize();
-Element.implement("inject"+A,function(D){C(this,$(D,true));return this;});Element.implement("grab"+A,function(D){C($(D,true),this);return this;});});Element.implement({getDocument:function(){return this.ownerDocument;
-},getWindow:function(){return this.ownerDocument.getWindow();},getElementById:function(D,C){var B=this.ownerDocument.getElementById(D);if(!B){return null;
-}for(var A=B.parentNode;A!=this;A=A.parentNode){if(!A){return null;}}return $.element(B,C);},set:function(D,B){switch($type(D)){case"object":for(var C in D){this.set(C,D[C]);
-}break;case"string":var A=Element.Properties.get(D);(A&&A.set)?A.set.apply(this,Array.slice(arguments,1)):this.setProperty(D,B);}return this;},get:function(B){var A=Element.Properties.get(B);
-return(A&&A.get)?A.get.apply(this,Array.slice(arguments,1)):this.getProperty(B);},erase:function(B){var A=Element.Properties.get(B);(A&&A.erase)?A.erase.apply(this,Array.slice(arguments,1)):this.removeProperty(B);
-return this;},match:function(A){return(!A||Element.get(this,"tag")==A);},inject:function(B,A){Element.Inserters.get(A||"bottom")(this,$(B,true));return this;
-},wraps:function(B,A){B=$(B,true);return this.replaces(B).grab(B,A);},grab:function(B,A){Element.Inserters.get(A||"bottom")($(B,true),this);return this;
-},appendText:function(B,A){return this.grab(this.getDocument().newTextNode(B),A);},adopt:function(){Array.flatten(arguments).each(function(A){A=$(A,true);
-if(A){this.appendChild(A);}},this);return this;},dispose:function(){return(this.parentNode)?this.parentNode.removeChild(this):this;},clone:function(D,C){switch($type(this)){case"element":var H={};
-for(var G=0,E=this.attributes.length;G<E;G++){var B=this.attributes[G],L=B.nodeName.toLowerCase();if(Browser.Engine.trident&&(/input/i).test(this.tagName)&&(/width|height/).test(L)){continue;
-}var K=(L=="style"&&this.style)?this.style.cssText:B.nodeValue;if(!$chk(K)||L=="uid"||(L=="id"&&!C)){continue;}if(K!="inherit"&&["string","number"].contains($type(K))){H[L]=K;
-}}var J=new Element(this.nodeName.toLowerCase(),H);if(D!==false){for(var I=0,F=this.childNodes.length;I<F;I++){var A=Element.clone(this.childNodes[I],true,C);
-if(A){J.grab(A);}}}return J;case"textnode":return document.newTextNode(this.nodeValue);}return null;},replaces:function(A){A=$(A,true);A.parentNode.replaceChild(this,A);
-return this;},hasClass:function(A){return this.className.contains(A," ");},addClass:function(A){if(!this.hasClass(A)){this.className=(this.className+" "+A).clean();
-}return this;},removeClass:function(A){this.className=this.className.replace(new RegExp("(^|\\s)"+A+"(?:\\s|$)"),"$1").clean();return this;},toggleClass:function(A){return this.hasClass(A)?this.removeClass(A):this.addClass(A);
-},getComputedStyle:function(B){if(this.currentStyle){return this.currentStyle[B.camelCase()];}var A=this.getWindow().getComputedStyle(this,null);return(A)?A.getPropertyValue([B.hyphenate()]):null;
-},empty:function(){$A(this.childNodes).each(function(A){Browser.freeMem(A);Element.empty(A);Element.dispose(A);},this);return this;},destroy:function(){Browser.freeMem(this.empty().dispose());
-return null;},getSelected:function(){return new Elements($A(this.options).filter(function(A){return A.selected;}));},toQueryString:function(){var A=[];
-this.getElements("input, select, textarea").each(function(B){if(!B.name||B.disabled){return ;}var C=(B.tagName.toLowerCase()=="select")?Element.getSelected(B).map(function(D){return D.value;
-}):((B.type=="radio"||B.type=="checkbox")&&!B.checked)?null:B.value;$splat(C).each(function(D){if(D){A.push(B.name+"="+encodeURIComponent(D));}});});return A.join("&");
-},getProperty:function(C){var B=Element.Attributes,A=B.Props[C];var D=(A)?this[A]:this.getAttribute(C,2);return(B.Bools[C])?!!D:(A)?D:D||null;},getProperties:function(){var A=$A(arguments);
-return A.map(function(B){return this.getProperty(B);},this).associate(A);},setProperty:function(D,E){var C=Element.Attributes,B=C.Props[D],A=$defined(E);
-if(B&&C.Bools[D]){E=(E||!A)?true:false;}else{if(!A){return this.removeProperty(D);}}(B)?this[B]=E:this.setAttribute(D,E);return this;},setProperties:function(A){for(var B in A){this.setProperty(B,A[B]);
-}return this;},removeProperty:function(D){var C=Element.Attributes,B=C.Props[D],A=(B&&C.Bools[D]);(B)?this[B]=(A)?false:"":this.removeAttribute(D);return this;
-},removeProperties:function(){Array.each(arguments,this.removeProperty,this);return this;}});(function(){var A=function(D,B,I,C,F,H){var E=D[I||B];var G=[];
-while(E){if(E.nodeType==1&&(!C||Element.match(E,C))){G.push(E);if(!F){break;}}E=E[B];}return(F)?new Elements(G,{ddup:false,cash:!H}):$(G[0],H);};Element.implement({getPrevious:function(B,C){return A(this,"previousSibling",null,B,false,C);
-},getAllPrevious:function(B,C){return A(this,"previousSibling",null,B,true,C);},getNext:function(B,C){return A(this,"nextSibling",null,B,false,C);},getAllNext:function(B,C){return A(this,"nextSibling",null,B,true,C);
-},getFirst:function(B,C){return A(this,"nextSibling","firstChild",B,false,C);},getLast:function(B,C){return A(this,"previousSibling","lastChild",B,false,C);
-},getParent:function(B,C){return A(this,"parentNode",null,B,false,C);},getParents:function(B,C){return A(this,"parentNode",null,B,true,C);},getChildren:function(B,C){return A(this,"nextSibling","firstChild",B,true,C);
-},hasChild:function(B){B=$(B,true);return(!!B&&$A(this.getElementsByTagName(B.tagName)).contains(B));}});})();Element.Properties=new Hash;Element.Properties.style={set:function(A){this.style.cssText=A;
-},get:function(){return this.style.cssText;},erase:function(){this.style.cssText="";}};Element.Properties.tag={get:function(){return this.tagName.toLowerCase();
-}};Element.Properties.href={get:function(){return(!this.href)?null:this.href.replace(new RegExp("^"+document.location.protocol+"//"+document.location.host),"");
-}};Element.Properties.html={set:function(){return this.innerHTML=Array.flatten(arguments).join("");}};Native.implement([Element,Window,Document],{addListener:function(B,A){if(this.addEventListener){this.addEventListener(B,A,false);
