diff options
Diffstat (limited to 'src')
517 files changed, 13791 insertions, 14650 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index e2747c300..6eacbe293 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -88,10 +88,6 @@ if USE_CONFTEST SUBDIRS += conftest endif -if USE_DUMM - SUBDIRS += dumm -endif - if USE_FAST SUBDIRS += libfast endif diff --git a/src/Makefile.in b/src/Makefile.in index 9aa3cb166..24c8414d8 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -109,21 +109,20 @@ host_triplet = @host@ @USE_PKI_TRUE@am__append_20 = pki @USE_SWANCTL_TRUE@am__append_21 = swanctl @USE_CONFTEST_TRUE@am__append_22 = conftest -@USE_DUMM_TRUE@am__append_23 = dumm -@USE_FAST_TRUE@am__append_24 = libfast -@USE_MANAGER_TRUE@am__append_25 = manager -@USE_MEDSRV_TRUE@am__append_26 = medsrv -@USE_ATTR_SQL_TRUE@am__append_27 = pool -@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_28 = pool -@USE_TKM_TRUE@am__append_29 = charon-tkm -@USE_CMD_TRUE@am__append_30 = charon-cmd -@USE_SVC_TRUE@am__append_31 = charon-svc -@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client -@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector -@USE_IMV_SWIMA_TRUE@am__append_34 = sec-updater -@USE_INTEGRITY_TEST_TRUE@am__append_35 = checksum -@USE_AIKGEN_TRUE@am__append_36 = aikgen -@USE_TPM_TRUE@am__append_37 = tpm_extendpcr +@USE_FAST_TRUE@am__append_23 = libfast +@USE_MANAGER_TRUE@am__append_24 = manager +@USE_MEDSRV_TRUE@am__append_25 = medsrv +@USE_ATTR_SQL_TRUE@am__append_26 = pool +@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_27 = pool +@USE_TKM_TRUE@am__append_28 = charon-tkm +@USE_CMD_TRUE@am__append_29 = charon-cmd +@USE_SVC_TRUE@am__append_30 = charon-svc +@USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client +@USE_IMC_SWIMA_TRUE@am__append_32 = sw-collector +@USE_IMV_SWIMA_TRUE@am__append_33 = sec-updater +@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum +@USE_AIKGEN_TRUE@am__append_35 = aikgen +@USE_TPM_TRUE@am__append_36 = tpm_extendpcr subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -200,7 +199,7 @@ CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ libradius libtncif libtnccs libpttls libtpmtss libimcv \ libcharon starter ipsec _copyright charon charon-systemd \ - charon-nm stroke _updown scepclient pki swanctl conftest dumm \ + charon-nm stroke _updown scepclient pki swanctl conftest \ libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ pt-tls-client sw-collector sec-updater checksum aikgen \ tpm_extendpcr @@ -330,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -356,6 +354,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -376,8 +376,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -432,8 +430,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -462,8 +458,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -480,8 +480,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) $(am__append_35) $(am__append_36) \ - $(am__append_37) + $(am__append_34) $(am__append_35) $(am__append_36) all: all-recursive .SUFFIXES: diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index af7a95df3..29a6f756c 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -279,7 +279,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -305,6 +304,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -325,8 +326,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -381,8 +380,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -411,8 +408,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 86aca5ff9..a4979b679 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -257,7 +257,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -283,6 +282,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -303,8 +304,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -359,8 +358,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -389,8 +386,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 7986a1d09..1ef4d4f94 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -306,6 +305,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -326,8 +327,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -382,8 +381,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -412,8 +409,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index b9fe0b7f6..20984c4ad 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -343,6 +342,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -363,8 +364,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -419,8 +418,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,8 +446,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 3cff97e7c..f5258ccf7 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index a12f008a7..fb9044d29 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -698,7 +698,7 @@ static gboolean need_secrets(NMVpnServicePlugin *plugin, NMConnection *connectio /* try to load/decrypt the private key */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, - KEY_RSA, BUILD_FROM_FILE, path, BUILD_END); + KEY_ANY, BUILD_FROM_FILE, path, BUILD_END); if (key) { key->destroy(key); diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 8da578457..27a006b8a 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -306,6 +305,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -326,8 +327,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -382,8 +381,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -412,8 +409,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index f28204b33..35ae48d3a 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -284,7 +284,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -310,6 +309,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -330,8 +331,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -386,8 +385,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -416,8 +413,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c index 5a1970b92..d06c26974 100644 --- a/src/charon-systemd/charon-systemd.c +++ b/src/charon-systemd/charon-systemd.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2014 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -79,9 +79,9 @@ typedef struct journal_logger_t journal_logger_t; struct journal_logger_t { /** - * Implements logger_t + * Public interface */ - logger_t logger; + custom_logger_t public; /** * Configured loglevels @@ -171,66 +171,37 @@ METHOD(logger_t, get_level, level_t, return level; } -/** - * Reload journal logger configuration - */ -CALLBACK(journal_reload, bool, - journal_logger_t **journal) +METHOD(custom_logger_t, set_level, void, + journal_logger_t *this, debug_t group, level_t level) { - journal_logger_t *this = *journal; - debug_t group; - level_t def; - - def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns); - this->lock->write_lock(this->lock); - for (group = 0; group < DBG_MAX; group++) - { - this->levels[group] = - lib->settings->get_int(lib->settings, - "%s.journal.%N", def, lib->ns, debug_lower_names, group); - } + this->levels[group] = level; this->lock->unlock(this->lock); +} - charon->bus->add_logger(charon->bus, &this->logger); - - return TRUE; +METHOD(custom_logger_t, logger_destroy, void, + journal_logger_t *this) +{ + this->lock->destroy(this->lock); + free(this); } -/** - * Initialize/deinitialize journal logger - */ -static bool journal_register(void *plugin, plugin_feature_t *feature, - bool reg, journal_logger_t **logger) +static custom_logger_t *journal_logger_create(const char *name) { journal_logger_t *this; - if (reg) - { - INIT(this, + INIT(this, + .public = { .logger = { .vlog = _vlog, .get_level = _get_level, }, - .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), - ); - - journal_reload(&this); - - *logger = this; - return TRUE; - } - else - { - this = *logger; - - charon->bus->remove_logger(charon->bus, &this->logger); - - this->lock->destroy(this->lock); - free(this); - - return TRUE; - } + .set_level = _set_level, + .destroy = _logger_destroy, + }, + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + return &this->public; } /** @@ -328,19 +299,6 @@ static void segv_handler(int signal) } /** - * The journal logger instance - */ -static journal_logger_t *journal; - -/** - * Journal static features - */ -static plugin_feature_t features[] = { - PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal), - PLUGIN_PROVIDE(CUSTOM, "systemd-journal"), -}; - -/** * Add namespace alias */ static void __attribute__ ((constructor))register_namespace() @@ -350,6 +308,14 @@ static void __attribute__ ((constructor))register_namespace() } /** + * Register journal logger + */ +static void __attribute__ ((constructor))register_logger() +{ + register_custom_logger("journal", journal_logger_create); +} + +/** * Main function, starts the daemon. */ int main(int argc, char *argv[]) @@ -390,10 +356,15 @@ int main(int argc, char *argv[]) sd_notifyf(0, "STATUS=unknown uid/gid"); return SS_RC_INITIALIZATION_FAILED; } - charon->load_loggers(charon); + /* we registered the journal logger as custom logger, which gets its + * settings from <ns>.customlog.journal, let it fallback to <ns>.journal */ + lib->settings->add_fallback(lib->settings, "%s.customlog.journal", + "%s.journal", lib->ns); + /* load the journal logger by default */ + lib->settings->set_default_str(lib->settings, "%s.journal.default", "1", + lib->ns); - lib->plugins->add_static_features(lib->plugins, lib->ns, features, - countof(features), TRUE, journal_reload, &journal); + charon->load_loggers(charon); if (!charon->initialize(charon, lib->settings->get_str(lib->settings, "%s.load", PLUGINS, lib->ns))) diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index c2762f031..bb6bde8d9 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -253,6 +252,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -273,8 +274,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -329,8 +328,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -359,8 +356,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 71ad821dd..1107c2219 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -385,8 +385,8 @@ METHOD(keymat_t, get_aead, aead_t*, METHOD(keymat_v2_t, get_auth_octets, bool, private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets, - array_t *schemes) + chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3], + chunk_t *octets, array_t *schemes) { sign_info_t *sign; @@ -428,7 +428,8 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t, METHOD(keymat_v2_t, get_psk_sig, bool, private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, - chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig) + chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3], + chunk_t *sig) { return FALSE; } @@ -522,6 +523,7 @@ tkm_keymat_t *tkm_keymat_create(bool initiator) .destroy = _destroy, }, .derive_ike_keys = _derive_ike_keys, + .derive_ike_keys_ppk = (void*)return_false, .derive_child_keys = _derive_child_keys, .get_skd = _get_skd, .get_auth_octets = _get_auth_octets, diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 14bde277c..b631742cc 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -283,7 +283,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -309,6 +308,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -329,8 +330,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -385,8 +384,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -415,8 +412,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/charon/charon.c b/src/charon/charon.c index 180486746..19f6c4cf7 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -231,15 +231,24 @@ static bool check_pidfile() DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s", strerror(errno)); } - /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise, - * directory permissions should allow pidfile to be accessed - * by the UID/GID under which the charon daemon will run. */ + /* Only change owner of the pidfile if we have CAP_CHOWN. Otherwise, + * attempt to change group of pidfile to group under which charon + * runs after dropping caps. This requires the user that charon + * starts as to: + * a) Have write access to the socket dir. + * b) Belong to the group that charon will run under after dropping + * caps. */ if (lib->caps->check(lib->caps, CAP_CHOWN)) { ignore_result(fchown(fd, lib->caps->get_uid(lib->caps), lib->caps->get_gid(lib->caps))); } + else + { + ignore_result(fchown(fd, -1, + lib->caps->get_gid(lib->caps))); + } fprintf(pidfile, "%d\n", getpid()); fflush(pidfile); return FALSE; diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index f46302994..a262ba087 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -381,6 +380,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -401,8 +402,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -457,8 +456,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -487,8 +484,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 1ea430c63..a831eb6ee 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -297,7 +297,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -323,6 +322,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -343,8 +344,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -399,8 +398,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -429,8 +426,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/conftest/README b/src/conftest/README index d37539a16..404b2d1e5 100644 --- a/src/conftest/README +++ b/src/conftest/README @@ -100,7 +100,7 @@ The IKE_SA configuration uses the following options (as key/value pairs): scenario rsa_strength: Connection requires a trustchain with RSA keys of given bits ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits - cert_policy: Connection requries a certificate with the given OID policy + cert_policy: Connection requires a certificate with the given OID policy named_pool: Name of an IP pool defined e.g. in a database backend The following CHILD_SA specific configuration options are supported: diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 4be6f45db..5a86c5392 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -237,8 +237,8 @@ static bool build_auth(private_pretend_auth_t *this, return FALSE; } keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); - if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, - this->nonce, this->id, this->reserved, + if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, this->nonce, + chunk_empty, this->id, this->reserved, &octets, NULL)) { private->destroy(private); diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index bc20292a1..5676e307b 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -136,8 +136,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, return FALSE; } keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); - if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, - this->nonce, id, reserved, &octets, NULL)) + if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, this->nonce, + chunk_empty, id, reserved, &octets, NULL)) { private->destroy(private); id->destroy(id); diff --git a/src/dumm/Makefile.am b/src/dumm/Makefile.am deleted file mode 100644 index 0d1cfb704..000000000 --- a/src/dumm/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -EXTRA_DIST = ext/dumm.c ext/README \ - ext/lib/dumm.rb ext/lib/dumm/guest.rb - -ipseclib_LTLIBRARIES = libdumm.la -ipsec_PROGRAMS = dumm irdumm - -libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \ - bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c -dumm_SOURCES = main.c -irdumm_SOURCES = irdumm.c - -libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la -dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la - -AM_CPPFLAGS = \ - -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan - -dumm_CFLAGS = ${gtk_CFLAGS} -irdumm_CFLAGS = ${ruby_CFLAGS} - -all-local: ext - -clean-local: - (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true) - -install-data-local: - (test -f ext/Makefile && cd ext && $(MAKE) install) - -ext: libdumm.la - (cd ext && $(RUBY) extconf.rb && $(MAKE)) - -.PHONY: ext diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in deleted file mode 100644 index 50b0abb64..000000000 --- a/src/dumm/Makefile.in +++ /dev/null @@ -1,914 +0,0 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2014 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT) -subdir = src/dumm -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" -LTLIBRARIES = $(ipseclib_LTLIBRARIES) -libdumm_la_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la -am_libdumm_la_OBJECTS = dumm.lo guest.lo iface.lo bridge.lo \ - mconsole.lo cowfs.lo -libdumm_la_OBJECTS = $(am_libdumm_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -PROGRAMS = $(ipsec_PROGRAMS) -am_dumm_OBJECTS = dumm-main.$(OBJEXT) -dumm_OBJECTS = $(am_dumm_OBJECTS) -am__DEPENDENCIES_1 = -dumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/libstrongswan/libstrongswan.la -dumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumm_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -am_irdumm_OBJECTS = irdumm-irdumm.$(OBJEXT) -irdumm_OBJECTS = $(am_irdumm_OBJECTS) -irdumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(irdumm_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES) -DIST_SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ATOMICLIB = @ATOMICLIB@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -EASY_INSTALL = @EASY_INSTALL@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ -GEM = @GEM@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -PY_TEST = @PY_TEST@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYGEMDIR = @RUBYGEMDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -json_CFLAGS = @json_CFLAGS@ -json_LIBS = @json_LIBS@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libfuzzer = @libfuzzer@ -libiptc_CFLAGS = @libiptc_CFLAGS@ -libiptc_LIBS = @libiptc_LIBS@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -p_plugins = @p_plugins@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ -runstatedir = @runstatedir@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemd_CFLAGS = @systemd_CFLAGS@ -systemd_LIBS = @systemd_LIBS@ -systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ -systemd_daemon_LIBS = @systemd_daemon_LIBS@ -systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ -systemd_journal_LIBS = @systemd_journal_LIBS@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -tss2_CFLAGS = @tss2_CFLAGS@ -tss2_LIBS = @tss2_LIBS@ -tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ -tss2_socket_LIBS = @tss2_socket_LIBS@ -tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ -tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -EXTRA_DIST = ext/dumm.c ext/README \ - ext/lib/dumm.rb ext/lib/dumm/guest.rb - -ipseclib_LTLIBRARIES = libdumm.la -libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \ - bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c - -dumm_SOURCES = main.c -irdumm_SOURCES = irdumm.c -libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la -dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la -AM_CPPFLAGS = \ - -D_FILE_OFFSET_BITS=64 \ - -I$(top_srcdir)/src/libstrongswan - -dumm_CFLAGS = ${gtk_CFLAGS} -irdumm_CFLAGS = ${ruby_CFLAGS} -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/dumm/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ - } - -uninstall-ipseclibLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ - done - -clean-ipseclibLTLIBRARIES: - -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) - @list='$(ipseclib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libdumm.la: $(libdumm_la_OBJECTS) $(libdumm_la_DEPENDENCIES) $(EXTRA_libdumm_la_DEPENDENCIES) - $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libdumm_la_OBJECTS) $(libdumm_la_LIBADD) $(LIBS) -install-ipsecPROGRAMS: $(ipsec_PROGRAMS) - @$(NORMAL_INSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-ipsecPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files - -clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - -dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) $(EXTRA_dumm_DEPENDENCIES) - @rm -f dumm$(EXEEXT) - $(AM_V_CCLD)$(dumm_LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) - -irdumm$(EXEEXT): $(irdumm_OBJECTS) $(irdumm_DEPENDENCIES) $(EXTRA_irdumm_DEPENDENCIES) - @rm -f irdumm$(EXEEXT) - $(AM_V_CCLD)$(irdumm_LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bridge.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cowfs.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm-main.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/guest.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm-irdumm.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mconsole.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -dumm-main.o: main.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.o -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c - -dumm-main.obj: main.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.obj -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` - -irdumm-irdumm.o: irdumm.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.o -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c - -irdumm-irdumm.obj: irdumm.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.obj -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi` - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local -installdirs: - for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \ - clean-libtool clean-local mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-data-local install-ipsecPROGRAMS \ - install-ipseclibLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-am clean \ - clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \ - clean-libtool clean-local cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-local install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-ipsecPROGRAMS \ - install-ipseclibLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \ - uninstall-ipseclibLTLIBRARIES - -.PRECIOUS: Makefile - - -all-local: ext - -clean-local: - (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true) - -install-data-local: - (test -f ext/Makefile && cd ext && $(MAKE) install) - -ext: libdumm.la - (cd ext && $(RUBY) extconf.rb && $(MAKE)) - -.PHONY: ext - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c deleted file mode 100644 index 536e27515..000000000 --- a/src/dumm/bridge.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <sys/types.h> -#include <netinet/in.h> -#include <libbridge.h> - -#include <utils/debug.h> -#include <collections/linked_list.h> - -#include "bridge.h" - -typedef struct private_bridge_t private_bridge_t; - -struct private_bridge_t { - /** public interface */ - bridge_t public; - /** device name */ - char *name; - /** list of attached interfaces */ - linked_list_t *ifaces; -}; - -/** - * defined in iface.c - */ -bool iface_control(char *name, bool up); - -METHOD(bridge_t, get_name, char*, - private_bridge_t *this) -{ - return this->name; -} - -METHOD(bridge_t, create_iface_enumerator, enumerator_t*, - private_bridge_t *this) -{ - return this->ifaces->create_enumerator(this->ifaces); -} - -METHOD(bridge_t, disconnect_iface, bool, - private_bridge_t *this, iface_t *iface) -{ - enumerator_t *enumerator; - iface_t *current = NULL; - bool good = FALSE; - - enumerator = this->ifaces->create_enumerator(this->ifaces); - while (enumerator->enumerate(enumerator, (void**)¤t)) - { - if (current == iface) - { - if (br_del_interface(this->name, iface->get_hostif(iface)) != 0) - { - DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel" - " failed: %m", iface->get_hostif(iface), this->name); - } - else - { - iface->set_bridge(iface, NULL); - this->ifaces->remove_at(this->ifaces, enumerator); - good = TRUE; - } - break; - } - } - if (iface != current) - { - DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'", - iface->get_hostif(iface), this->name); - } - enumerator->destroy(enumerator); - return good; -} - -METHOD(bridge_t, connect_iface, bool, - private_bridge_t *this, iface_t *iface) -{ - if (br_add_interface(this->name, iface->get_hostif(iface)) != 0) - { - DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m", - iface->get_hostif(iface), this->name); - return FALSE; - } - iface->set_bridge(iface, &this->public); - this->ifaces->insert_last(this->ifaces, iface); - return TRUE; -} - -/** - * instance counter to (de-)initialize libbridge - */ -static int instances = 0; - -METHOD(bridge_t, destroy, void, - private_bridge_t *this) -{ - enumerator_t *enumerator; - iface_t *iface; - - enumerator = this->ifaces->create_enumerator(this->ifaces); - while (enumerator->enumerate(enumerator, (void**)&iface)) - { - if (br_del_interface(this->name, iface->get_hostif(iface)) != 0) - { - DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m", - iface->get_hostif(iface)); - } - iface->set_bridge(iface, NULL); - } - enumerator->destroy(enumerator); - this->ifaces->destroy(this->ifaces); - iface_control(this->name, FALSE); - if (br_del_bridge(this->name) != 0) - { - DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m", - this->name); - } - free(this->name); - free(this); - if (--instances == 0) - { - br_shutdown(); - } -} - -/** - * create the bridge instance - */ -bridge_t *bridge_create(char *name) -{ - private_bridge_t *this; - - if (instances == 0) - { - if (br_init() != 0) - { - DBG1(DBG_LIB, "libbridge initialization failed: %m"); - return NULL; - } - } - - INIT(this, - .public = { - .get_name = _get_name, - .create_iface_enumerator = _create_iface_enumerator, - .disconnect_iface = _disconnect_iface, - .connect_iface = _connect_iface, - .destroy = _destroy, - } - ); - - if (br_add_bridge(name) != 0) - { - DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name); - free(this); - return NULL; - } - if (!iface_control(name, TRUE)) - { - DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name); - } - - this->name = strdup(name); - this->ifaces = linked_list_create(); - - instances++; - return &this->public; -} diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h deleted file mode 100644 index 5069cfd1b..000000000 --- a/src/dumm/bridge.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef BRIDGE_H -#define BRIDGE_H - -#include <library.h> -#include <collections/enumerator.h> - -typedef struct bridge_t bridge_t; - -#include "iface.h" - -/** - * Interface in a guest, connected to a tap device on the host. - */ -struct bridge_t { - - /** - * Get the name of the bridge. - * - * @return name of the bridge - */ - char* (*get_name)(bridge_t *this); - - /** - * Add an interface to a bridge. - * - * @param iface interface to add - * @return TRUE if interface added - */ - bool (*connect_iface)(bridge_t *this, iface_t *iface); - - /** - * Remove an interface from a bridge. - * - * @param iface interface to remove - * @return TRUE if interface removed - */ - bool (*disconnect_iface)(bridge_t *this, iface_t *iface); - - /** - * Create an enumerator over all interfaces. - * - * @return enumerator over iface_t's - */ - enumerator_t* (*create_iface_enumerator)(bridge_t *this); - - /** - * Destroy a bridge - */ - void (*destroy) (bridge_t *this); -}; - -/** - * Create a new bridge. - * - * @param name name of the bridge to create - * @return bridge, NULL if failed - */ -bridge_t *bridge_create(char *name); - -#endif /* BRIDGE_H */ - diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c deleted file mode 100644 index ac581fed1..000000000 --- a/src/dumm/cowfs.c +++ /dev/null @@ -1,980 +0,0 @@ -/* - * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * Copyright (C) 2001-2007 Miklos Szeredi - * - * Based on example shipped with FUSE. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - - -#define FUSE_USE_VERSION 26 -#define _GNU_SOURCE - -#include <fuse.