-}else{this.attachEvent("on"+B,A);}return this;},removeListener:function(B,A){if(this.removeEventListener){this.removeEventListener(B,A,false);}else{this.detachEvent("on"+B,A);
-}return this;},retrieve:function(B,A){var D=Element.Storage.get(this.uid);var C=D[B];if($defined(A)&&!$defined(C)){C=D[B]=A;}return $pick(C);},store:function(B,A){var C=Element.Storage.get(this.uid);
-C[B]=A;return this;},eliminate:function(A){var B=Element.Storage.get(this.uid);delete B[A];return this;}});Element.Attributes=new Hash({Props:{html:"innerHTML","class":"className","for":"htmlFor",text:(Browser.Engine.trident)?"innerText":"textContent"},Bools:["compact","nowrap","ismap","declare","noshade","checked","disabled","readonly","multiple","selected","noresize","defer"],Camels:["value","accessKey","cellPadding","cellSpacing","colSpan","frameBorder","maxLength","readOnly","rowSpan","tabIndex","useMap"]});
-Browser.freeMem=function(A){if(!A){return ;}if(Browser.Engine.trident&&(/object/i).test(A.tagName)){for(var B in A){if(typeof A[B]=="function"){A[B]=$empty;
-}}Element.dispose(A);}if(A.uid&&A.removeEvents){A.removeEvents();}};(function(B){var C=B.Bools,A=B.Camels;B.Bools=C=C.associate(C);Hash.extend(Hash.combine(B.Props,C),A.associate(A.map(function(D){return D.toLowerCase();
-})));B.erase("Camels");})(Element.Attributes);window.addListener("unload",function(){window.removeListener("unload",arguments.callee);document.purge();
-if(Browser.Engine.trident){CollectGarbage();}});Element.Properties.events={set:function(A){this.addEvents(A);}};Native.implement([Element,Window,Document],{addEvent:function(E,G){var H=this.retrieve("events",{});
-H[E]=H[E]||{keys:[],values:[]};if(H[E].keys.contains(G)){return this;}H[E].keys.push(G);var F=E,A=Element.Events.get(E),C=G,I=this;if(A){if(A.onAdd){A.onAdd.call(this,G);
-}if(A.condition){C=function(J){if(A.condition.call(this,J)){return G.call(this,J);}return false;};}F=A.base||F;}var D=function(){return G.call(I);};var B=Element.NativeEvents[F]||0;
-if(B){if(B==2){D=function(J){J=new Event(J,I.getWindow());if(C.call(I,J)===false){J.stop();}};}this.addListener(F,D);}H[E].values.push(D);return this;},removeEvent:function(D,C){var B=this.retrieve("events");
-if(!B||!B[D]){return this;}var G=B[D].keys.indexOf(C);if(G==-1){return this;}var A=B[D].keys.splice(G,1)[0];var F=B[D].values.splice(G,1)[0];var E=Element.Events.get(D);
-if(E){if(E.onRemove){E.onRemove.call(this,C);}D=E.base||D;}return(Element.NativeEvents[D])?this.removeListener(D,F):this;},addEvents:function(A){for(var B in A){this.addEvent(B,A[B]);
-}return this;},removeEvents:function(B){var A=this.retrieve("events");if(!A){return this;}if(!B){for(var C in A){this.removeEvents(C);}A=null;}else{if(A[B]){while(A[B].keys[0]){this.removeEvent(B,A[B].keys[0]);
-}A[B]=null;}}return this;},fireEvent:function(D,B,A){var C=this.retrieve("events");if(!C||!C[D]){return this;}C[D].keys.each(function(E){E.create({bind:this,delay:A,"arguments":B})();
-},this);return this;},cloneEvents:function(D,A){D=$(D);var C=D.retrieve("events");if(!C){return this;}if(!A){for(var B in C){this.cloneEvents(D,B);}}else{if(C[A]){C[A].keys.each(function(E){this.addEvent(A,E);
-},this);}}return this;}});Element.NativeEvents={click:2,dblclick:2,mouseup:2,mousedown:2,contextmenu:2,mousewheel:2,DOMMouseScroll:2,mouseover:2,mouseout:2,mousemove:2,selectstart:2,selectend:2,keydown:2,keypress:2,keyup:2,focus:2,blur:2,change:2,reset:2,select:2,submit:2,load:1,unload:1,beforeunload:2,resize:1,move:1,DOMContentLoaded:1,readystatechange:1,error:1,abort:1,scroll:1};
-(function(){var A=function(B){var C=B.relatedTarget;if(C==undefined){return true;}if(C===false){return false;}return($type(this)!="document"&&C!=this&&C.prefix!="xul"&&!this.hasChild(C));
-};Element.Events=new Hash({mouseenter:{base:"mouseover",condition:A},mouseleave:{base:"mouseout",condition:A},mousewheel:{base:(Browser.Engine.gecko)?"DOMMouseScroll":"mousewheel"}});
-})();Element.Properties.styles={set:function(A){this.setStyles(A);}};Element.Properties.opacity={set:function(A,B){if(!B){if(A==0){if(this.style.visibility!="hidden"){this.style.visibility="hidden";
-}}else{if(this.style.visibility!="visible"){this.style.visibility="visible";}}}if(!this.currentStyle||!this.currentStyle.hasLayout){this.style.zoom=1;}if(Browser.Engine.trident){this.style.filter=(A==1)?"":"alpha(opacity="+A*100+")";
-}this.style.opacity=A;this.store("opacity",A);},get:function(){return this.retrieve("opacity",1);}};Element.implement({setOpacity:function(A){return this.set("opacity",A,true);
-},getOpacity:function(){return this.get("opacity");},setStyle:function(B,A){switch(B){case"opacity":return this.set("opacity",parseFloat(A));case"float":B=(Browser.Engine.trident)?"styleFloat":"cssFloat";
-}B=B.camelCase();if($type(A)!="string"){var C=(Element.Styles.get(B)||"@").split(" ");A=$splat(A).map(function(E,D){if(!C[D]){return"";}return($type(E)=="number")?C[D].replace("@",Math.round(E)):E;
-}).join(" ");}else{if(A==String(Number(A))){A=Math.round(A);}}this.style[B]=A;return this;},getStyle:function(G){switch(G){case"opacity":return this.get("opacity");
-case"float":G=(Browser.Engine.trident)?"styleFloat":"cssFloat";}G=G.camelCase();var A=this.style[G];if(!$chk(A)){A=[];for(var F in Element.ShortStyles){if(G!=F){continue;
-}for(var E in Element.ShortStyles[F]){A.push(this.getStyle(E));}return A.join(" ");}A=this.getComputedStyle(G);}if(A){A=String(A);var C=A.match(/rgba?\([\d\s,]+\)/);
-if(C){A=A.replace(C[0],C[0].rgbToHex());}}if(Browser.Engine.presto||(Browser.Engine.trident&&!$chk(parseInt(A)))){if(G.test(/^(height|width)$/)){var B=(G=="width")?["left","right"]:["top","bottom"],D=0;
-B.each(function(H){D+=this.getStyle("border-"+H+"-width").toInt()+this.getStyle("padding-"+H).toInt();},this);return this["offset"+G.capitalize()]-D+"px";
-}if(Browser.Engine.presto&&String(A).test("px")){return A;}if(G.test(/(border(.+)Width|margin|padding)/)){return"0px";}}return A;},setStyles:function(B){for(var A in B){this.setStyle(A,B[A]);