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> -#include <dirent.h> -#include <errno.h> -#include <sys/time.h> - -#include "cowfs.h" - -#include <library.h> -#include <utils/debug.h> -#include <threading/thread.h> -#include <threading/rwlock.h> -#include <collections/linked_list.h> - -/** define _XOPEN_SOURCE 500 fails when using libstrongswan, define popen */ -extern ssize_t pread(int fd, void *buf, size_t count, off_t offset); -extern ssize_t pwrite(int fd, const void *buf, size_t count, off_t offset); - -typedef struct private_cowfs_t private_cowfs_t; - -struct private_cowfs_t { - /** public cowfs interface */ - cowfs_t public; - /** fuse channel to mountpoint */ - struct fuse_chan *chan; - /** fuse handle */ - struct fuse *fuse; - /** mountpoint of cowfs FUSE */ - char *mount; - /** master filesystem path */ - char *master; - /** host filesystem path */ - char *host; - /** overlay filesystems */ - linked_list_t *overlays; - /** lock for overlays */ - rwlock_t *lock; - /** fd of read only master filesystem */ - int master_fd; - /** copy on write overlay to master */ - int host_fd; - /** thread processing FUSE */ - thread_t *thread; -}; - -typedef struct overlay_t overlay_t; - -/** - * data for overlay filesystems - */ -struct overlay_t { - /** path to overlay */ - char *path; - /** overlay fd */ - int fd; -}; - -/** - * destroy an overlay - */ -static void overlay_destroy(overlay_t *this) -{ - close(this->fd); - free(this->path); - free(this); -} - -CALLBACK(overlay_equals, bool, - overlay_t *this, va_list args) -{ - overlay_t *other; - - VA_ARGS_VGET(args, other); - return streq(this->path, other->path); -} - -/** - * remove and destroy the overlay with the given absolute path. - * returns FALSE, if not found. - */ -static bool overlay_remove(private_cowfs_t *this, char *path) -{ - overlay_t over, *current; - over.path = path; - if (!this->overlays->find_first(this->overlays, overlay_equals, - (void**)¤t, &over)) - { - return FALSE; - } - this->overlays->remove(this->overlays, current, NULL); - overlay_destroy(current); - return TRUE; -} - -/** - * get this pointer stored in fuse context - */ -static private_cowfs_t *get_this() -{ - return (fuse_get_context())->private_data; -} - -/** - * make a path relative - */ -static void rel(const char **path) -{ - if (**path == '/') - { - (*path)++; - } - if (**path == '\0') - { - *path = "."; - } -} - -/** - * get the highest overlay in which path exists - */ -static int get_rd(const char *path) -{ - overlay_t *over; - enumerator_t *enumerator; - private_cowfs_t *this = get_this(); - - this->lock->read_lock(this->lock); - enumerator = this->overlays->create_enumerator(this->overlays); - while (enumerator->enumerate(enumerator, (void**)&over)) - { - if (faccessat(over->fd, path, F_OK, 0) == 0) - { - int fd = over->fd; - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - return fd; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - - if (faccessat(this->host_fd, path, F_OK, 0) == 0) - { - return this->host_fd; - } - return this->master_fd; -} - -/** - * get the highest overlay available, to write something - */ -static int get_wr(const char *path) -{ - overlay_t *over; - private_cowfs_t *this = get_this(); - int fd = this->host_fd; - this->lock->read_lock(this->lock); - if (this->overlays->get_first(this->overlays, (void**)&over) == SUCCESS) - { - fd = over->fd; - } - this->lock->unlock(this->lock); - return fd; -} - -/** - * create full "path" at "wr" the same way they exist at "rd" - */ -static bool clone_path(int rd, int wr, const char *path) -{ - char *pos, *full; - struct stat st; - full = strdupa(path); - pos = full; - - while ((pos = strchr(pos, '/'))) - { - *pos = '\0'; - if (fstatat(wr, full, &st, 0) < 0) - { - /* TODO: handle symlinks!? */ - if (fstatat(rd, full, &st, 0) < 0) - { - return FALSE; - } - if (mkdirat(wr, full, st.st_mode) < 0) - { - return FALSE; - } - } - *pos = '/'; - pos++; - } - return TRUE; -} - -/** - * copy a (special) file from a readonly to a read-write overlay - */ -static int copy(const char *path) -{ - char *buf[4096]; - int len; - int rd, wr; - int from, to; - struct stat st; - - rd = get_rd(path); - wr = get_wr(path); - - if (rd == wr) - { - /* already writeable */ - return wr; - } - if (fstatat(rd, path, &st, 0) < 0) - { - return -1; - } - if (!clone_path(rd, wr, path)) - { - return -1; - } - if (mknodat(wr, path, st.st_mode, st.st_rdev) < 0) - { - return -1; - } - /* copy if no special file */ - if (st.st_size) - { - from = openat(rd, path, O_RDONLY, st.st_mode); - if (from < 0) - { - return -1; - } - to = openat(wr, path, O_WRONLY , st.st_mode); - if (to < 0) - { - close(from); - return -1; - } - while ((len = read(from, buf, sizeof(buf))) > 0) - { - if (write(to, buf, len) < len) - { - /* TODO: only on len < 0 ? */ - close(from); - close(to); - return -1; - } - } - close(from); - close(to); - if (len < 0) - { - return -1; - } - } - return wr; -} - -/** - * FUSE getattr method - */ -static int cowfs_getattr(const char *path, struct stat *stbuf) -{ - rel(&path); - - if (fstatat(get_rd(path), path, stbuf, AT_SYMLINK_NOFOLLOW) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE access method - */ -static int cowfs_access(const char *path, int mask) -{ - rel(&path); - - if (faccessat(get_rd(path), path, mask, 0) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE readlink method - */ -static int cowfs_readlink(const char *path, char *buf, size_t size) -{ - int res; - - rel(&path); - - res = readlinkat(get_rd(path), path, buf, size - 1); - if (res < 0) - { - return -errno; - } - buf[res] = '\0'; - return 0; -} - -/** - * get a directory stream of two concatenated paths - */ -static DIR* get_dir(char *dir, const char *subdir) -{ - char *full; - - if (dir == NULL) - { - return NULL; - } - - full = alloca(strlen(dir) + strlen(subdir) + 1); - strcpy(full, dir); - strcat(full, subdir); - - return opendir(full); -} - -/** - * check if a directory stream contains a directory - */ -static bool contains_dir(DIR *d, char *dirname) -{ - struct dirent *ent; - - rewinddir(d); - while ((ent = readdir(d))) - { - if (streq(ent->d_name, dirname)) - { - return TRUE; - } - } - return FALSE; -} - -/** - * check if one of the higher overlays contains a directory - */ -static bool overlays_contain_dir(DIR **d, char *dirname) -{ - for (; *d; ++d) - { - if (contains_dir(*d, dirname)) - { - return TRUE; - } - } - return FALSE; -} - -/** - * FUSE readdir method - */ -static int cowfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler, - off_t offset, struct fuse_file_info *fi) -{ -#define ADD_DIR(overlay, base, path) ({\ - DIR *dir = get_dir(base, path);\ - if (dir) { *(--overlay) = dir; }\ -}) - private_cowfs_t *this = get_this(); - int count; - DIR **d, **overlays; - struct stat st; - struct dirent *ent; - overlay_t *over; - enumerator_t *enumerator; - - memset(&st, 0, sizeof(st)); - - this->lock->read_lock(this->lock); - /* create a null-terminated array of DIR objects for all overlays (including - * the master and host layer). the order is from bottom to top */ - count = this->overlays->get_count(this->overlays) + 2; - overlays = calloc(count + 1, sizeof(DIR*)); - d = &overlays[count]; - - enumerator = this->overlays->create_enumerator(this->overlays); - while (enumerator->enumerate(enumerator, (void**)&over)) - { - ADD_DIR(d, over->path, path); - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - - ADD_DIR(d, this->host, path); - ADD_DIR(d, this->master, path); - - for (; *d; ++d) - { - rewinddir(*d); - while((ent = readdir(*d))) - { - if (!overlays_contain_dir(d + 1, ent->d_name)) - { - st.st_ino = ent->d_ino; - st.st_mode = ent->d_type << 12; - filler(buf, ent->d_name, &st, 0); - } - } - closedir(*d); - } - - free(overlays); - return 0; -} - -/** - * FUSE mknod method - */ -static int cowfs_mknod(const char *path, mode_t mode, dev_t rdev) -{ - int fd; - rel(&path); - - fd = get_wr(path); - if (!clone_path(get_rd(path), fd, path)) - { - return -errno; - } - - if (mknodat(fd, path, mode, rdev) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE mkdir method - */ -static int cowfs_mkdir(const char *path, mode_t mode) -{ - int fd; - rel(&path); - - fd = get_wr(path); - if (!clone_path(get_rd(path), fd, path)) - { - return -errno; - } - if (mkdirat(fd, path, mode) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE unlink method - */ -static int cowfs_unlink(const char *path) -{ - rel(&path); - - /* TODO: whiteout master */ - if (unlinkat(get_wr(path), path, 0) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE rmdir method - */ -static int cowfs_rmdir(const char *path) -{ - rel(&path); - - /* TODO: whiteout master */ - if (unlinkat(get_wr(path), path, AT_REMOVEDIR) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE symlink method - */ -static int cowfs_symlink(const char *from, const char *to) -{ - int fd; - const char *fromrel = from; - - rel(&to); - rel(&fromrel); - - fd = get_wr(to); - if (!clone_path(get_rd(fromrel), fd, fromrel)) - { - return -errno; - } - if (symlinkat(from, fd, to) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE rename method - */ -static int cowfs_rename(const char *from, const char *to) -{ - int fd; - - rel(&from); - rel(&to); - - fd = copy(from); - if (fd < 0) - { - return -errno; - } - if (renameat(fd, from, get_wr(to), to) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE link method - */ -static int cowfs_link(const char *from, const char *to) -{ - int rd, wr; - - rel(&from); - rel(&to); - - rd = get_rd(from); - wr = get_wr(to); - - if (!clone_path(rd, wr, to)) - { - DBG1(DBG_LIB, "cloning path '%s' failed", to); - return -errno; - } - if (linkat(rd, from, wr, to, 0) < 0) - { - DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to); - return -errno; - } - return 0; -} - -/** - * FUSE chmod method - */ -static int cowfs_chmod(const char *path, mode_t mode) -{ - int fd; - struct stat st; - - rel(&path); - fd = get_rd(path); - if (fstatat(fd, path, &st, 0) < 0) - { - return -errno; - } - if (st.st_mode == mode) - { - return 0; - } - fd = copy(path); - if (fd < 0) - { - return -errno; - } - if (fchmodat(fd, path, mode, 0) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE chown method - */ -static int cowfs_chown(const char *path, uid_t uid, gid_t gid) -{ - int fd; - struct stat st; - - rel(&path); - fd = get_rd(path); - if (fstatat(fd, path, &st, 0) < 0) - { - return -errno; - } - if (st.st_uid == uid && st.st_gid == gid) - { - return 0; - } - fd = copy(path); - if (fd < 0) - { - return -errno; - } - if (fchownat(fd, path, uid, gid, AT_SYMLINK_NOFOLLOW) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE truncate method - */ -static int cowfs_truncate(const char *path, off_t size) -{ - int fd; - struct stat st; - - rel(&path); - fd = get_rd(path); - if (fstatat(fd, path, &st, 0) < 0) - { - return -errno; - } - if (st.st_size == size) - { - return 0; - } - fd = copy(path); - if (fd < 0) - { - return -errno; - } - fd = openat(fd, path, O_WRONLY); - if (fd < 0) - { - return -errno; - } - if (ftruncate(fd, size) < 0) - { - close(fd); - return -errno; - } - close(fd); - return 0; -} - -/** - * FUSE utimens method - */ -static int cowfs_utimens(const char *path, const struct timespec ts[2]) -{ - struct timeval tv[2]; - int fd; - - rel(&path); - fd = copy(path); - if (fd < 0) - { - return -errno; - } - - tv[0].tv_sec = ts[0].tv_sec; - tv[0].tv_usec = ts[0].tv_nsec / 1000; - tv[1].tv_sec = ts[1].tv_sec; - tv[1].tv_usec = ts[1].tv_nsec / 1000; - - if (futimesat(fd, path, tv) < 0) - { - return -errno; - } - return 0; -} - -/** - * FUSE open method - */ -static int cowfs_open(const char *path, struct fuse_file_info *fi) -{ - int fd; - - rel(&path); - fd = get_rd(path); - - fd = openat(fd, path, fi->flags); - if (fd < 0) - { - return -errno; - } - close(fd); - return 0; -} - -/** - * FUSE read method - */ -static int cowfs_read(const char *path, char *buf, size_t size, off_t offset, - struct fuse_file_info *fi) -{ - int file, fd, res; - - rel(&path); - - fd = get_rd(path); - - file = openat(fd, path, O_RDONLY); - if (file < 0) - { - return -errno; - } - - res = pread(file, buf, size, offset); - if (res < 0) - { - res = -errno; - } - close(file); - return res; -} - -/** - * FUSE write method - */ -static int cowfs_write(const char *path, const char *buf, size_t size, - off_t offset, struct fuse_file_info *fi) -{ - int file, fd, res; - - rel(&path); - - fd = copy(path); - if (fd < 0) - { - return -errno; - } - file = openat(fd, path, O_WRONLY); - if (file < 0) - { - return -errno; - } - res = pwrite(file, buf, size, offset); - if (res < 0) - { - res = -errno; - } - close(file); - return res; -} - -/** - * FUSE statfs method - */ -static int cowfs_statfs(const char *path, struct statvfs *stbuf) -{ - int fd; - - fd = get_rd(path); - if (fstatvfs(fd, stbuf) < 0) - { - return -errno; - } - - return 0; -} - -/** - * FUSE init method - */ -static void *cowfs_init(struct fuse_conn_info *conn) -{ - struct fuse_context *ctx; - - ctx = fuse_get_context(); - - return ctx->private_data; -} - -/** - * FUSE method vectors - */ -static struct fuse_operations cowfs_operations = { - .getattr = cowfs_getattr, - .access = cowfs_access, - .readlink = cowfs_readlink, - .readdir = cowfs_readdir, - .mknod = cowfs_mknod, - .mkdir = cowfs_mkdir, - .symlink = cowfs_symlink, - .unlink = cowfs_unlink, - .rmdir = cowfs_rmdir, - .rename = cowfs_rename, - .link = cowfs_link, - .chmod = cowfs_chmod, - .chown = cowfs_chown, - .truncate = cowfs_truncate, - .utimens = cowfs_utimens, - .open = cowfs_open, - .read = cowfs_read, - .write = cowfs_write, - .statfs = cowfs_statfs, - .init = cowfs_init, -}; - -METHOD(cowfs_t, add_overlay, bool, - private_cowfs_t *this, char *path) -{ - overlay_t *over = malloc_thing(overlay_t); - over->fd = open(path, O_RDONLY | O_DIRECTORY); - if (over->fd < 0) - { - DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path); - free(over); - return FALSE; - } - over->path = realpath(path, NULL); - this->lock->write_lock(this->lock); - overlay_remove(this, over->path); - this->overlays->insert_first(this->overlays, over); - this->lock->unlock(this->lock); - return TRUE; -} - -METHOD(cowfs_t, del_overlay, bool, - private_cowfs_t *this, char *path) -{ - bool removed; - char real[PATH_MAX]; - this->lock->write_lock(this->lock); - removed = overlay_remove(this, realpath(path, real)); - this->lock->unlock(this->lock); - return removed; -} - -METHOD(cowfs_t, pop_overlay, bool, - private_cowfs_t *this) -{ - overlay_t *over; - this->lock->write_lock(this->lock); - if (this->overlays->remove_first(this->overlays, (void**)&over) != SUCCESS) - { - this->lock->unlock(this->lock); - return FALSE; - } - this->lock->unlock(this->lock); - overlay_destroy(over); - return TRUE; -} - -METHOD(cowfs_t, destroy, void, - private_cowfs_t *this) -{ - fuse_exit(this->fuse); - fuse_unmount(this->mount, this->chan); - this->thread->join(this->thread); - fuse_destroy(this->fuse); - this->lock->destroy(this->lock); - this->overlays->destroy_function(this->overlays, (void*)overlay_destroy); - free(this->mount); - free(this->master); - free(this->host); - close(this->master_fd); - close(this->host_fd); - free(this); -} - -/** - * creates a new cowfs fuse instance - */ -cowfs_t *cowfs_create(char *master, char *host, char *mount) -{ - struct fuse_args args = {0, NULL, 0}; - private_cowfs_t *this; - - INIT(this, - .public = { - .add_overlay = _add_overlay, - .del_overlay = _del_overlay, - .pop_overlay = _pop_overlay, - .destroy = _destroy, - } - ); - - this->master_fd = open(master, O_RDONLY | O_DIRECTORY); - if (this->master_fd < 0) - { - DBG1(DBG_LIB, "failed to open master filesystem '%s'", master); - free(this); - return NULL; - } - this->host_fd = open(host, O_RDONLY | O_DIRECTORY); - if (this->host_fd < 0) - { - DBG1(DBG_LIB, "failed to open host filesystem '%s'", host); - close(this->master_fd); - free(this); - return NULL; - } - - this->chan = fuse_mount(mount, &args); - if (this->chan == NULL) - { - DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount); - close(this->master_fd); - close(this->host_fd); - free(this); - return NULL; - } - - this->fuse = fuse_new(this->chan, &args, &cowfs_operations, - sizeof(cowfs_operations), this); - if (this->fuse == NULL) - { - DBG1(DBG_LIB, "creating cowfs FUSE handle failed"); - close(this->master_fd); - close(this->host_fd); - fuse_unmount(mount, this->chan); - free(this); - return NULL; - } - - this->mount = strdup(mount); - this->master = strdup(master); - this->host = strdup(host); - this->overlays = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - - this->thread = thread_create((thread_main_t)fuse_loop, this->fuse); - if (!this->thread) - { - DBG1(DBG_LIB, "creating thread to handle FUSE failed"); - fuse_unmount(mount, this->chan); - this->lock->destroy(this->lock); - this->overlays->destroy(this->overlays); - free(this->mount); - free(this->master); - free(this->host); - close(this->master_fd); - close(this->host_fd); - free(this); - return NULL; - } - - return &this->public; -} - diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h deleted file mode 100644 index 9a596de2e..000000000 --- a/src/dumm/cowfs.