-}return this;},getStyles:function(){var A={};Array.each(arguments,function(B){A[B]=this.getStyle(B);},this);return A;}});Element.Styles=new Hash({left:"@px",top:"@px",bottom:"@px",right:"@px",width:"@px",height:"@px",maxWidth:"@px",maxHeight:"@px",minWidth:"@px",minHeight:"@px",backgroundColor:"rgb(@, @, @)",backgroundPosition:"@px @px",color:"rgb(@, @, @)",fontSize:"@px",letterSpacing:"@px",lineHeight:"@px",clip:"rect(@px @px @px @px)",margin:"@px @px @px @px",padding:"@px @px @px @px",border:"@px @ rgb(@, @, @) @px @ rgb(@, @, @) @px @ rgb(@, @, @)",borderWidth:"@px @px @px @px",borderStyle:"@ @ @ @",borderColor:"rgb(@, @, @) rgb(@, @, @) rgb(@, @, @) rgb(@, @, @)",zIndex:"@",zoom:"@",fontWeight:"@",textIndent:"@px",opacity:"@"});
-Element.ShortStyles={margin:{},padding:{},border:{},borderWidth:{},borderStyle:{},borderColor:{}};["Top","Right","Bottom","Left"].each(function(G){var F=Element.ShortStyles;
-var B=Element.Styles;["margin","padding"].each(function(H){var I=H+G;F[H][I]=B[I]="@px";});var E="border"+G;F.border[E]=B[E]="@px @ rgb(@, @, @)";var D=E+"Width",A=E+"Style",C=E+"Color";
-F[E]={};F.borderWidth[D]=F[E][D]=B[D]="@px";F.borderStyle[A]=F[E][A]=B[A]="@";F.borderColor[C]=F[E][C]=B[C]="rgb(@, @, @)";});(function(){Element.implement({scrollTo:function(H,I){if(B(this)){this.getWindow().scrollTo(H,I);
-}else{this.scrollLeft=H;this.scrollTop=I;}return this;},getSize:function(){if(B(this)){return this.getWindow().getSize();}return{x:this.offsetWidth,y:this.offsetHeight};
-},getScrollSize:function(){if(B(this)){return this.getWindow().getScrollSize();}return{x:this.scrollWidth,y:this.scrollHeight};},getScroll:function(){if(B(this)){return this.getWindow().getScroll();
-}return{x:this.scrollLeft,y:this.scrollTop};},getScrolls:function(){var I=this,H={x:0,y:0};while(I&&!B(I)){H.x+=I.scrollLeft;H.y+=I.scrollTop;I=I.parentNode;
-}return H;},getOffsetParent:function(){var H=this;if(B(H)){return null;}if(!Browser.Engine.trident){return H.offsetParent;}while((H=H.parentNode)&&!B(H)){if(D(H,"position")!="static"){return H;
-}}return null;},getOffsets:function(){var I=this,H={x:0,y:0};if(B(this)){return H;}while(I&&!B(I)){H.x+=I.offsetLeft;H.y+=I.offsetTop;if(Browser.Engine.gecko){if(!F(I)){H.x+=C(I);
-H.y+=G(I);}var J=I.parentNode;if(J&&D(J,"overflow")!="visible"){H.x+=C(J);H.y+=G(J);}}else{if(I!=this&&(Browser.Engine.trident||Browser.Engine.webkit)){H.x+=C(I);
-H.y+=G(I);}}I=I.offsetParent;if(Browser.Engine.trident){while(I&&!I.currentStyle.hasLayout){I=I.offsetParent;}}}if(Browser.Engine.gecko&&!F(this)){H.x-=C(this);
-H.y-=G(this);}return H;},getPosition:function(K){if(B(this)){return{x:0,y:0};}var L=this.getOffsets(),I=this.getScrolls();var H={x:L.x-I.x,y:L.y-I.y};var J=(K&&(K=$(K)))?K.getPosition():{x:0,y:0};
-return{x:H.x-J.x,y:H.y-J.y};},getCoordinates:function(J){if(B(this)){return this.getWindow().getCoordinates();}var H=this.getPosition(J),I=this.getSize();
-var K={left:H.x,top:H.y,width:I.x,height:I.y};K.right=K.left+K.width;K.bottom=K.top+K.height;return K;},computePosition:function(H){return{left:H.x-E(this,"margin-left"),top:H.y-E(this,"margin-top")};
-},position:function(H){return this.setStyles(this.computePosition(H));}});Native.implement([Document,Window],{getSize:function(){var I=this.getWindow();
-if(Browser.Engine.presto||Browser.Engine.webkit){return{x:I.innerWidth,y:I.innerHeight};}var H=A(this);return{x:H.clientWidth,y:H.clientHeight};},getScroll:function(){var I=this.getWindow();
-var H=A(this);return{x:I.pageXOffset||H.scrollLeft,y:I.pageYOffset||H.scrollTop};},getScrollSize:function(){var I=A(this);var H=this.getSize();return{x:Math.max(I.scrollWidth,H.x),y:Math.max(I.scrollHeight,H.y)};
-},getPosition:function(){return{x:0,y:0};},getCoordinates:function(){var H=this.getSize();return{top:0,left:0,bottom:H.y,right:H.x,height:H.y,width:H.x};
-}});var D=Element.getComputedStyle;function E(H,I){return D(H,I).toInt()||0;}function F(H){return D(H,"-moz-box-sizing")=="border-box";}function G(H){return E(H,"border-top-width");
-}function C(H){return E(H,"border-left-width");}function B(H){return(/^(?:body|html)$/i).test(H.tagName);}function A(H){var I=H.getDocument();return(!I.compatMode||I.compatMode=="CSS1Compat")?I.html:I.body;
-}})();Native.implement([Window,Document,Element],{getHeight:function(){return this.getSize().y;},getWidth:function(){return this.getSize().x;},getScrollTop:function(){return this.getScroll().y;
-},getScrollLeft:function(){return this.getScroll().x;},getScrollHeight:function(){return this.getScrollSize().y;},getScrollWidth:function(){return this.getScrollSize().x;
-},getTop:function(){return this.getPosition().y;},getLeft:function(){return this.getPosition().x;}});Native.implement([Document,Element],{getElements:function(H,G){H=H.split(",");
-var C,E={};for(var D=0,B=H.length;D<B;D++){var A=H[D],F=Selectors.Utils.search(this,A,E);if(D!=0&&F.item){F=$A(F);}C=(D==0)?F:(C.item)?$A(C).concat(F):C.concat(F);
-}return new Elements(C,{ddup:(H.length>1),cash:!G});}});Element.implement({match:function(B){if(!B){return true;}var D=Selectors.Utils.parseTagAndID(B);
-var A=D[0],E=D[1];if(!Selectors.Filters.byID(this,E)||!Selectors.Filters.byTag(this,A)){return false;}var C=Selectors.Utils.parseSelector(B);return(C)?Selectors.Utils.filter(this,C,{}):true;
-}});var Selectors={Cache:{nth:{},parsed:{}}};Selectors.RegExps={id:(/#([\w-]+)/),tag:(/^(\w+|\*)/),quick:(/^(\w+|\*)$/),splitter:(/\s*([+>~\s])\s*([a-zA-Z#.*:\[])/g),combined:(/\.([\w-]+)|\[(\w+)(?:([!*^$~|]?=)["']?(.*?)["']?)?\]|:([\w-]+)(?:\(["']?(.*?)?["']?\)|$)/g)};
-Selectors.Utils={chk:function(B,C){if(!C){return true;}var A=$uid(B);if(!C[A]){return C[A]=true;}return false;},parseNthArgument:function(F){if(Selectors.Cache.nth[F]){return Selectors.Cache.nth[F];
-}var C=F.match(/^([+-]?\d*)?([a-z]+)?([+-]?\d*)?$/);if(!C){return false;}var E=parseInt(C[1]);var B=(E||E===0)?E:1;var D=C[2]||false;var A=parseInt(C[3])||0;
-if(B!=0){A--;while(A<1){A+=B;}while(A>=B){A-=B;}}else{B=A;D="index";}switch(D){case"n":C={a:B,b:A,special:"n"};break;case"odd":C={a:2,b:0,special:"n"};
-break;case"even":C={a:2,b:1,special:"n"};break;case"first":C={a:0,special:"index"};break;case"last":C={special:"last-child"};break;case"only":C={special:"only-child"};
-break;default:C={a:(B-1),special:"index"};}return Selectors.Cache.nth[F]=C;},parseSelector:function(E){if(Selectors.Cache.parsed[E]){return Selectors.Cache.parsed[E];
-}var D,H={classes:[],pseudos:[],attributes:[]};while((D=Selectors.RegExps.combined.exec(E))){var I=D[1],G=D[2],F=D[3],B=D[4],C=D[5],J=D[6];if(I){H.classes.push(I);
-}else{if(C){var A=Selectors.Pseudo.get(C);if(A){H.pseudos.push({parser:A,argument:J});}else{H.attributes.push({name:C,operator:"=",value:J});}}else{if(G){H.attributes.push({name:G,operator:F,value:B});
-}}}}if(!H.classes.length){delete H.classes;}if(!H.attributes.length){delete H.attributes;}if(!H.pseudos.length){delete H.pseudos;}if(!H.classes&&!H.attributes&&!H.pseudos){H=null;
-}return Selectors.Cache.parsed[E]=H;},parseTagAndID:function(B){var A=B.match(Selectors.RegExps.tag);var C=B.match(Selectors.RegExps.id);return[(A)?A[1]:"*",(C)?C[1]:false];
-},filter:function(F,C,E){var D;if(C.classes){for(D=C.classes.length;D--;D){var G=C.classes[D];if(!Selectors.Filters.byClass(F,G)){return false;}}}if(C.attributes){for(D=C.attributes.length;
-D--;D){var B=C.attributes[D];if(!Selectors.Filters.byAttribute(F,B.name,B.operator,B.value)){return false;}}}if(C.pseudos){for(D=C.pseudos.length;D--;D){var A=C.pseudos[D];
-if(!Selectors.Filters.byPseudo(F,A.parser,A.argument,E)){return false;}}}return true;},getByTagAndID:function(B,A,D){if(D){var C=(B.getElementById)?B.getElementById(D,true):Element.getElementById(B,D,true);
-return(C&&Selectors.Filters.byTag(C,A))?[C]:[];}else{return B.getElementsByTagName(A);}},search:function(J,I,O){var B=[];var C=I.trim().replace(Selectors.RegExps.splitter,function(Z,Y,X){B.push(Y);
-return":)"+X;}).split(":)");var K,F,E,V;for(var U=0,Q=C.length;U<Q;U++){var T=C[U];if(U==0&&Selectors.RegExps.quick.test(T)){K=J.getElementsByTagName(T);
-continue;}var A=B[U-1];var L=Selectors.Utils.parseTagAndID(T);var W=L[0],M=L[1];if(U==0){K=Selectors.Utils.getByTagAndID(J,W,M);}else{var D={},H=[];for(var S=0,R=K.length;
-S<R;S++){H=Selectors.Getters[A](H,K[S],W,M,D);}K=H;}var G=Selectors.Utils.parseSelector(T);if(G){E=[];for(var P=0,N=K.length;P<N;P++){V=K[P];if(Selectors.Utils.filter(V,G,O)){E.push(V);
-}}K=E;}}return K;}};Selectors.Getters={" ":function(H,G,I,A,E){var D=Selectors.Utils.getByTagAndID(G,I,A);for(var C=0,B=D.length;C<B;C++){var F=D[C];if(Selectors.Utils.chk(F,E)){H.push(F);
-}}return H;},">":function(H,G,I,A,F){var C=Selectors.Utils.getByTagAndID(G,I,A);for(var E=0,D=C.length;E<D;E++){var B=C[E];if(B.parentNode==G&&Selectors.Utils.chk(B,F)){H.push(B);
-}}return H;},"+":function(C,B,A,E,D){while((B=B.nextSibling)){if(B.nodeType==1){if(Selectors.Utils.chk(B,D)&&Selectors.Filters.byTag(B,A)&&Selectors.Filters.byID(B,E)){C.push(B);
-}break;}}return C;},"~":function(C,B,A,E,D){while((B=B.nextSibling)){if(B.nodeType==1){if(!Selectors.Utils.chk(B,D)){break;}if(Selectors.Filters.byTag(B,A)&&Selectors.Filters.byID(B,E)){C.push(B);
-}}}return C;}};Selectors.Filters={byTag:function(B,A){return(A=="*"||(B.tagName&&B.tagName.toLowerCase()==A));},byID:function(A,B){return(!B||(A.id&&A.id==B));
-},byClass:function(B,A){return(B.className&&B.className.contains(A," "));},byPseudo:function(A,D,C,B){return D.call(A,C,B);},byAttribute:function(C,D,B,E){var A=Element.prototype.getProperty.call(C,D);
-if(!A){return false;}if(!B||E==undefined){return true;}switch(B){case"=":return(A==E);case"*=":return(A.contains(E));case"^=":return(A.substr(0,E.length)==E);
-case"$=":return(A.substr(A.length-E.length)==E);case"!=":return(A!=E);case"~=":return A.contains(E," ");case"|=":return A.contains(E,"-");}return false;
-}};Selectors.Pseudo=new Hash({empty:function(){return !(this.innerText||this.textContent||"").length;},not:function(A){return !Element.match(this,A);},contains:function(A){return(this.innerText||this.textContent||"").contains(A);
-},"first-child":function(){return Selectors.Pseudo.index.call(this,0);},"last-child":function(){var A=this;while((A=A.nextSibling)){if(A.nodeType==1){return false;
-}}return true;},"only-child":function(){var B=this;while((B=B.previousSibling)){if(B.nodeType==1){return false;}}var A=this;while((A=A.nextSibling)){if(A.nodeType==1){return false;
-}}return true;},"nth-child":function(G,E){G=(G==undefined)?"n":G;var C=Selectors.Utils.parseNthArgument(G);if(C.special!="n"){return Selectors.Pseudo[C.special].call(this,C.a,E);
-}var F=0;E.positions=E.positions||{};var D=$uid(this);if(!E.positions[D]){var B=this;while((B=B.previousSibling)){if(B.nodeType!=1){continue;}F++;var A=E.positions[$uid(B)];
-if(A!=undefined){F=A+F;break;}}E.positions[D]=F;}return(E.positions[D]%C.a==C.b);},index:function(A){var B=this,C=0;while((B=B.previousSibling)){if(B.nodeType==1&&++C>A){return false;
-}}return(C==A);},even:function(B,A){return Selectors.Pseudo["nth-child"].call(this,"2n+1",A);},odd:function(B,A){return Selectors.Pseudo["nth-child"].call(this,"2n",A);
-}});Element.Events.domready={onAdd:function(A){if(Browser.loaded){A.call(this);}}};(function(){var B=function(){if(Browser.loaded){return ;}Browser.loaded=true;
-window.fireEvent("domready");document.fireEvent("domready");};switch(Browser.Engine.name){case"webkit":(function(){(["loaded","complete"].contains(document.readyState))?B():arguments.callee.delay(50);
-})();break;case"trident":var A=document.createElement("div");(function(){($try(function(){A.doScroll("left");return $(A).inject(document.body).set("html","temp").dispose();
-}))?B():arguments.callee.delay(50);})();break;default:window.addEvent("load",B);document.addEvent("DOMContentLoaded",B);}})();var JSON=new Hash({encode:function(B){switch($type(B)){case"string":return'"'+B.replace(/[\x00-\x1f\\"]/g,JSON.$replaceChars)+'"';
-case"array":return"["+String(B.map(JSON.encode).filter($defined))+"]";case"object":case"hash":var A=[];Hash.each(B,function(E,D){var C=JSON.encode(E);if(C){A.push(JSON.encode(D)+":"+C);
-}});return"{"+A+"}";case"number":case"boolean":return String(B);case false:return"null";}return null;},$specialChars:{"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},$replaceChars:function(A){return JSON.$specialChars[A]||"\\u00"+Math.floor(A.charCodeAt()/16).toString(16)+(A.charCodeAt()%16).toString(16);