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef COWFS_H -#define COWFS_H - -#include <library.h> - -typedef struct cowfs_t cowfs_t; - -/** - * cowfs - Copy on write FUSE filesystem. - * - */ -struct cowfs_t { - - /** - * Adds an additional copy on write overlay. - * - * If the path was already added as overlay, it is moved to the top. - * - * @param path path of the overlay - * @return FALSE, if failed - */ - bool (*add_overlay)(cowfs_t *this, char *path); - - /** - * Remove the specified copy on write overlay. - * - * @param path path of the overlay - * @return FALSE, if not found - */ - bool (*del_overlay)(cowfs_t *this, char *path); - - /** - * Remove the most recently added copy on write overlay. - * - * @return FALSE, if no overlay was found - */ - bool (*pop_overlay)(cowfs_t *this); - - /** - * Stop, umount and destroy a cowfs FUSE filesystem. - */ - void (*destroy) (cowfs_t *this); -}; - -/** - * Mount a cowfs FUSE filesystem. - * - * @param master read only master file system directory - * @param host copy on write host directory - * @param mount mountpoint where union is mounted - * @return instance, or NULL if FUSE initialization failed - */ -cowfs_t *cowfs_create(char *master, char *host, char *mount); - -#endif /* COWFS_H */ - diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c deleted file mode 100644 index e24671330..000000000 --- a/src/dumm/dumm.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * Copyright (C) 2008-2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE - -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> -#include <stdio.h> -#include <dirent.h> -#include <errno.h> - -#include <utils/debug.h> -#include <collections/linked_list.h> - -#include "dumm.h" - -#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) -#define GUEST_DIR "guests" -#define TEMPLATE_DIR "templates" - -typedef struct private_dumm_t private_dumm_t; - -struct private_dumm_t { - /** public dumm interface */ - dumm_t public; - /** working dir */ - char *dir; - /** directory of guests */ - char *guest_dir; - /** directory of loaded template */ - char *template; - /** list of managed guests */ - linked_list_t *guests; - /** list of managed bridges */ - linked_list_t *bridges; -}; - -METHOD(dumm_t, create_guest, guest_t*, - private_dumm_t *this, char *name, char *kernel, char *master, char *args) -{ - guest_t *guest; - - guest = guest_create(this->guest_dir, name, kernel, master, args); - if (guest) - { - this->guests->insert_last(this->guests, guest); - } - return guest; -} - -METHOD(dumm_t, create_guest_enumerator, enumerator_t*, - private_dumm_t *this) -{ - return this->guests->create_enumerator(this->guests); -} - -METHOD(dumm_t, delete_guest, void, - private_dumm_t *this, guest_t *guest) -{ - if (this->guests->remove(this->guests, guest, NULL)) - { - char buf[512]; - int len; - - len = snprintf(buf, sizeof(buf), "rm -Rf %s/%s", - this->guest_dir, guest->get_name(guest)); - guest->destroy(guest); - if (len > 8 && len < 512) - { - ignore_result(system(buf)); - } - } -} - -METHOD(dumm_t, create_bridge, bridge_t*, - private_dumm_t *this, char *name) -{ - bridge_t *bridge; - - bridge = bridge_create(name); - if (bridge) - { - this->bridges->insert_last(this->bridges, bridge); - } - return bridge; -} - -METHOD(dumm_t, create_bridge_enumerator, enumerator_t*, - private_dumm_t *this) -{ - return this->bridges->create_enumerator(this->bridges); -} - -METHOD(dumm_t, delete_bridge, void, - private_dumm_t *this, bridge_t *bridge) -{ - if (this->bridges->remove(this->bridges, bridge, NULL)) - { - bridge->destroy(bridge); - } -} - -METHOD(dumm_t, add_overlay, bool, - private_dumm_t *this, char *dir) -{ - enumerator_t *enumerator; - guest_t *guest; - - if (dir == NULL) - { - return TRUE; - } - if (strlen(dir) > PATH_MAX) - { - DBG1(DBG_LIB, "overlay directory string '%s' is too long", dir); - return FALSE; - } - if (access(dir, F_OK) != 0) - { - if (!mkdir_p(dir, PERME)) - { - DBG1(DBG_LIB, "creating overlay directory '%s' failed: %m", dir); - return FALSE; - } - } - enumerator = this->guests->create_enumerator(this->guests); - while (enumerator->enumerate(enumerator, (void**)&guest)) - { - char guest_dir[PATH_MAX]; - int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir, - guest->get_name(guest)); - if (len < 0 || len >= sizeof(guest_dir)) - { - goto error; - } - if (access(guest_dir, F_OK) != 0) - { - if (!mkdir_p(guest_dir, PERME)) - { - DBG1(DBG_LIB, "creating overlay directory for guest '%s' failed: %m", - guest->get_name(guest)); - goto error; - } - } - if (!guest->add_overlay(guest, guest_dir)) - { - goto error; - } - } - enumerator->destroy(enumerator); - return TRUE; -error: - enumerator->destroy(enumerator); - this->public.del_overlay(&this->public, dir); - return FALSE; -} - -METHOD(dumm_t, del_overlay, bool, - private_dumm_t *this, char *dir) -{ - bool ret = FALSE; - enumerator_t *enumerator; - guest_t *guest; - - enumerator = this->guests->create_enumerator(this->guests); - while (enumerator->enumerate(enumerator, (void**)&guest)) - { - char guest_dir[PATH_MAX]; - int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir, - guest->get_name(guest)); - if (len < 0 || len >= sizeof(guest_dir)) - { - continue; - } - ret = guest->del_overlay(guest, guest_dir) || ret; - } - enumerator->destroy(enumerator); - return ret; -} - -METHOD(dumm_t, pop_overlay, bool, - private_dumm_t *this) -{ - bool ret = FALSE; - enumerator_t *enumerator; - guest_t *guest; - - enumerator = this->guests->create_enumerator(this->guests); - while (enumerator->enumerate(enumerator, (void**)&guest)) - { - ret = guest->pop_overlay(guest) || ret; - } - enumerator->destroy(enumerator); - return ret; -} - -/** - * disable the currently enabled template - */ -static void clear_template(private_dumm_t *this) -{ - if (this->template) - { - del_overlay(this, this->template); - free(this->template); - this->template = NULL; - } -} - -METHOD(dumm_t, load_template, bool, - private_dumm_t *this, char *name) -{ - clear_template(this); - if (name == NULL) - { - return TRUE; - } - if (strlen(name) > PATH_MAX) - { - DBG1(DBG_LIB, "template name '%s' is too long", name); - return FALSE; - } - if (strchr(name, '/') != NULL) - { - DBG1(DBG_LIB, "template name '%s' must not contain '/' characters", name); - return FALSE; - } - if (asprintf(&this->template, "%s/%s", TEMPLATE_DIR, name) < 0) - { - this->template = NULL; - return FALSE; - } - if (access(this->template, F_OK) != 0) - { - if (!mkdir_p(this->template, PERME)) - { - DBG1(DBG_LIB, "creating template directory '%s' failed: %m", - this->template); - return FALSE; - } - } - return add_overlay(this, this->template); -} - -/** - * Template directory enumerator - */ -typedef struct { - /** implements enumerator_t */ - enumerator_t public; - /** directory enumerator */ - enumerator_t *inner; -} template_enumerator_t; - -METHOD(enumerator_t, template_enumerate, bool, - template_enumerator_t *this, va_list args) -{ - struct stat st; - char *rel, **template; - - VA_ARGS_VGET(args, template); - - while (this->inner->enumerate(this->inner, &rel, NULL, &st)) - { - if (S_ISDIR(st.st_mode) && *rel != '.') - { - *template = rel; - return TRUE; - } - } - return FALSE; -} - -METHOD(enumerator_t, template_enumerator_destroy, void, - template_enumerator_t *this) -{ - this->inner->destroy(this->inner); - free(this); -} - -METHOD(dumm_t, create_template_enumerator, enumerator_t*, - private_dumm_t *this) -{ - template_enumerator_t *enumerator; - INIT(enumerator, - .public = { - .enumerate = enumerator_enumerate_default, - .venumerate = _template_enumerate, - .destroy = (void*)_template_enumerator_destroy, - }, - .inner = enumerator_create_directory(TEMPLATE_DIR), - ); - if (!enumerator->inner) - { - free(enumerator); - return enumerator_create_empty(); - } - return &enumerator->public; -} - -METHOD(dumm_t, destroy, void, - private_dumm_t *this) -{ - enumerator_t *enumerator; - guest_t *guest; - - this->bridges->destroy_offset(this->bridges, offsetof(bridge_t, destroy)); - - enumerator = this->guests->create_enumerator(this->guests); - while (enumerator->enumerate(enumerator, (void**)&guest)) - { - guest->stop(guest, NULL); - } - enumerator->destroy(enumerator); - - while (this->guests->remove_last(this->guests, (void**)&guest) == SUCCESS) - { - guest->destroy(guest); - } - this->guests->destroy(this->guests); - free(this->guest_dir); - free(this->template); - free(this->dir); - free(this); -} - -/** - * load all guests in our working dir - */ -static void load_guests(private_dumm_t *this) -{ - DIR *dir; - struct dirent *ent; - guest_t *guest; - - dir = opendir(this->guest_dir); - if (dir == NULL) - { - return; - } - - while ((ent = readdir(dir))) - { - if (*ent->d_name == '.') - { /* skip ".", ".." and hidden files (such as ".svn") */ - continue; - } - guest = guest_load(this->guest_dir, ent->d_name); - if (guest) - { - this->guests->insert_last(this->guests, guest); - } - else - { - DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped", - ent->d_name); - } - } - closedir(dir); -} - -/** - * create a dumm instance - */ -dumm_t *dumm_create(char *dir) -{ - char cwd[PATH_MAX]; - private_dumm_t *this; - - INIT(this, - .public = { - .create_guest = _create_guest, - .create_guest_enumerator = _create_guest_enumerator, - .delete_guest = _delete_guest, - .create_bridge = _create_bridge, - .create_bridge_enumerator = _create_bridge_enumerator, - .delete_bridge = _delete_bridge, - .add_overlay = _add_overlay, - .del_overlay = _del_overlay, - .pop_overlay = _pop_overlay, - .load_template = _load_template, - .create_template_enumerator = _create_template_enumerator, - .destroy = _destroy, - }, - ); - - if (dir && *dir == '/') - { - this->dir = strdup(dir); - } - else - { - if (getcwd(cwd, sizeof(cwd)) == NULL) - { - free(this); - return NULL; - } - if (dir) - { - if (asprintf(&this->dir, "%s/%s", cwd, dir) < 0) - { - this->dir = NULL; - } - } - else - { - this->dir = strdup(cwd); - } - } - if (asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR) < 0) - { - this->guest_dir = NULL; - } - - this->guests = linked_list_create(); - this->bridges = linked_list_create(); - - if (this->dir == NULL || this->guest_dir == NULL || - (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST)) - { - DBG1(DBG_LIB, "creating guest directory '%s' failed: %m", - this->guest_dir); - destroy(this); - return NULL; - } - - load_guests(this); - return &this->public; -} - diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h deleted file mode 100644 index 921d2157f..000000000 --- a/src/dumm/dumm.h +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (C) 2008-2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef DUMM_H -#define DUMM_H - -#include <signal.h> - -#include <library.h> -#include <collections/enumerator.h> - -#include "guest.h" -#include "bridge.h" - -typedef struct dumm_t dumm_t; - -/** - * dumm - Dynamic Uml Mesh Modeler - * - * Controls a group of UML guests and their networks. - */ -struct dumm_t { - - /** - * Starts a new UML guest - * - * @param name name of the guest - * @param kernel UML kernel to use for guest - * @param master mounted read only master filesystem - * @param args additional args to pass to kernel - * @return guest if started, NULL if failed - */ - guest_t* (*create_guest) (dumm_t *this, char *name, char *kernel, - char *master, char *args); - - /** - * Create an enumerator over all guests. - * - * @return enumerator over guest_t's - */ - enumerator_t* (*create_guest_enumerator) (dumm_t *this); - - /** - * Delete a guest from disk. - * - * @param guest guest to destroy - */ - void (*delete_guest) (dumm_t *this, guest_t *guest); - - /** - * Create a new bridge. - * - * @param name name of the bridge to create - * @return created bridge - */ - bridge_t* (*create_bridge)(dumm_t *this, char *name); - - /** - * Create an enumerator over all bridges. - * - * @return enumerator over bridge_t's - */ - enumerator_t* (*create_bridge_enumerator)(dumm_t *this); - - /** - * Delete a bridge. - * - * @param bridge bridge to destroy - */ - void (*delete_bridge) (dumm_t *this, bridge_t *bridge); - - /** - * Add an overlay to all guests. - * - * Directories named after the guests are created, if they do not exist - * in the given overlay directory. - * - * If adding the overlay on at lest one guest fails, FALSE is returned and - * the overlay is again removed from all guests. - * - * @param dir dir to the overlay - * @return FALSE, on failure - */ - bool (*add_overlay)(dumm_t *this, char *dir); - - /** - * Removes an overlay from all guests. - * - * @param dir dir to the overlay - * @return FALSE, if the overlay was not found on any guest - */ - bool (*del_overlay)(dumm_t *this, char *dir); - - /** - * Remove the latest overlay from all guests. - * - * @return FALSE, if no overlay was found on any guest - */ - bool (*pop_overlay)(dumm_t *this); - - /** - * Loads a template, create a new one if it does not exist. - * - * This is basically a wrapper around add/del_overlay to simplify working - * with overlays. Templates are located in a predefined directory, so that - * only a name for the template has to be specified here. Only one template - * can be loaded at any one time (but other overlays can be added on top or - * below a template). - * - * @param name name of the template to load, NULL to unload - * @return FALSE if load/create failed - */ - bool (*load_template)(dumm_t *this, char *name); - - /** - * Create an enumerator over all available templates. - * - * @return enumerator over char* - */ - enumerator_t* (*create_template_enumerator)(dumm_t *this); - - /** - * stop all guests and destroy the modeler - */ - void (*destroy) (dumm_t *this); -}; - -/** - * Create a group of UML hosts and networks. - * - * @param dir directory to create guests/load from, NULL for cwd - * @return created UML group, or NULL if failed. - */ -dumm_t *dumm_create(char *dir); - -#endif /* DUMM_H */ - diff --git a/src/dumm/ext/README b/src/dumm/ext/README deleted file mode 100644 index 270d9d59d..000000000 --- a/src/dumm/ext/README +++ /dev/null @@ -1,8 +0,0 @@ -DUMM Ruby Extension -=================== - -Build and Install - - $ ruby extconf.rb - $ make - # make install diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c deleted file mode 100644 index 7df72eb30..000000000 --- a/src/dumm/ext/dumm.c +++ /dev/null @@ -1,797 +0,0 @@ -/* - * Copyright (C) 2008-2010 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <stdio.h> -#include <signal.h> -#include <unistd.h> -#include <fcntl.h> - -#include <library.h> -#include <dumm.h> -#include <utils/debug.h> -#include <collections/linked_list.h> - -#undef PACKAGE_NAME -#undef PACKAGE_TARNAME -#undef PACKAGE_VERSION -#undef PACKAGE_STRING -#undef PACKAGE_BUGREPORT -#undef PACKAGE_URL -#undef HAVE_DLADDR -#undef HAVE_QSORT_R -/* avoid redefintiion of snprintf etc. */ -#define RUBY_DONT_SUBST -/* undef our _GNU_SOURCE, as it gets redefined by <ruby.h> */ -#undef _GNU_SOURCE -#include <ruby.h> - -static dumm_t *dumm; - -static VALUE rbm_dumm; -static VALUE rbc_guest; -static VALUE rbc_bridge; -static VALUE rbc_iface; -static VALUE rbc_template; - -/** - * Guest invocation callback - */ -static pid_t invoke(void *null, guest_t *guest, char *args[], int argc) -{ - pid_t pid; - - pid = fork(); - switch (pid) - { - case 0: /* child */ - /* create a new process group in order to prevent signals (e.g. - * SIGINT) sent to the parent from terminating the child */ - setpgid(0, 0); - dup2(open("/dev/null", 0), 1); - dup2(open("/dev/null", 0), 2); - execvp(args[0], args); - /* FALL */ - case -1: - return 0; - default: - return pid; - } -} - -/** - * SIGCHLD signal handler - */ -static void sigchld_handler(int signal, siginfo_t *info, void* ptr) -{ - enumerator_t *enumerator; - guest_t *guest; - - enumerator = dumm->create_guest_enumerator(dumm); - while (enumerator->enumerate(enumerator, &guest)) - { - if (guest->get_pid(guest) == info->si_pid) - { - guest->sigchild(guest); - break; - } - } - enumerator->destroy(enumerator); -} - - -/** - * Global Dumm bindings - */ -static VALUE dumm_add_overlay(VALUE class, VALUE dir) -{ - if (!dumm->add_overlay(dumm, StringValuePtr(dir))) - { - rb_raise(rb_eRuntimeError, "loading overlay failed"); - } - return class; -} - -static VALUE dumm_del_overlay(VALUE class, VALUE dir) -{ - return dumm->del_overlay(dumm, StringValuePtr(dir)) ? Qtrue : Qfalse; -} - -static VALUE dumm_pop_overlay(VALUE class) -{ - return dumm->pop_overlay(dumm) ? Qtrue : Qfalse; -} - -static void dumm_init() -{ - rbm_dumm = rb_define_module("Dumm"); - - rb_define_module_function(rbm_dumm, "add_overlay", dumm_add_overlay, 1); - rb_define_module_function(rbm_dumm, "del_overlay", dumm_del_overlay, 1); - rb_define_module_function(rbm_dumm, "pop_overlay", dumm_pop_overlay, 0); -} - -/** - * Guest bindings - */ -static VALUE guest_hash_create(VALUE class) -{ - enumerator_t *enumerator; - guest_t *guest; - VALUE hash = rb_hash_new(); - enumerator = dumm->create_guest_enumerator(dumm); - while (enumerator->enumerate(enumerator, &guest)) - { - rb_hash_aset(hash, rb_str_new2(guest->get_name(guest)), - Data_Wrap_Struct(class, NULL, NULL, guest)); - } - enumerator->destroy(enumerator); - return hash; -} - -static VALUE guest_hash(VALUE class) -{ - ID id = rb_intern("@@guests"); - if (!rb_cvar_defined(class, id)) - { - VALUE hash = guest_hash_create(class); -#ifdef RB_CVAR_SET_4_ARGS - rb_cvar_set(class, id, hash, 0); -#else - rb_cvar_set(class, id, hash); -#endif - return hash; - } - return rb_cvar_get(class, id); -} - -static VALUE guest_find(VALUE class, VALUE key) -{ - if (TYPE(key) != T_STRING) - { - key = rb_convert_type(key, T_STRING, "String", "to_s"); - } - return rb_hash_aref(guest_hash(class), key); -} - -static VALUE guest_get(VALUE class, VALUE key) -{ - return guest_find(class, key); -} - -static VALUE guest_each(int argc, VALUE *argv, VALUE class) -{ - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - rb_block_call(guest_hash(class), rb_intern("each_value"), 0, 0, - rb_yield, 0); - return class; -} - -static VALUE guest_new(VALUE class, VALUE name, VALUE kernel, - VALUE master, VALUE args) -{ - VALUE self; - guest_t *guest; - guest = dumm->create_guest(dumm, StringValuePtr(name), - StringValuePtr(kernel), StringValuePtr(master), - StringValuePtr(args)); - if (!guest) - { - rb_raise(rb_eRuntimeError, "creating guest failed"); - } - self = Data_Wrap_Struct(class, NULL, NULL, guest); - rb_hash_aset(guest_hash(class), name, self); - return self; -} - -static VALUE guest_to_s(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - return rb_str_new2(guest->get_name(guest)); -} - -static VALUE guest_start(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - - if (!guest->start(guest, invoke, NULL, NULL)) - { - rb_raise(rb_eRuntimeError, "starting guest failed"); - } - return self; -} - -static VALUE guest_stop(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - guest->stop(guest, NULL); - return self; -} - -static VALUE guest_running(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - return guest->get_pid(guest) ? Qtrue : Qfalse; -} - -static void exec_cb(void *data, char *buf) -{ - rb_yield(rb_str_new2(buf)); -} - -static VALUE guest_exec(VALUE self, VALUE cmd) -{ - guest_t *guest; - bool block; - int ret; - - block = rb_block_given_p(); - Data_Get_Struct(self, guest_t, guest); - ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL, - "exec %s", StringValuePtr(cmd)); - rb_iv_set(self, "@execstatus", INT2NUM(ret)); - return self; -} - -static VALUE guest_mconsole(VALUE self, VALUE cmd) -{ - guest_t *guest; - bool block; - int ret; - - block = rb_block_given_p(); - Data_Get_Struct(self, guest_t, guest); - if ((ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL, - "%s", StringValuePtr(cmd))) != 0) - { - rb_raise(rb_eRuntimeError, "executing command failed (%d)", ret); - } - return self; -} - -static VALUE guest_add_iface(VALUE self, VALUE name) -{ - guest_t *guest; - iface_t *iface; - - Data_Get_Struct(self, guest_t, guest); - iface = guest->create_iface(guest, StringValuePtr(name)); - if (!iface) - { - rb_raise(rb_eRuntimeError, "adding interface failed"); - } - return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface); -} - -static VALUE guest_find_iface(VALUE self, VALUE key) -{ - enumerator_t *enumerator; - iface_t *iface, *found = NULL; - guest_t *guest; - - if (TYPE(key) == T_SYMBOL) - { - key = rb_convert_type(key, T_STRING, "String", "to_s"); - } - Data_Get_Struct(self, guest_t, guest); - enumerator = guest->create_iface_enumerator(guest); - while (enumerator->enumerate(enumerator, &iface)) - { - if (streq(iface->get_guestif(iface), StringValuePtr(key))) - { - found = iface; - break; - } - } - enumerator->destroy(enumerator); - if (!found) - { - return Qnil; - } - return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface); -} - -static VALUE guest_get_iface(VALUE self, VALUE key) -{ - VALUE iface = guest_find_iface(self, key); - if (NIL_P(iface)) - { - rb_raise(rb_eRuntimeError, "interface not found"); - } - return iface; -} - -static VALUE guest_each_iface(int argc, VALUE *argv, VALUE self) -{ - enumerator_t *enumerator; - linked_list_t *list; - guest_t *guest; - iface_t *iface; - - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - Data_Get_Struct(self, guest_t, guest); - list = linked_list_create(); - enumerator = guest->create_iface_enumerator(guest); - while (enumerator->enumerate(enumerator, &iface)) - { - list->insert_last(list, iface); - } - enumerator->destroy(enumerator); - while (list->remove_first(list, (void**)&iface) == SUCCESS) - { - rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface)); - } - list->destroy(list); - return self; -} - -static VALUE guest_delete(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - if (guest->get_pid(guest)) - { - rb_raise(rb_eRuntimeError, "guest is running"); - } - dumm->delete_guest(dumm, guest); - return Qnil; -} - -static VALUE guest_add_overlay(VALUE self, VALUE dir) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - if (!guest->add_overlay(guest, StringValuePtr(dir))) - { - rb_raise(rb_eRuntimeError, "loading overlay failed"); - } - return self; -} - -static VALUE guest_del_overlay(VALUE self, VALUE dir) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - return guest->del_overlay(guest, StringValuePtr(dir)) ? Qtrue : Qfalse; -} - -static VALUE guest_pop_overlay(VALUE self) -{ - guest_t *guest; - - Data_Get_Struct(self, guest_t, guest); - return guest->pop_overlay(guest) ? Qtrue : Qfalse; -} - -static void guest_init() -{ - rbc_guest = rb_define_class_under(rbm_dumm , "Guest", rb_cObject); - rb_include_module(rb_class_of(rbc_guest), rb_mEnumerable); - rb_include_module(rbc_guest, rb_mEnumerable); - - rb_define_singleton_method(rbc_guest, "[]", guest_get, 1); - rb_define_singleton_method(rbc_guest, "each", guest_each, -1); - rb_define_singleton_method(rbc_guest, "new", guest_new, 4); - rb_define_singleton_method(rbc_guest, "include?", guest_find, 1); - rb_define_singleton_method(rbc_guest, "guest?", guest_find, 1); - - rb_define_method(rbc_guest, "to_s", guest_to_s, 0); - rb_define_method(rbc_guest, "start", guest_start, 0); - rb_define_method(rbc_guest, "stop", guest_stop, 0); - rb_define_method(rbc_guest, "running?", guest_running, 0); - rb_define_method(rbc_guest, "exec", guest_exec, 1); - rb_define_method(rbc_guest, "mconsole", guest_mconsole, 1); - rb_define_method(rbc_guest, "add", guest_add_iface, 1); - rb_define_method(rbc_guest, "[]", guest_get_iface, 1); - rb_define_method(rbc_guest, "each", guest_each_iface, -1); - rb_define_method(rbc_guest, "include?", guest_find_iface, 1); - rb_define_method(rbc_guest, "iface?", guest_find_iface, 1); - rb_define_method(rbc_guest, "delete", guest_delete, 0); - rb_define_method(rbc_guest, "add_overlay", guest_add_overlay, 1); - rb_define_method(rbc_guest, "del_overlay", guest_del_overlay, 1); - rb_define_method(rbc_guest, "pop_overlay", guest_pop_overlay, 0); - - rb_define_attr(rbc_guest, "execstatus", 1, 0); -} - -/** - * Bridge binding - */ -static VALUE bridge_find(VALUE class, VALUE key) -{ - enumerator_t *enumerator; - bridge_t *bridge, *found = NULL; - - if (TYPE(key) == T_SYMBOL) - { - key = rb_convert_type(key, T_STRING, "String", "to_s"); - } - enumerator = dumm->create_bridge_enumerator(dumm); - while (enumerator->enumerate(enumerator, &bridge)) - { - if (streq(bridge->get_name(bridge), StringValuePtr(key))) - { - found = bridge; - break; - } - } - enumerator->destroy(enumerator); - if (!found) - { - return Qnil; - } - return Data_Wrap_Struct(class, NULL, NULL, found); -} - -static VALUE bridge_get(VALUE class, VALUE key) -{ - VALUE bridge = bridge_find(class, key); - if (NIL_P(bridge)) - { - rb_raise(rb_eRuntimeError, "bridge not found"); - } - return bridge; -} - -static VALUE bridge_each(int argc, VALUE *argv, VALUE class) -{ - enumerator_t *enumerator; - linked_list_t *list; - bridge_t *bridge; - - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - list = linked_list_create(); - enumerator = dumm->create_bridge_enumerator(dumm); - while (enumerator->enumerate(enumerator, &bridge)) - { - list->insert_last(list, bridge); - } - enumerator->destroy(enumerator); - while (list->remove_first(list, (void**)&bridge) == SUCCESS) - { - rb_yield(Data_Wrap_Struct(class, NULL, NULL, bridge)); - } - list->destroy(list); - return class; -} - -static VALUE bridge_new(VALUE class, VALUE name) - -{ - bridge_t *bridge; - - bridge = dumm->create_bridge(dumm, StringValuePtr(name)); - if (!bridge) - { - rb_raise(rb_eRuntimeError, "creating bridge failed"); - } - return Data_Wrap_Struct(class, NULL, NULL, bridge); -} - -static VALUE bridge_to_s(VALUE self) -{ - bridge_t *bridge; - - Data_Get_Struct(self, bridge_t, bridge); - return rb_str_new2(bridge->get_name(bridge)); -} - -static VALUE bridge_each_iface(int argc, VALUE *argv, VALUE self) -{ - enumerator_t *enumerator; - linked_list_t *list; - bridge_t *bridge; - iface_t *iface; - - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - Data_Get_Struct(self, bridge_t, bridge); - list = linked_list_create(); - enumerator = bridge->create_iface_enumerator(bridge); - while (enumerator->enumerate(enumerator, &iface)) - { - list->insert_last(list, iface); - } - enumerator->destroy(enumerator); - while (list->remove_first(list, (void**)&iface) == SUCCESS) - { - rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface)); - } - list->destroy(list); - return self; -} - -static VALUE bridge_delete(VALUE self) -{ - bridge_t *bridge; - - Data_Get_Struct(self, bridge_t, bridge); - dumm->delete_bridge(dumm, bridge); - return Qnil; -} - -static void bridge_init() -{ - rbc_bridge = rb_define_class_under(rbm_dumm , "Bridge", rb_cObject); - rb_include_module(rb_class_of(rbc_bridge), rb_mEnumerable); - rb_include_module(rbc_bridge, rb_mEnumerable); - - rb_define_singleton_method(rbc_bridge, "[]", bridge_get, 