-},decode:function(string,secure){if($type(string)!="string"||!string.length){return null;}if(secure&&!(/^[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]*$/).test(string.replace(/\\./g,"@").replace(/"[^"\\\n\r]*"/g,""))){return null;
-}return eval("("+string+")");}});Native.implement([Hash,Array,String,Number],{toJSON:function(){return JSON.encode(this);}});var Cookie=new Class({Implements:Options,options:{path:false,domain:false,duration:false,secure:false,document:document},initialize:function(B,A){this.key=B;
-this.setOptions(A);},write:function(B){B=encodeURIComponent(B);if(this.options.domain){B+="; domain="+this.options.domain;}if(this.options.path){B+="; path="+this.options.path;
-}if(this.options.duration){var A=new Date();A.setTime(A.getTime()+this.options.duration*24*60*60*1000);B+="; expires="+A.toGMTString();}if(this.options.secure){B+="; secure";
-}this.options.document.cookie=this.key+"="+B;return this;},read:function(){var A=this.options.document.cookie.match("(?:^|;)\\s*"+this.key.escapeRegExp()+"=([^;]*)");
-return(A)?decodeURIComponent(A[1]):null;},dispose:function(){new Cookie(this.key,$merge(this.options,{duration:-1})).write("");return this;}});Cookie.write=function(B,C,A){return new Cookie(B,A).write(C);
-};Cookie.read=function(A){return new Cookie(A).read();};Cookie.dispose=function(B,A){return new Cookie(B,A).dispose();};var Swiff=new Class({Implements:[Options],options:{id:null,height:1,width:1,container:null,properties:{},params:{quality:"high",allowScriptAccess:"always",wMode:"transparent",swLiveConnect:true},callBacks:{},vars:{}},toElement:function(){return this.object;
-},initialize:function(L,M){this.instance="Swiff_"+$time();this.setOptions(M);M=this.options;var B=this.id=M.id||this.instance;var A=$(M.container);Swiff.CallBacks[this.instance]={};
-var E=M.params,G=M.vars,F=M.callBacks;var H=$extend({height:M.height,width:M.width},M.properties);var K=this;for(var D in F){Swiff.CallBacks[this.instance][D]=(function(N){return function(){return N.apply(K.object,arguments);
-};})(F[D]);G[D]="Swiff.CallBacks."+this.instance+"."+D;}E.flashVars=Hash.toQueryString(G);if(Browser.Engine.trident){H.classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000";
-E.movie=L;}else{H.type="application/x-shockwave-flash";H.data=L;}var J='<object id="'+B+'"';for(var I in H){J+=" "+I+'="'+H[I]+'"';}J+=">";for(var C in E){if(E[C]){J+='<param name="'+C+'" value="'+E[C]+'" />';
-}}J+="</object>";this.object=((A)?A.empty():new Element("div")).set("html",J).firstChild;},replaces:function(A){A=$(A,true);A.parentNode.replaceChild(this.toElement(),A);
-return this;},inject:function(A){$(A,true).appendChild(this.toElement());return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].extend(arguments));
-}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>");
-return eval(rs);};var Fx=new Class({Implements:[Chain,Events,Options],options:{fps:50,unit:false,duration:500,link:"ignore",transition:function(A){return -(Math.cos(Math.PI*A)-1)/2;
-}},initialize:function(A){this.subject=this.subject||this;this.setOptions(A);this.options.duration=Fx.Durations[this.options.duration]||this.options.duration.toInt();
-var B=this.options.wait;if(B===false){this.options.link="cancel";}},step:function(){var A=$time();if(A<this.time+this.options.duration){var B=this.options.transition((A-this.time)/this.options.duration);
-this.set(this.compute(this.from,this.to,B));}else{this.set(this.compute(this.from,this.to,1));this.complete();}},set:function(A){return A;},compute:function(C,B,A){return Fx.compute(C,B,A);
-},check:function(A){if(!this.timer){return true;}switch(this.options.link){case"cancel":this.cancel();return true;case"chain":this.chain(A.bind(this,Array.slice(arguments,1)));
-return false;}return false;},start:function(B,A){if(!this.check(arguments.callee,B,A)){return this;}this.from=B;this.to=A;this.time=0;this.startTimer();
-this.onStart();return this;},complete:function(){if(this.stopTimer()){this.onComplete();}return this;},cancel:function(){if(this.stopTimer()){this.onCancel();
-}return this;},onStart:function(){this.fireEvent("start",this.subject);},onComplete:function(){this.fireEvent("complete",this.subject);if(!this.callChain()){this.fireEvent("chainComplete",this.subject);
-}},onCancel:function(){this.fireEvent("cancel",this.subject).clearChain();},pause:function(){this.stopTimer();return this;},resume:function(){this.startTimer();
-return this;},stopTimer:function(){if(!this.timer){return false;}this.time=$time()-this.time;this.timer=$clear(this.timer);return true;},startTimer:function(){if(this.timer){return false;
-}this.time=$time()-this.time;this.timer=this.step.periodical(Math.round(1000/this.options.fps),this);return true;}});Fx.compute=function(C,B,A){return(B-C)*A+C;
-};Fx.Durations={"short":250,normal:500,"long":1000};Fx.CSS=new Class({Extends:Fx,prepare:function(D,E,B){B=$splat(B);var C=B[1];if(!$chk(C)){B[1]=B[0];
-B[0]=D.getStyle(E);}var A=B.map(this.parse);return{from:A[0],to:A[1]};},parse:function(A){A=$lambda(A)();A=(typeof A=="string")?A.split(" "):$splat(A);
-return A.map(function(C){C=String(C);var B=false;Fx.CSS.Parsers.each(function(F,E){if(B){return ;}var D=F.parse(C);if($chk(D)){B={value:D,parser:F};}});
-B=B||{value:C,parser:Fx.CSS.Parsers.String};return B;});},compute:function(D,C,B){var A=[];(Math.min(D.length,C.length)).times(function(E){A.push({value:D[E].parser.compute(D[E].value,C[E].value,B),parser:D[E].parser});
-});A.$family={name:"fx:css:value"};return A;},serve:function(C,B){if($type(C)!="fx:css:value"){C=this.parse(C);}var A=[];C.each(function(D){A=A.concat(D.parser.serve(D.value,B));
-});return A;},render:function(A,D,C,B){A.setStyle(D,this.serve(C,B));},search:function(A){if(Fx.CSS.Cache[A]){return Fx.CSS.Cache[A];}var B={};Array.each(document.styleSheets,function(E,D){var C=E.href;
-if(C&&C.contains("://")&&!C.contains(document.domain)){return ;}var F=E.rules||E.cssRules;Array.each(F,function(I,G){if(!I.style){return ;}var H=(I.selectorText)?I.selectorText.replace(/^\w+/,function(J){return J.toLowerCase();
-}):null;if(!H||!H.test("^"+A+"$")){return ;}Element.Styles.each(function(K,J){if(!I.style[J]||Element.ShortStyles[J]){return ;}K=String(I.style[J]);B[J]=(K.test(/^rgb/))?K.rgbToHex():K;
-});});});return Fx.CSS.Cache[A]=B;}});Fx.CSS.Cache={};Fx.CSS.Parsers=new Hash({Color:{parse:function(A){if(A.match(/^#[0-9a-f]{3,6}$/i)){return A.hexToRgb(true);
-}return((A=A.match(/(\d+),\s*(\d+),\s*(\d+)/)))?[A[1],A[2],A[3]]:false;},compute:function(C,B,A){return C.map(function(E,D){return Math.round(Fx.compute(C[D],B[D],A));
-});},serve:function(A){return A.map(Number);}},Number:{parse:parseFloat,compute:Fx.compute,serve:function(B,A){return(A)?B+A:B;}},String:{parse:$lambda(false),compute:$arguments(1),serve:$arguments(0)}});
-Fx.Tween=new Class({Extends:Fx.CSS,initialize:function(B,A){this.element=this.subject=$(B);this.parent(A);},set:function(B,A){if(arguments.length==1){A=B;
-B=this.property||this.options.property;}this.render(this.element,B,A,this.options.unit);return this;},start:function(C,E,D){if(!this.check(arguments.callee,C,E,D)){return this;
-}var B=Array.flatten(arguments);this.property=this.options.property||B.shift();var A=this.prepare(this.element,this.property,B);return this.parent(A.from,A.to);
-}});Element.Properties.tween={set:function(A){var B=this.retrieve("tween");if(B){B.cancel();}return this.eliminate("tween").store("tween:options",$extend({link:"cancel"},A));
-},get:function(A){if(A||!this.retrieve("tween")){if(A||!this.retrieve("tween:options")){this.set("tween",A);}this.store("tween",new Fx.Tween(this,this.retrieve("tween:options")));
-}return this.retrieve("tween");}};Element.implement({tween:function(A,C,B){this.get("tween").start(arguments);return this;},fade:function(C){var E=this.get("tween"),D="opacity",A;
-C=$pick(C,"toggle");switch(C){case"in":E.start(D,1);break;case"out":E.start(D,0);break;case"show":E.set(D,1);break;case"hide":E.set(D,0);break;case"toggle":var B=this.retrieve("fade:flag",this.get("opacity")==1);
-E.start(D,(B)?0:1);this.store("fade:flag",!B);A=true;break;default:E.start(D,arguments);}if(!A){this.eliminate("fade:flag");}return this;},highlight:function(C,A){if(!A){A=this.retrieve("highlight:original",this.getStyle("background-color"));
-A=(A=="transparent")?"#fff":A;}var B=this.get("tween");B.start("background-color",C||"#ffff88",A).chain(function(){this.setStyle("background-color",this.retrieve("highlight:original"));
-B.callChain();}.bind(this));return this;}});Fx.Morph=new Class({Extends:Fx.CSS,initialize:function(B,A){this.element=this.subject=$(B);this.parent(A);},set:function(A){if(typeof A=="string"){A=this.search(A);
-}for(var B in A){this.render(this.element,B,A[B],this.options.unit);}return this;},compute:function(E,D,C){var A={};for(var B in E){A[B]=this.parent(E[B],D[B],C);
-}return A;},start:function(B){if(!this.check(arguments.callee,B)){return this;}if(typeof B=="string"){B=this.search(B);}var E={},D={};for(var C in B){var A=this.prepare(this.element,C,B[C]);
-E[C]=A.from;D[C]=A.to;}return this.parent(E,D);}});Element.Properties.morph={set:function(A){var B=this.retrieve("morph");if(B){B.cancel();}return this.eliminate("morph").store("morph:options",$extend({link:"cancel"},A));
-},get:function(A){if(A||!this.retrieve("morph")){if(A||!this.retrieve("morph:options")){this.set("morph",A);}this.store("morph",new Fx.Morph(this,this.retrieve("morph:options")));
-}return this.retrieve("morph");}};Element.implement({morph:function(A){this.get("morph").start(A);return this;}});(function(){var A=Fx.prototype.initialize;
-Fx.prototype.initialize=function(B){A.call(this,B);var C=this.options.transition;if(typeof C=="string"&&(C=C.split(":"))){var D=Fx.Transitions;D=D[C[0]]||D[C[0].capitalize()];
-if(C[1]){D=D["ease"+C[1].capitalize()+(C[2]?C[2].capitalize():"")];}this.options.transition=D;}};})();Fx.Transition=function(B,A){A=$splat(A);return $extend(B,{easeIn:function(C){return B(C,A);
-},easeOut:function(C){return 1-B(1-C,A);},easeInOut:function(C){return(C<=0.5)?B(2*C,A)/2:(2-B(2*(1-C),A))/2;}});};Fx.Transitions=new Hash({linear:$arguments(0)});
-Fx.Transitions.extend=function(A){for(var B in A){Fx.Transitions[B]=new Fx.Transition(A[B]);}};Fx.Transitions.extend({Pow:function(B,A){return Math.pow(B,A[0]||6);
-},Expo:function(A){return Math.pow(2,8*(A-1));},Circ:function(A){return 1-Math.sin(Math.acos(A));},Sine:function(A){return 1-Math.sin((1-A)*Math.PI/2);
-},Back:function(B,A){A=A[0]||1.618;return Math.pow(B,2)*((A+1)*B-A);},Bounce:function(D){var C;for(var B=0,A=1;1;B+=A,A/=2){if(D>=(7-4*B)/11){C=-Math.pow((11-6*B-11*D)/4,2)+A*A;
-break;}}return C;},Elastic:function(B,A){return Math.pow(2,10*--B)*Math.cos(20*B*Math.PI*(A[0]||1)/3);}});["Quad","Cubic","Quart","Quint"].each(function(B,A){Fx.Transitions[B]=new Fx.Transition(function(C){return Math.pow(C,[A+2]);
-});});var Request=new Class({Implements:[Chain,Events,Options],options:{url:"",data:"",headers:{"X-Requested-With":"XMLHttpRequest",Accept:"text/javascript, text/html, application/xml, text/xml, */*"},async:true,format:false,method:"post",link:"ignore",isSuccess:null,emulation:true,urlEncoded:true,encoding:"utf-8",evalScripts:false,evalResponse:false},initialize:function(A){this.xhr=new Browser.Request();
-this.setOptions(A);this.options.isSuccess=this.options.isSuccess||this.isSuccess;this.headers=new Hash(this.options.headers);},onStateChange:function(){if(this.xhr.readyState!=4||!this.running){return ;
-}this.running=false;this.status=0;$try(function(){this.status=this.xhr.status;}.bind(this));if(this.options.isSuccess.call(this,this.status)){this.response={text:this.xhr.responseText,xml:this.xhr.responseXML};
-this.success(this.response.text,this.response.xml);}else{this.response={text:null,xml:null};this.failure();}this.xhr.onreadystatechange=$empty;},isSuccess:function(){return((this.status>=200)&&(this.status<300));
-},processScripts:function(A){if(this.options.evalResponse||(/(ecma|java)script/).test(this.getHeader("Content-type"))){return $exec(A);}return A.stripScripts(this.options.evalScripts);
-},success:function(B,A){this.onSuccess(this.processScripts(B),A);},onSuccess:function(){this.fireEvent("complete",arguments).fireEvent("success",arguments).callChain();
-},failure:function(){this.onFailure();},onFailure:function(){this.fireEvent("complete").fireEvent("failure",this.xhr);},setHeader:function(A,B){this.headers.set(A,B);
-return this;},getHeader:function(A){return $try(function(){return this.xhr.getResponseHeader(A);}.bind(this));},check:function(A){if(!this.running){return true;
-}switch(this.options.link){case"cancel":this.cancel();return true;case"chain":this.chain(A.bind(this,Array.slice(arguments,1)));return false;}return false;
-},send:function(I){if(!this.check(arguments.callee,I)){return this;}this.running=true;var G=$type(I);if(G=="string"||G=="element"){I={data:I};}var D=this.options;
-I=$extend({data:D.data,url:D.url,method:D.method},I);var E=I.data,B=I.url,A=I.method;switch($type(E)){case"element":E=$(E).toQueryString();break;case"object":case"hash":E=Hash.toQueryString(E);
-}if(this.options.format){var H="format="+this.options.format;E=(E)?H+"&"+E:H;}if(this.options.emulation&&["put","delete"].contains(A)){var F="_method="+A;
-E=(E)?F+"&"+E:F;A="post";}if(this.options.urlEncoded&&A=="post"){var C=(this.options.encoding)?"; charset="+this.options.encoding:"";this.headers.set("Content-type","application/x-www-form-urlencoded"+C);
-}if(E&&A=="get"){B=B+(B.contains("?")?"&":"?")+E;E=null;}this.xhr.open(A.toUpperCase(),B,this.options.async);this.xhr.onreadystatechange=this.onStateChange.bind(this);
-this.headers.each(function(K,J){if(!$try(function(){this.xhr.setRequestHeader(J,K);return true;}.bind(this))){this.fireEvent("exception",[J,K]);}},this);
-this.fireEvent("request");this.xhr.send(E);if(!this.options.async){this.onStateChange();}return this;},cancel:function(){if(!this.running){return this;
-}this.running=false;this.xhr.abort();this.xhr.onreadystatechange=$empty;this.xhr=new Browser.Request();this.fireEvent("cancel");return this;}});(function(){var A={};
-["get","post","put","delete","GET","POST","PUT","DELETE"].each(function(B){A[B]=function(){var C=Array.link(arguments,{url:String.type,data:$defined});
-return this.send($extend(C,{method:B.toLowerCase()}));};});Request.implement(A);})();Element.Properties.send={set:function(A){var B=this.retrieve("send");
-if(B){B.cancel();}return this.eliminate("send").store("send:options",$extend({data:this,link:"cancel",method:this.get("method")||"post",url:this.get("action")},A));
-},get:function(A){if(A||!this.retrieve("send")){if(A||!this.retrieve("send:options")){this.set("send",A);}this.store("send",new Request(this.retrieve("send:options")));
-}return this.retrieve("send");}};Element.implement({send:function(A){var B=this.get("send");B.send({data:this,url:A||B.options.url});return this;}});Request.HTML=new Class({Extends:Request,options:{update:false,evalScripts:true,filter:false},processHTML:function(C){var B=C.match(/<body[^>]*>([\s\S]*?)<\/body>/i);
-C=(B)?B[1]:C;var A=new Element("div");return $try(function(){var D="<root>"+C+"</root>",G;if(Browser.Engine.trident){G=new ActiveXObject("Microsoft.XMLDOM");
-G.async=false;G.loadXML(D);}else{G=new DOMParser().parseFromString(D,"text/xml");}D=G.getElementsByTagName("root")[0];for(var F=0,E=D.childNodes.length;
-F<E;F++){var H=Element.clone(D.childNodes[F],true,true);if(H){A.grab(H);}}return A;})||A.set("html",C);},success:function(D){var C=this.options,B=this.response;
-B.html=D.stripScripts(function(E){B.javascript=E;});var A=this.processHTML(B.html);B.tree=A.childNodes;B.elements=A.getElements("*");if(C.filter){B.tree=B.elements.filter(C.filter);
-}if(C.update){$(C.update).empty().adopt(B.tree);}if(C.evalScripts){$exec(B.javascript);}this.onSuccess(B.tree,B.elements,B.html,B.javascript);}});Element.Properties.load={set:function(A){var B=this.retrieve("load");
-if(B){send.cancel();}return this.eliminate("load").store("load:options",$extend({data:this,link:"cancel",update:this,method:"get"},A));},get:function(A){if(A||!this.retrieve("load")){if(A||!this.retrieve("load:options")){this.set("load",A);
-}this.store("load",new Request.HTML(this.retrieve("load:options")));}return this.retrieve("load");}};Element.implement({load:function(){this.get("load").send(Array.link(arguments,{data:Object.type,url:String.type}));
-return this;}});Request.JSON=new Class({Extends:Request,options:{secure:true},initialize:function(A){this.parent(A);this.headers.extend({Accept:"application/json","X-Request":"JSON"});
-},success:function(A){this.response.json=JSON.decode(A,this.options.secure);this.onSuccess(this.response.json,A);}});
diff --git a/src/medsrv/templates/static/script.js b/src/medsrv/templates/static/script.js
deleted file mode 100644
index f2ab1e009..000000000
--- a/src/medsrv/templates/static/script.js
+++ /dev/null
@@ -1,13 +0,0 @@
-window.addEvent('domready', function() {
- $$('.focus').each(function(e){e.focus();});
- $$('table.list tr:nth-child(2n) td').each(function(e){e.set('class', 'even');});
- $$('table.list tr:nth-child(2n+1) td').each(function(e){e.set('class', 'odd');});
- $$('table.list tr th').each(function(e){e.set('class', 'head');});
- $$('table.list tr td').each(function(e){e.addEvents({
- 'click': function(){
- location.href = this.getChildren('a')[0].get('href');
- }
- })});
-});
-
-
diff --git a/src/medsrv/templates/static/style.css b/src/medsrv/templates/static/style.css
index e109ce278..cb7f30398 100644
--- a/src/medsrv/templates/static/style.css
+++ b/src/medsrv/templates/static/style.css
@@ -104,29 +104,25 @@ a img {
color: #dd0000;
}
-.even {
- cursor : pointer;
-}
-
-.even a, .odd a {
- text-decoration: none;
+table.list * {
+ padding: 0px 1em 0px 0.2em;
}
-.odd {
- background-color: #f2cd6f;
- cursor : pointer;
+table.list tr td, table.list tr th {
+ border: solid 1px;
+ border-color: black;
}
-.head {
+table.list tr th {
background-color: #ffec9e;
}
-table.list * {
- padding: 0px 1em 0px 0.2em;
+table.list tr:nth-child(odd) td {
+ background-color: #f2cd6f;
}
-table.list tr td, table.list tr th {
- border: solid 1px;
- border-color: black;
+table.list tr td a {
+ text-decoration: none;
+ display: inline-block;
+ width: 100%;
}
-
diff --git a/src/medsrv/templates/user/add.cs b/src/medsrv/templates/user/add.cs
index 8ba4e5c96..82442c543 100644
--- a/src/medsrv/templates/user/add.cs
+++ b/src/medsrv/templates/user/add.cs
@@ -6,7 +6,7 @@
<table class="user">
<tr>
<td><label for="new_login">Username</label></td>
- <td><input type="text" id="new_login" name="new_login" class="focus" maxlength="30" value="<?cs var:new_login ?>"/></td>
+ <td><input type="text" id="new_login" name="new_login" autofocus maxlength="30" value="<?cs var:new_login ?>"/></td>
</tr>
<tr>
<td><label for="new_password">Password</label></td>
diff --git a/src/medsrv/templates/user/login.cs b/src/medsrv/templates/user/login.cs
index 1d6eadbbc..fbf5b8bd7 100644
--- a/src/medsrv/templates/user/login.cs
+++ b/src/medsrv/templates/user/login.cs
@@ -6,7 +6,7 @@
<table class="user">
<tr>
<td><label for="login">Username</label></td>
- <td><input type="text" id="login" name="login" size="30" maxlength="30" class="focus"/></td>
+ <td><input type="text" id="login" name="login" size="30" maxlength="30" autofocus /></td>
</tr>
<tr>
<td><label for="password">Password</label></td>
diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 7099977f2..4f850d6d1 100644
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -278,7 +278,8 @@ static void __attribute__ ((constructor))reg()
{"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex",
" --issuercert file [--serial hex] [--lifetime hours]",
" [--not-before datetime] [--not-after datetime] [--dateform form]",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "holder certificate, default: stdin"},
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 2dc9fcce3..fdc43d705 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -588,7 +588,8 @@ static void __attribute__ ((constructor))reg()
"[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "key/request file to issue, default: stdin"},
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index da991b505..68d611250 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -196,7 +196,8 @@ static void __attribute__ ((constructor))reg()
"create a PKCS#10 certificate request",
{" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index a785c2a0c..f4e83c76c 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -425,7 +425,8 @@ static void __attribute__ ((constructor))reg()
"[--policy-map issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 720dfd8a9..6c27289f9 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -451,7 +451,7 @@ static void __attribute__ ((constructor))reg()
" [[--reason key-compromise|ca-compromise|affiliation-changed|",
" superseded|cessation-of-operation|certificate-hold]",
" [--date timestamp] --cert file|--serial hex]*",
- " [--digest md5|sha1|sha224|sha256|sha384|sha512]",
+ " [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
" [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/scepclient/scepclient.8 b/src/scepclient/scepclient.8
index bf71bf85c..78ce5c628 100644
--- a/src/scepclient/scepclient.8
+++ b/src/scepclient/scepclient.8
@@ -289,14 +289,5 @@ The challenge password is '5xH2pnT7wq'. The encryption and signature check has t
caCert.der.
.RE
-
.SH "BUGS"
\fB\-\-optionsfrom\fP seems to have parsing problems reading option files containing strings in quotation marks.
-.SH "COPYRIGHT"
-Copyright (C) 2005 Jan Hutter, Martin Willi
-.br
-Hochschule fuer Technik Rapperswil
-.PP
-This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-.PP
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
diff --git a/src/swanctl/commands/list_pools.c b/src/swanctl/commands/list_pools.c
index 155771657..429107e17 100644
--- a/src/swanctl/commands/list_pools.c
+++ b/src/swanctl/commands/list_pools.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2015 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
@@ -19,8 +22,22 @@
#include "command.h"
+CALLBACK(list_leases, int,
+ char *pool, vici_res_t *res, char *name)
+{
+ if (streq(name, "leases"))
+ {
+ return vici_parse_cb(res, list_leases, NULL, NULL, pool);
+ }
+ printf(" %-30s %-8s '%s'\n",
+ vici_find_str(res, "", "%s.leases.%s.address", pool, name),
+ vici_find_str(res, "", "%s.leases.%s.status", pool, name),
+ vici_find_str(res, "", "%s.leases.%s.identity", pool, name));
+ return 0;
+}
+
CALLBACK(list_pool, int,
- linked_list_t *list, vici_res_t *res, char *name)
+ void *not_used, vici_res_t *res, char *name)
{
char pool[64], leases[32];
@@ -33,7 +50,7 @@ CALLBACK(list_pool, int,
printf("%-20s %-30s %16s\n",
name, vici_find_str(res, "", "%s.base", name), leases);
- return 0;
+ return vici_parse_cb(res, list_leases, NULL, NULL, name);
}
static int list_pools(vici_conn_t *conn)
@@ -43,6 +60,7 @@ static int list_pools(vici_conn_t *conn)
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg;
int ret = 0;
+ bool leases = FALSE;
while (TRUE)
{
@@ -56,6 +74,9 @@ static int list_pools(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'l':
+ leases = TRUE;
+ continue;
case EOF:
break;
default:
@@ -65,6 +86,10 @@ static int list_pools(vici_conn_t *conn)
}
req = vici_begin("get-pools");
+ if (leases)
+ {
+ vici_add_key_valuef(req, "leases", "yes");
+ }
res = vici_submit(req, conn);
if (!res)
{
@@ -92,11 +117,12 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
list_pools, 'A', "list-pools", "list loaded pool configurations",
- {"[--raw|--pretty]"},
+ {"[--leases] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"leases", 'l', 0, "list leases of each pool"},
}
});
}
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 1aca6d212..93dd7ed85 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -198,8 +198,14 @@ CALLBACK(ike_sa, int,
ike->get(ike, "state"), ike->get(ike, "version"),
ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi"));
- printf(" local '%s' @ %s\n",
+ printf(" local '%s' @ %s",
ike->get(ike, "local-id"), ike->get(ike, "local-host"));
+ if (ike->get(ike, "local-vips"))
+ {
+ printf(" [%s]", ike->get(ike, "local-vips"));
+ }
+ printf("\n");
+
printf(" remote '%s' @ %s",
ike->get(ike, "remote-id"), ike->get(ike, "remote-host"));
if (ike->get(ike, "remote-eap-id"))
@@ -210,6 +216,10 @@ CALLBACK(ike_sa, int,
{
printf(" XAuth: '%s'", ike->get(ike, "remote-xauth-id"));
}
+ if (ike->get(ike, "remote-vips"))
+ {
+ printf(" [%s]", ike->get(ike, "remote-vips"));
+ }
printf("\n");
if (ike->get(ike, "encr-alg"))