1); - rb_define_singleton_method(rbc_bridge, "each", bridge_each, -1); - rb_define_singleton_method(rbc_bridge, "new", bridge_new, 1); - rb_define_singleton_method(rbc_bridge, "include?", bridge_find, 1); - rb_define_singleton_method(rbc_bridge, "bridge?", bridge_find, 1); - - rb_define_method(rbc_bridge, "to_s", bridge_to_s, 0); - rb_define_method(rbc_bridge, "each", bridge_each_iface, -1); - rb_define_method(rbc_bridge, "delete", bridge_delete, 0); -} - -/** - * Iface wrapper - */ -static VALUE iface_to_s(VALUE self) -{ - iface_t *iface; - - Data_Get_Struct(self, iface_t, iface); - return rb_str_new2(iface->get_hostif(iface)); -} - -static VALUE iface_connect(VALUE self, VALUE vbridge) -{ - iface_t *iface; - bridge_t *bridge; - - Data_Get_Struct(self, iface_t, iface); - Data_Get_Struct(vbridge, bridge_t, bridge); - if (!bridge->connect_iface(bridge, iface)) - { - rb_raise(rb_eRuntimeError, "connecting iface failed"); - } - return self; -} - -static VALUE iface_disconnect(VALUE self) -{ - iface_t *iface; - bridge_t *bridge; - - Data_Get_Struct(self, iface_t, iface); - bridge = iface->get_bridge(iface); - if (!bridge || !bridge->disconnect_iface(bridge, iface)) - { - rb_raise(rb_eRuntimeError, "disconnecting iface failed"); - } - return self; -} - -static VALUE iface_add_addr(VALUE self, VALUE name) -{ - iface_t *iface; - host_t *addr; - int bits; - - addr = host_create_from_subnet(StringValuePtr(name), &bits); - if (!addr) - { - rb_raise(rb_eArgError, "invalid IP address"); - } - Data_Get_Struct(self, iface_t, iface); - if (!iface->add_address(iface, addr, bits)) - { - addr->destroy(addr); - rb_raise(rb_eRuntimeError, "adding address failed"); - } - if (rb_block_given_p()) { - rb_yield(self); - iface->delete_address(iface, addr, bits); - } - addr->destroy(addr); - return self; -} - -static VALUE iface_each_addr(int argc, VALUE *argv, VALUE self) -{ - enumerator_t *enumerator; - linked_list_t *list; - iface_t *iface; - host_t *addr; - char buf[64], *fmt = "%H"; - - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - list = linked_list_create(); - Data_Get_Struct(self, iface_t, iface); - enumerator = iface->create_address_enumerator(iface); - while (enumerator->enumerate(enumerator, &addr)) - { - list->insert_last(list, addr->clone(addr)); - } - enumerator->destroy(enumerator); - while (list->remove_first(list, (void**)&addr) == SUCCESS) - { - snprintf(buf, sizeof(buf), fmt, addr); - addr->destroy(addr); - rb_yield(rb_str_new2(buf)); - } - list->destroy(list); - return self; -} - -static VALUE iface_del_addr(VALUE self, VALUE vaddr) -{ - iface_t *iface; - host_t *addr; - int bits; - - addr = host_create_from_subnet(StringValuePtr(vaddr), &bits); - if (!addr) - { - rb_raise(rb_eArgError, "invalid IP address"); - } - Data_Get_Struct(self, iface_t, iface); - if (!iface->delete_address(iface, addr, bits)) - { - addr->destroy(addr); - rb_raise(rb_eRuntimeError, "address not found"); - } - if (rb_block_given_p()) { - rb_yield(self); - iface->add_address(iface, addr, bits); - } - addr->destroy(addr); - return self; -} - -static VALUE iface_delete(VALUE self) -{ - guest_t *guest; - iface_t *iface; - - Data_Get_Struct(self, iface_t, iface); - guest = iface->get_guest(iface); - guest->destroy_iface(guest, iface); - return Qnil; -} - -static void iface_init() -{ - rbc_iface = rb_define_class_under(rbm_dumm , "Iface", rb_cObject); - rb_include_module(rbc_iface, rb_mEnumerable); - - rb_define_method(rbc_iface, "to_s", iface_to_s, 0); - rb_define_method(rbc_iface, "connect", iface_connect, 1); - rb_define_method(rbc_iface, "disconnect", iface_disconnect, 0); - rb_define_method(rbc_iface, "add", iface_add_addr, 1); - rb_define_method(rbc_iface, "del", iface_del_addr, 1); - rb_define_method(rbc_iface, "each", iface_each_addr, -1); - rb_define_method(rbc_iface, "delete", iface_delete, 0); -} - -static VALUE template_load(VALUE class, VALUE dir) -{ - if (!dumm->load_template(dumm, StringValuePtr(dir))) - { - rb_raise(rb_eRuntimeError, "loading template failed"); - } - return class; -} - -static VALUE template_unload(VALUE class) -{ - if (!dumm->load_template(dumm, NULL)) - { - rb_raise(rb_eRuntimeError, "unloading template failed"); - } - return class; -} - -static VALUE template_each(int argc, VALUE *argv, VALUE class) -{ - enumerator_t *enumerator; - char *template; - - if (!rb_block_given_p()) - { - rb_raise(rb_eArgError, "must be called with a block"); - } - enumerator = dumm->create_template_enumerator(dumm); - while (enumerator->enumerate(enumerator, &template)) - { - rb_yield(rb_str_new2(template)); - } - enumerator->destroy(enumerator); - return class; -} - -static void template_init() -{ - rbc_template = rb_define_class_under(rbm_dumm , "Template", rb_cObject); - rb_include_module(rb_class_of(rbc_template), rb_mEnumerable); - - rb_define_singleton_method(rbc_template, "load", template_load, 1); - rb_define_singleton_method(rbc_template, "unload", template_unload, 0); - rb_define_singleton_method(rbc_template, "each", template_each, -1); -} - -/** - * extension finalization - */ -void Final_dumm() -{ - struct sigaction action; - - dumm->destroy(dumm); - - sigemptyset(&action.sa_mask); - action.sa_handler = SIG_DFL; - action.sa_flags = 0; - sigaction(SIGCHLD, &action, NULL); - - library_deinit(); -} - -/** - * extension initialization - */ -void Init_dumm() -{ - struct sigaction action; - - /* there are too many to report, rubyruby... */ - setenv("LEAK_DETECTIVE_DISABLE", "1", 1); - - library_init(NULL, "dumm"); - - dumm = dumm_create(NULL); - - dumm_init(); - guest_init(); - bridge_init(); - iface_init(); - template_init(); - - sigemptyset(&action.sa_mask); - action.sa_sigaction = sigchld_handler; - action.sa_flags = SA_SIGINFO; - sigaction(SIGCHLD, &action, NULL); - - rb_set_end_proc(Final_dumm, 0); -} diff --git a/src/dumm/ext/extconf.rb.in b/src/dumm/ext/extconf.rb.in deleted file mode 100644 index 29df65ca7..000000000 --- a/src/dumm/ext/extconf.rb.in +++ /dev/null @@ -1,19 +0,0 @@ -# -# DUMM for Ruby -# - -require 'mkmf' - -$defs << " @DEFS@" -$CFLAGS << " -Wno-format -include \"@top_builddir@/config.h\"" - -dir_config('dumm', '@top_srcdir@/src/dumm', '../.libs') -dir_config('strongswan', '@top_srcdir@/src/libstrongswan', '../../libstrongswan/.libs') - -unless find_library('dumm', 'dumm_create') - puts "... failed: 'libdumm' not found!" - exit -end - -create_makefile('dumm', '@top_srcdir@/src/dumm/ext') - diff --git a/src/dumm/ext/lib/dumm.rb b/src/dumm/ext/lib/dumm.rb deleted file mode 100644 index 0dd7ada10..000000000 --- a/src/dumm/ext/lib/dumm.rb +++ /dev/null @@ -1,63 +0,0 @@ -=begin - Copyright (C) 2008-2009 Tobias Brunner - HSR Hochschule fuer Technik Rapperswil - - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 2 of the License, or (at your - option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - for more details. -=end - -require 'dumm.so' -require 'dumm/guest' - -module Dumm - - # use guest/bridge indentifiers directly - def method_missing(id, *args) - if Guest.guest? id - return Guest[id] - end - if Bridge.bridge? id - return Bridge[id] - end - super(id, *args) - end - - # shortcut for Template loading - def template(name = nil) - if name - Template.load name - else - Template.sort.each {|t| puts t } - end - return Dumm - end - - # unload template/overlays, reset all guests and delete bridges - def reset - Template.unload - Guest.each { |guest| - guest.reset - } - Bridge.each { |bridge| - bridge.delete - } - return Dumm - end - - # wait until all running guests have booted up - def boot - Guest.each {|g| - g.boot if g.running? - } - return Dumm - end -end - -# vim:sw=2 ts=2 et diff --git a/src/dumm/ext/lib/dumm/guest.rb b/src/dumm/ext/lib/dumm/guest.rb deleted file mode 100644 index 6978edcb3..000000000 --- a/src/dumm/ext/lib/dumm/guest.rb +++ /dev/null @@ -1,59 +0,0 @@ -=begin - Copyright (C) 2008-2010 Tobias Brunner - HSR Hochschule fuer Technik Rapperswil - - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 2 of the License, or (at your - option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - for more details. -=end - -module Dumm - class Guest - # accessor for guests - # e.g. Guest.sun instead of Guest["sun"] - def self.method_missing(id, *args) - unless guest? id - super(id, *args) - end - Guest[id] - end - - # accessor for interfaces - # e.g. guest.eth0 instead of guest["eth0"] - def method_missing(id, *args) - unless iface? id - super(id, *args) - end - self[id] - end - - # remove all overlays, delete all interfaces - def reset - while pop_overlay; end - each {|i| - i.delete - } - end - - # has the guest booted up? - def booted? - exec("pgrep getty") - execstatus == 0 - end - - # wait until the guest has booted - def boot - while not booted? - sleep(1) - end - end - end -end - -# vim:sw=2 ts=2 et diff --git a/src/dumm/guest.c b/src/dumm/guest.c deleted file mode 100644 index 327b86c63..000000000 --- a/src/dumm/guest.c +++ /dev/null @@ -1,682 +0,0 @@ -/* - * Copyright (C) 2008-2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <sys/uio.h> -#include <unistd.h> -#include <stdio.h> -#include <fcntl.h> -#include <signal.h> -#include <dirent.h> -#include <termios.h> -#include <stdarg.h> - -#include <utils/debug.h> -#include <collections/linked_list.h> - -#include "dumm.h" -#include "guest.h" -#include "mconsole.h" -#include "cowfs.h" - -#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) -#define PERM (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH) - -#define MASTER_DIR "master" -#define DIFF_DIR "diff" -#define UNION_DIR "union" -#define ARGS_FILE "args" -#define PID_FILE "pid" -#define KERNEL_FILE "linux" -#define LOG_FILE "boot.log" -#define NOTIFY_FILE "notify" -#define PTYS 0 - -typedef struct private_guest_t private_guest_t; - -struct private_guest_t { - /** implemented public interface */ - guest_t public; - /** name of the guest */ - char *name; - /** directory of guest */ - int dir; - /** directory name of guest */ - char *dirname; - /** additional args to pass to guest */ - char *args; - /** pid of guest child process */ - int pid; - /** state of guest */ - guest_state_t state; - /** FUSE cowfs instance */ - cowfs_t *cowfs; - /** mconsole to control running UML */ - mconsole_t *mconsole; - /** list of interfaces attached to the guest */ - linked_list_t *ifaces; -}; - -ENUM(guest_state_names, GUEST_STOPPED, GUEST_STOPPING, - "STOPPED", - "STARTING", - "RUNNING", - "PAUSED", - "STOPPING", -); - -METHOD(guest_t, get_name, char*, - private_guest_t *this) -{ - return this->name; -} - -METHOD(guest_t, create_iface, iface_t*, - private_guest_t *this, char *name) -{ - enumerator_t *enumerator; - iface_t *iface; - - if (this->state != GUEST_RUNNING) - { - DBG1(DBG_LIB, "guest '%s' not running, unable to add interface", - this->name); - return NULL; - } - - enumerator = this->ifaces->create_enumerator(this->ifaces); - while (enumerator->enumerate(enumerator, (void**)&iface)) - { - if (streq(name, iface->get_guestif(iface))) - { - DBG1(DBG_LIB, "guest '%s' already has an interface '%s'", - this->name, name); - enumerator->destroy(enumerator); - return NULL; - } - } - enumerator->destroy(enumerator); - - iface = iface_create(name, &this->public, this->mconsole); - if (iface) - { - this->ifaces->insert_last(this->ifaces, iface); - } - return iface; -} - -METHOD(guest_t, destroy_iface, void, - private_guest_t *this, iface_t *iface) -{ - enumerator_t *enumerator; - iface_t *current; - - enumerator = this->ifaces->create_enumerator(this->ifaces); - while (enumerator->enumerate(enumerator, (void**)¤t)) - { - if (current == iface) - { - this->ifaces->remove_at(this->ifaces, enumerator); - current->destroy(current); - break; - } - } - enumerator->destroy(enumerator); -} - -METHOD(guest_t, create_iface_enumerator, enumerator_t*, - private_guest_t *this) -{ - return this->ifaces->create_enumerator(this->ifaces); -} - -METHOD(guest_t, get_state, guest_state_t, - private_guest_t *this) -{ - return this->state; -} - -METHOD(guest_t, get_pid, pid_t, - private_guest_t *this) -{ - return this->pid; -} - -/** - * write format string to a buffer, and advance buffer position - */ -static char* write_arg(char **pos, size_t *left, char *format, ...) -{ - size_t len; - char *res = NULL; - va_list args; - - va_start(args, format); - len = vsnprintf(*pos, *left, format, args); - va_end(args); - if (len < *left) - { - res = *pos; - len++; - *pos += len + 1; - *left -= len + 1; - } - return res; -} - -METHOD(guest_t, stop, void, - private_guest_t *this, idle_function_t idle) -{ - if (this->state != GUEST_STOPPED) - { - this->state = GUEST_STOPPING; - this->ifaces->destroy_offset(this->ifaces, offsetof(iface_t, destroy)); - this->ifaces = linked_list_create(); - kill(this->pid, SIGINT); - while (this->state != GUEST_STOPPED) - { - if (idle) - { - idle(); - } - else - { - usleep(50000); - } - } - unlinkat(this->dir, PID_FILE, 0); - this->pid = 0; - } -} - -/** - * save pid in file - */ -void savepid(private_guest_t *this) -{ - FILE *file; - - file = fdopen(openat(this->dir, PID_FILE, O_RDWR | O_CREAT | O_TRUNC, - PERM), "w"); - if (file) - { - fprintf(file, "%d", this->pid); - fclose(file); - } -} - -METHOD(guest_t, start, bool, - private_guest_t *this, invoke_function_t invoke, void* data, - idle_function_t idle) -{ - char buf[2048]; - char *notify; - char *pos = buf; - char *args[32]; - int i = 0; - size_t left = sizeof(buf); - - memset(args, 0, sizeof(args)); - - if (this->state != GUEST_STOPPED) - { - DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names, - this->state); - return FALSE; - } - this->state = GUEST_STARTING; - - notify = write_arg(&pos, &left, "%s/%s", this->dirname, NOTIFY_FILE); - - args[i++] = write_arg(&pos, &left, "nice"); - args[i++] = write_arg(&pos, &left, "%s/%s", this->dirname, KERNEL_FILE); - args[i++] = write_arg(&pos, &left, "root=/dev/root"); - args[i++] = write_arg(&pos, &left, "rootfstype=hostfs"); - args[i++] = write_arg(&pos, &left, "rootflags=%s/%s", this->dirname, UNION_DIR); - args[i++] = write_arg(&pos, &left, "uml_dir=%s", this->dirname); - args[i++] = write_arg(&pos, &left, "umid=%s", this->name); - args[i++] = write_arg(&pos, &left, "mconsole=notify:%s", notify); - args[i++] = write_arg(&pos, &left, "con=null"); - if (this->args) - { - args[i++] = this->args; - } - - this->pid = invoke(data, &this->public, args, i); - if (!this->pid) - { - this->state = GUEST_STOPPED; - return FALSE; - } - savepid(this); - - /* open mconsole */ - this->mconsole = mconsole_create(notify, idle); - if (this->mconsole == NULL) - { - DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf); - stop(this, NULL); - return FALSE; - } - - this->state = GUEST_RUNNING; - return TRUE; -} - -METHOD(guest_t, add_overlay, bool, - private_guest_t *this, char *path) -{ - if (path == NULL) - { - return FALSE; - } - - if (access(path, F_OK) != 0) - { - if (!mkdir_p(path, PERME)) - { - DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m", - this->name); - return FALSE; - } - } - - return this->cowfs->add_overlay(this->cowfs, path); -} - -METHOD(guest_t, del_overlay, bool, - private_guest_t *this, char *path) -{ - return this->cowfs->del_overlay(this->cowfs, path); -} - -METHOD(guest_t, pop_overlay, bool, - private_guest_t *this) -{ - return this->cowfs->pop_overlay(this->cowfs); -} - -/** - * Variadic version of the exec function - */ -static int vexec(private_guest_t *this, void(*cb)(void*,char*,size_t), void *data, - char *cmd, va_list args) -{ - char buf[1024]; - size_t len; - - if (this->mconsole) - { - len = vsnprintf(buf, sizeof(buf), cmd, args); - - if (len > 0 && len < sizeof(buf)) - { - return this->mconsole->exec(this->mconsole, cb, data, buf); - } - } - return -1; -} - -METHOD(guest_t, exec, int, - private_guest_t *this, void(*cb)(void*,char*,size_t), void *data, - char *cmd, ...) -{ - int res; - va_list args; - va_start(args, cmd); - res = vexec(this, cb, data, cmd, args); - va_end(args); - return res; -} - -typedef struct { - chunk_t buf; - void (*cb)(void*,char*); - void *data; -} exec_str_t; - -/** - * callback that combines chunks to a string. if a callback is given, the string - * is split at newlines and the callback is called for each line. - */ -static void exec_str_cb(exec_str_t *data, char *buf, size_t len) -{ - if (!data->buf.ptr) - { - data->buf = chunk_alloc(len + 1); - memcpy(data->buf.ptr, buf, len); - data->buf.ptr[len] = '\0'; - } - else - { - size_t newlen = strlen(data->buf.ptr) + len + 1; - if (newlen > data->buf.len) - { - data->buf.ptr = realloc(data->buf.ptr, newlen); - data->buf.len = newlen; - } - strncat(data->buf.ptr, buf, len); - } - - if (data->cb) - { - char *nl; - while ((nl = strchr(data->buf.ptr, '\n')) != NULL) - { - *nl++ = '\0'; - data->cb(data->data, data->buf.ptr); - memmove(data->buf.ptr, nl, strlen(nl) + 1); - } - } -} - -METHOD(guest_t, exec_str, int, - private_guest_t *this, void(*cb)(void*,char*), bool lines, void *data, - char *cmd, ...) -{ - int res; - va_list args; - va_start(args, cmd); - if (cb) - { - exec_str_t exec = { chunk_empty, NULL, NULL }; - if (lines) - { - exec.cb = cb; - exec.data = data; - } - res = vexec(this, (void(*)(void*,char*,size_t))exec_str_cb, &exec, cmd, args); - if (exec.buf.ptr) - { - if (!lines || strlen(exec.buf.ptr) > 0) - { - /* return the complete string or the remaining stuff in the - * buffer (i.e. when there was no newline at the end) */ - cb(data, exec.buf.ptr); - } - chunk_free(&exec.buf); - } - } - else - { - res = vexec(this, NULL, NULL, cmd, args); - } - va_end(args); - return res; -} - -METHOD(guest_t, sigchild, void, - private_guest_t *this) -{ - DESTROY_IF(this->mconsole); - this->mconsole = NULL; - this->state = GUEST_STOPPED; -} - -/** - * umount the union filesystem - */ -static bool umount_unionfs(private_guest_t *this) -{ - if (this->cowfs) - { - this->cowfs->destroy(this->cowfs); - this->cowfs = NULL; - return TRUE; - } - return FALSE; -} - -/** - * mount the union filesystem - */ -static bool mount_unionfs(private_guest_t *this) -{ - char master[PATH_MAX]; - char diff[PATH_MAX]; - char mount[PATH_MAX]; - - if (this->cowfs == NULL) - { - snprintf(master, sizeof(master), "%s/%s", this->dirname, MASTER_DIR); - snprintf(diff, sizeof(diff), "%s/%s", this->dirname, DIFF_DIR); - snprintf(mount, sizeof(mount), "%s/%s", this->dirname, UNION_DIR); - - this->cowfs = cowfs_create(master, diff, mount); - if (this->cowfs) - { - return TRUE; - } - } - return FALSE; -} - -/** - * load args configuration from file - */ -char *loadargs(private_guest_t *this) -{ - FILE *file; - char buf[512], *args = NULL; - - file = fdopen(openat(this->dir, ARGS_FILE, O_RDONLY, PERM), "r"); - if (file) - { - if (fgets(buf, sizeof(buf), file)) - { - args = strdup(buf); - } - fclose(file); - } - return args; -} - -/** - * save args configuration to file - */ -bool saveargs(private_guest_t *this, char *args) -{ - FILE *file; - bool retval = FALSE; - - file = fdopen(openat(this->dir, ARGS_FILE, O_RDWR | O_CREAT | O_TRUNC, - PERM), "w"); - if (file) - { - if (fprintf(file, "%s", args) > 0) - { - retval = TRUE; - } - fclose(file); - } - return retval; -} - -METHOD(guest_t, destroy, void, - private_guest_t *this) -{ - stop(this, NULL); - umount_unionfs(this); - if (this->dir > 0) - { - close(this->dir); - } - this->ifaces->destroy(this->ifaces); - free(this->dirname); - free(this->args); - free(this->name); - free(this); -} - -/** - * generic guest constructor - */ -static private_guest_t *guest_create_generic(char *parent, char *name, - bool create) -{ - char cwd[PATH_MAX]; - private_guest_t *this; - - INIT(this, - .public = { - .get_name = _get_name, - .get_pid = _get_pid, - .get_state = _get_state, - .create_iface = _create_iface, - .destroy_iface = _destroy_iface, - .create_iface_enumerator = _create_iface_enumerator, - .start = _start, - .stop = _stop, - .add_overlay = _add_overlay, - .del_overlay = _del_overlay, - .pop_overlay = _pop_overlay, - .exec = _exec, - .exec_str = _exec_str, - .sigchild = _sigchild, - .destroy = _destroy, - } - ); - - if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL) - { - if (asprintf(&this->dirname, "%s/%s", parent, name) < 0) - { - this->dirname = NULL; - } - } - else - { - if (asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name) < 0) - { - this->dirname = NULL; - } - } - if (this->dirname == NULL) - { - free(this); - return NULL; - } - if (create) - { - mkdir(this->dirname, PERME); - } - this->dir = open(this->dirname, O_DIRECTORY, PERME); - if (this->dir < 0) - { - DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname); - free(this->dirname); - free(this); - return NULL; - } - this->state = GUEST_STOPPED; - this->ifaces = linked_list_create(); - this->name = strdup(name); - - return this; -} - -/** - * create a symlink to old called new in our working dir - */ -static bool make_symlink(private_guest_t *this, char *old, char *new) -{ - char cwd[PATH_MAX]; - char buf[PATH_MAX]; - - if (*old == '/' || getcwd(cwd, sizeof(cwd)) == NULL) - { - snprintf(buf, sizeof(buf), "%s", old); - } - else - { - snprintf(buf, sizeof(buf), "%s/%s", cwd, old); - } - return symlinkat(buf, this->dir, new) == 0; -} - - -/** - * create the guest instance, including required dirs and mounts - */ -guest_t *guest_create(char *parent, char *name, char *kernel, - char *master, char *args) -{ - private_guest_t *this = guest_create_generic(parent, name, TRUE); - - if (this == NULL) - { - return NULL; - } - - if (!make_symlink(this, master, MASTER_DIR) || - !make_symlink(this, kernel, KERNEL_FILE)) - { - DBG1(DBG_LIB, "creating master/kernel symlink failed: %m"); - destroy(this); - return NULL; - } - - if (mkdirat(this->dir, UNION_DIR, PERME) != 0 || - mkdirat(this->dir, DIFF_DIR, PERME) != 0) - { - DBG1(DBG_LIB, "unable to create directories for '%s': %m", name); - destroy(this); - return NULL; - } - - this->args = args; - if (args && !saveargs(this, args)) - { - destroy(this); - return NULL; - } - - if (!mount_unionfs(this)) - { - destroy(this); - return NULL; - } - - return &this->public; -} - -/** - * load an already created guest - */ -guest_t *guest_load(char *parent, char *name) -{ - private_guest_t *this = guest_create_generic(parent, name, FALSE); - - if (this == NULL) - { - return NULL; - } - - this->args = loadargs(this); - - if (!mount_unionfs(this)) - { - destroy(this); - return NULL; - } - - return &this->public; -} - diff --git a/src/dumm/guest.h b/src/dumm/guest.h deleted file mode 100644 index 14c7272d0..000000000 --- a/src/dumm/guest.h +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (C) 2008-2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef GUEST_H -#define GUEST_H - -#include <library.h> -#include <collections/enumerator.h> - -typedef enum guest_state_t guest_state_t; -typedef struct guest_t guest_t; - -#include "iface.h" - -/** - * State of a guest (started, stopped, ...) - */ -enum guest_state_t { - /** guest kernel not running at all */ - GUEST_STOPPED, - /** kernel started, but not yet available */ - GUEST_STARTING, - /** guest is up and running */ - GUEST_RUNNING, - /** guest has been paused */ - GUEST_PAUSED, - /** guest is stopping (shutting down) */ - GUEST_STOPPING, -}; - -/** - * string mappings for guest_state_t - */ -extern enum_name_t *guest_state_names; - -/** - * Invoke function which launches the UML guest. - * - * Consoles are all set to NULL, you may change them by adding additional UML - * options to args before invocation. - * - * @param data callback data - * @param guest guest to start - * @param args args to use for guest invocation, args[0] is kernel - * @param argc number of elements in args - * @param idle - * @return PID of child, 0 if failed - */ -typedef pid_t (*invoke_function_t)(void *data, guest_t *guest, - char *args[], int argc); - -/** - * Idle function to pass to start(). - */ -typedef void (*idle_function_t)(void); - -/** - * A guest is a UML instance running on the host. - **/ -struct guest_t { - - /** - * Get the name of this guest. - * - * @return name of the guest - */ - char* (*get_name) (guest_t *this); - - /** - * Get the process ID of the guest child process. - * - * @return name of the guest - */ - pid_t (*get_pid) (guest_t *this); - - /** - * Get the state of the guest (stopped, started, etc.). - * - * @return guests state - */ - guest_state_t (*get_state)(guest_t *this); - - /** - * Start the guest. - * - * @param invoke UML guest invocation function - * @param data data to pass back to invoke function - * @param idle idle function to call while waiting on child - * @return TRUE if guest successfully started - */ - bool (*start) (guest_t *this, invoke_function_t invoke, void *data, - idle_function_t idle); - - /** - * Kill the guest. - * - * @param idle idle function to call while waiting to termination - */ - void (*stop) (guest_t *this, idle_function_t idle); - - /** - * Create a new interface in the current scenario. - * - * @param name name of the interface in the guest - * @return created interface, or NULL if failed - */ - iface_t* (*create_iface)(guest_t *this, char *name); - - /** - * Destroy an interface on guest. - * - * @param iface interface to destroy - */ - void (*destroy_iface)(guest_t *this, iface_t *iface); - - /** - * Create an enumerator over all guest interfaces. - * - * @return enumerator over iface_t's - */ - enumerator_t* (*create_iface_enumerator)(guest_t *this); - - /** - * Adds a COWFS overlay. The directory is created if it does not exist. - * - * @param dir directory where overlay diff should point to - * @return FALSE, if failed - */ - bool (*add_overlay)(guest_t *this, char *dir); - - /** - * Removes the specified COWFS overlay. - * - * @param dir directory where overlay diff points to - * @return FALSE, if no found - */ - bool (*del_overlay)(guest_t *this, char *dir); - - /** - * Removes the latest COWFS overlay. - * - * @return FALSE, if no overlay was found - */ - bool (*pop_overlay)(guest_t *this); - - /** - * Execute a command on the guests mconsole. - * - * @param cb callback to call for each read block - * @param data data to pass to callback - * @param cmd command to execute - * @param ... printf style argument list for cmd - * @return return value - */ - int (*exec)(guest_t *this, void(*cb)(void*,char*,size_t), void *data, - char *cmd, ...); - - /** - * Execute a command on the guests mconsole, with output formatter. - * - * If lines is TRUE, callback is invoked for each output line. Otherwise - * the full result is returned in one callback invocation. - * - * @note This function does not work with binary output. - * - * @param cb callback to call for each line or for the complete output - * @param lines TRUE if the callback should be called for each line - * @param data data to pass to callback - * @param cmd command to execute - * @param ... printf style argument list for cmd - * @return return value - */ - int (*exec_str)(guest_t *this, void(*cb)(void*,char*), bool lines, - void *data, char *cmd, ...); - - /** - * Called whenever a SIGCHILD for the guests PID is received. - */ - void (*sigchild)(guest_t *this); - - /** - * Close and destroy a guest with all interfaces - */ - void (*destroy) (guest_t *this); -}; - -/** - * Create a new, unstarted guest. - * - * @param parent parent directory to create the guest in - * @param name name of the guest to create - * @param kernel kernel this guest uses - * @param master read-only master filesystem for guest - * @param args additional args to pass to kernel - * @param mem amount of memory to give the guest - */ -guest_t *guest_create(char *parent, char *name, char *kernel, - char *master, char *args); - -/** - * Load a guest created with guest_create(). - * - * @param parent parent directory to look for a guest - * @param name name of the guest directory - */ -guest_t *guest_load(char *parent, char *name); - -#endif /* GUEST_H */ - diff --git a/src/dumm/iface.c b/src/dumm/iface.c deleted file mode 100644 index 3642ed8a2..000000000 --- a/src/dumm/iface.c +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * Copyright (C) 2002 Jeff Dike - * - * Based on the "tunctl" utility from Jeff Dike. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> -#include <stdio.h> -#include <net/if.h> -#include <sys/ioctl.h> -#include <linux/if_tun.h> - -#include <utils/debug.h> -#include <collections/linked_list.h> - -#include "iface.h" - -typedef struct private_iface_t private_iface_t; - -struct private_iface_t { - /** public interface */ - iface_t public; - /** device name in guest (eth0) */ - char *guestif; - /** device name at host (tap0) */ - char *hostif; - /** bridge this interface is attached to */ - bridge_t *bridge; - /** guest this interface is attached to */ - guest_t *guest; - /** mconsole for guest */ - mconsole_t *mconsole; -}; - -/** - * bring an interface up or down (host side) - */ -bool iface_control(char *name, bool up) -{ - int s; - bool good = FALSE; - struct ifreq ifr; - - memset(&ifr, 0, sizeof(struct ifreq)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); - - s = socket(AF_INET, SOCK_DGRAM, 0); - if (!s) - { - return FALSE; - } - if (ioctl(s, SIOCGIFFLAGS, &ifr) == 0) - { - if (up) - { - ifr.ifr_flags |= IFF_UP; - } - else - { - ifr.ifr_flags &= ~IFF_UP; - } - if (ioctl(s, SIOCSIFFLAGS, &ifr) == 0) - { - good = TRUE; - } - } - close(s); - return good; -} - -METHOD(iface_t, get_guestif, char*, - private_iface_t *this) -{ - return this->guestif; -} - -METHOD(iface_t, get_hostif, char*, - private_iface_t *this) -{ - return this->hostif; -} - -METHOD(iface_t, add_address, bool, - private_iface_t *this, host_t *addr, int bits) -{ - return (this->guest->exec(this->guest, NULL, NULL, - "exec ip addr add %H/%d dev %s", addr, bits, this->guestif) == 0); -} - -/** - * compile a list of the addresses of an interface - */ -static void compile_address_list(linked_list_t *list, char *address) -{ - host_t *host = host_create_from_string(address, 0); - if (host) - { - list->insert_last(list, host); - } -} - -/** - * delete the list of addresses - */ -static void destroy_address_list(linked_list_t *list) -{ - list->destroy_offset(list, offsetof(host_t, destroy)); -} - -METHOD(iface_t, create_address_enumerator, enumerator_t*, - private_iface_t *this) -{ - linked_list_t *addresses = linked_list_create(); - this->guest->exec_str(this->guest, (void(*)(void*,char*))compile_address_list, - TRUE, addresses, - "exec ip addr list dev %s scope global | " - "grep '^ \\+\\(inet6\\? \\)' | " - "awk -F '( +|/)' '{ print $3 }'", this->guestif); - return enumerator_create_cleaner(addresses->create_enumerator(addresses), - (void(*)(void*))destroy_address_list, addresses); -} - -METHOD(iface_t, delete_address, bool, - private_iface_t *this, host_t *addr, int bits) -{ - return (this->guest->exec(this->guest, NULL, NULL, - "exec ip addr del %H/%d dev %s", addr, bits, this->guestif) == 0); -} - -METHOD(iface_t, set_bridge, void, - private_iface_t *this, bridge_t *bridge) -{ - if (this->bridge == NULL && bridge) - { - this->guest->exec(this->guest, NULL, NULL, - "exec ip link set %s up", this->guestif); - } - else if (this->bridge && bridge == NULL) - { - this->guest->exec(this->guest, NULL, NULL, - "exec ip link set %s down", this->guestif); - } - this->bridge = bridge; -} - -METHOD(iface_t, get_bridge, bridge_t*, - private_iface_t *this) -{ - return this->bridge; -} - -METHOD(iface_t, get_guest, guest_t*, - private_iface_t *this) -{ - return this->guest; -} - -/** - * destroy the tap device - */ -static bool destroy_tap(private_iface_t *this) -{ - struct ifreq ifr; - int tap; - - if (!iface_control(this->hostif, FALSE)) - { - DBG1(DBG_LIB, "bringing iface down failed: %m"); - } - memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - strncpy(ifr.ifr_name, this->hostif, sizeof(ifr.ifr_name) - 1); - - tap = open(TAP_DEVICE, O_RDWR); - if (tap < 0) - { - DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE); - return FALSE; - } - if (ioctl(tap, TUNSETIFF, &ifr) < 0 || - ioctl(tap, TUNSETPERSIST, 0) < 0) - { - DBG1(DBG_LIB, "removing %s failed: %m", this->hostif); - close(tap); - return FALSE; - } - close(tap); - return TRUE; -} - -/** - * create the tap device - */ -static char* create_tap(private_iface_t *this) -{ - struct ifreq ifr; - int tap; - - memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s-%s", - this->guest->get_name(this->guest), this->guestif); - - tap = open(TAP_DEVICE, O_RDWR); - if (tap < 0) - { - DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE); - return NULL; - } - if (ioctl(tap, TUNSETIFF, &ifr) < 0 || - ioctl(tap, TUNSETPERSIST, 1) < 0 || - ioctl(tap, TUNSETOWNER, 0)) - { - DBG1(DBG_LIB, "creating new tap device failed: %m"); - close(tap); - return NULL; - } - close(tap); - return strdup(ifr.ifr_name); -} - -METHOD(iface_t, destroy, void, - private_iface_t *this) -{ - if (this->bridge) - { - this->bridge->disconnect_iface(this->bridge, &this->public); - } - /* TODO: iface mgmt is not blocking yet, so wait some ticks */ - usleep(50000); - this->mconsole->del_iface(this->mconsole, this->guestif); - destroy_tap(this); - free(this->guestif); - free(this->hostif); - free(this); -} - -/** - * create the iface instance - */ -iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole) -{ - private_iface_t *this; - - INIT(this, - .public = { - .get_hostif = _get_hostif, - .get_guestif = _get_guestif, - .add_address = _add_address, - .create_address_enumerator = _create_address_enumerator, - .delete_address = _delete_address, - .set_bridge = _set_bridge, - .get_bridge = _get_bridge, - .get_guest = _get_guest, - .destroy = _destroy, - }, - .mconsole = mconsole, - .guestif = strdup(name), - .guest = guest, - ); - this->hostif = create_tap(this); - if (this->hostif == NULL) - { - destroy_tap(this); - free(this->guestif); - free(this); - return NULL; - } - if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif)) - { - DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif); - destroy_tap(this); - free(this->guestif); - free(this->hostif); - free(this); - return NULL; - } - if (!iface_control(this->hostif, TRUE)) - { - DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif); - } - return &this->public; -} - diff --git a/src/dumm/iface.h b/src/dumm/iface.h deleted file mode 100644 index e6e8775a0..000000000 --- a/src/dumm/iface.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef IFACE_H -#define IFACE_H - -#include <library.h> -#include <collections/enumerator.h> -#include <networking/host.h> - -#define TAP_DEVICE "/dev/net/tun" - -typedef struct iface_t iface_t; - -#include "mconsole.h" -#include "bridge.h" -#include "guest.h" - -/** - * Interface in a guest, connected to a tap device on the host. - */ -struct iface_t { - - /** - * Get the interface name in the guest (e.g. eth0). - * - * @return guest interface name - */ - char* (*get_guestif)(iface_t *this); - - /** - * Get the interface name at the host (e.g. tap0). - * - * @return host interface (tap device) name - */ - char* (*get_hostif)(iface_t *this); - - /** - * Add an address to the interface. - * - * @param addr address to add to the interface - * @param bits network prefix length in bits - * @return TRUE if address added - */ - bool (*add_address)(iface_t *this, host_t *addr, int bits); - - /** - * Create an enumerator over all installed addresses. - * - * @return enumerator over host_t* - */ - enumerator_t* (*create_address_enumerator)(iface_t *this); - - /** - * Remove an address from an interface. - * - * @note The network prefix length has to be the same as used in add_address - * - * @param addr address to remove - * @param bits network prefix length in bits - * @return TRUE if address removed - */ - bool (*delete_address)(iface_t *this, host_t *addr, int bits); - - /** - * Set the bridge this interface is attached to. - * - * @param bridge assigned bridge, or NULL for none - */ - void (*set_bridge)(iface_t *this, bridge_t *bridge); - - /** - * Get the bridge this iface is connected, or NULL. - * - * @return connected bridge, or NULL - */ - bridge_t* (*get_bridge)(iface_t *this); - - /** - * Get the guest this iface belongs to. - * - * @return guest of this iface - */ - guest_t* (*get_guest)(iface_t *this); - - /** - * Destroy an interface - */ - void (*destroy) (iface_t *this); -}; - -/** - * Create a new interface for a guest - * - * @param name name of the interface in the guest - * @param guest guest this iface is connecting - * @param mconsole mconsole of guest - * @return interface descriptor, or NULL if failed - */ -iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole); - -#endif /* IFACE_H */ - diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c deleted file mode 100644 index eb61da2c2..000000000 --- a/src/dumm/irdumm.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#undef PACKAGE_NAME -#undef PACKAGE_TARNAME -#undef PACKAGE_VERSION -#undef PACKAGE_STRING -#undef PACKAGE_BUGREPORT -#undef PACKAGE_URL -#undef HAVE_DLADDR -#undef HAVE_QSORT_R -#include <ruby.h> - -#ifdef HAVE_RB_ERRINFO -#define ruby_errinfo rb_errinfo() -#endif - -/** - * main routine, parses args and reads from console - */ -int main(int argc, char *argv[]) -{ - int state, i; - char buf[512]; - - ruby_init(); - ruby_init_loadpath(); - - rb_eval_string_protect("require 'dumm' and include Dumm", &state); - if (state) - { - rb_p(ruby_errinfo); - printf("Please install the ruby extension first!\n"); - } - for (i = 1; i < argc; i++) - { - snprintf(buf, sizeof(buf), "load \"%s\"", argv[i]); - printf("%s\n", buf); - rb_eval_string_protect(buf, &state); - if (state) - { - rb_p(ruby_errinfo); - } - } - rb_require("irb"); - rb_require("irb/completion"); - rb_eval_string_protect("IRB.start", &state); - if (state) - { - rb_p(ruby_errinfo); - } - - ruby_finalize(); - return 0; -} - diff --git a/src/dumm/main.c b/src/dumm/main.c deleted file mode 100644 index 1b5bef736..000000000 --- a/src/dumm/main.c +++ /dev/null @@ -1,629 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "dumm.h" - -#include <collections/linked_list.h> - -#include <sys/types.h> -#include <unistd.h> -#include <sched.h> - -#include <glib.h> -#include <gtk/gtk.h> -#include <vte/vte.h> -#include <vte/reaper.h> - -/** - * notebook page with vte and guest - */ -typedef struct { - gint num; - GtkWidget *vte; - guest_t *guest; -} page_t; - -/** - * Main window - */ -GtkWidget *window; - -/** - * notebook with guests, vtes - */ -GtkWidget *notebook; - -/** - * dumm context - */ -dumm_t *dumm; - -/** - * pages in notebook, page_t - */ -linked_list_t *pages; - -/** - * handle guest termination, SIGCHILD - */ -static void child_exited(VteReaper *vtereaper, gint pid, gint status) -{ - enumerator_t *enumerator; - page_t *page; - - enumerator = pages->create_enumerator(pages); - while (enumerator->enumerate(enumerator, (void**)&page)) - { - if (page->guest->get_pid(page->guest) == pid) - { - page->guest->sigchild(page->guest); - vte_terminal_feed(VTE_TERMINAL(page->vte), - "\n\r--- guest terminated ---\n\r", -1); - break; - } - } - enumerator->destroy(enumerator); -} - -static page_t* get_page(int num) -{ - enumerator_t *enumerator; - page_t *page, *found = NULL; - - enumerator = pages->create_enumerator(pages); - while (enumerator->enumerate(enumerator, (void**)&page)) - { - if (page->num == num) - { - found = page; - break; - } - } - enumerator->destroy(enumerator); - return found; -} - -/** - * Guest invocation callback - */ -static pid_t invoke(void *vte, guest_t *guest, - char *args[], int argc) -{ - GPid pid; - - if (vte_terminal_fork_command_full(VTE_TERMINAL(vte), - VTE_PTY_NO_LASTLOG | VTE_PTY_NO_UTMP | VTE_PTY_NO_WTMP, - NULL, args, NULL, - G_SPAWN_CHILD_INHERITS_STDIN | G_SPAWN_SEARCH_PATH, - NULL, NULL, &pid, NULL)) - { - return pid; - } - return 0; -} - -void idle(void) -{ - gtk_main_iteration_do(FALSE); - sched_yield(); -} - -static void start_guest() -{ - page_t *page; - - page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); - if (page && page->guest->get_state(page->guest) == GUEST_STOPPED) - { - vte_terminal_feed(VTE_TERMINAL(page->vte), - "--- starting guest ---\n\r", -1); - page->guest->start(page->guest, invoke, VTE_TERMINAL(page->vte), idle); - } -} - -static void start_all_guests() -{ - enumerator_t *enumerator; - page_t *page; - - enumerator = pages->create_enumerator(pages); - while (enumerator->enumerate(enumerator, (void**)&page)) - { - if (page->guest->get_state(page->guest) == GUEST_STOPPED) - { - vte_terminal_feed(VTE_TERMINAL(page->vte), - "--- starting all guests ---\n\r", -1); - page->guest->start(page->guest, invoke, - VTE_TERMINAL(page->vte), idle); - } - } - enumerator->destroy(enumerator); -} - -static void stop_guest() -{ - page_t *page; - - page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); - if (page && page->guest->get_state(page->guest) == GUEST_RUNNING) - { - page->guest->stop(page->guest, idle); - } -} - -/** - * quit signal handler - */ -static void quit() -{ - enumerator_t *enumerator; - page_t *page; - - dumm->load_template(dumm, NULL); - - enumerator = pages->create_enumerator(pages); - while (enumerator->enumerate(enumerator, &page)) - { - if (page->guest->get_state(page->guest) != GUEST_STOPPED) - { - page->guest->stop(page->guest, idle); - } - } - enumerator->destroy(enumerator); - gtk_main_quit(); -} - -static void error_dialog(char *msg) -{ - GtkWidget *error; - - error = gtk_message_dialog_new(GTK_WINDOW(window), - GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, - GTK_BUTTONS_CLOSE, msg); - gtk_dialog_run(GTK_DIALOG(error)); - gtk_widget_destroy(error); -} - -static void create_switch() -{ - GtkWidget *dialog, *table, *label, *name; - bridge_t *bridge; - - dialog = gtk_dialog_new_with_buttons("Create new switch", GTK_WINDOW(window), - GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, - GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, - GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - - table = gtk_table_new(1, 2, TRUE); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - - label = gtk_label_new("Switch name"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); - gtk_widget_show(label); - - name = gtk_entry_new(); - gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(name); - - gtk_widget_show(table); - - while (TRUE) - { - switch (gtk_dialog_run(GTK_DIALOG(dialog))) - { - case GTK_RESPONSE_ACCEPT: - { - if (streq(gtk_entry_get_text(GTK_ENTRY(name)), "")) - { - continue; - } - bridge = dumm->create_bridge(dumm, - (char*)gtk_entry_get_text(GTK_ENTRY(name))); - if (!bridge) - { - error_dialog("creating bridge failed!"); - continue; - } - break; - } - default: - break; - } - break; - } - gtk_widget_destroy(dialog); -} - -static void delete_switch() -{ - -} - -static void connect_guest() -{ - page_t *page; - GtkWidget *dialog, *table, *label, *name, *box; - bridge_t *bridge; - iface_t *iface; - enumerator_t *enumerator; - - page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); - if (!page || page->guest->get_state(page->guest) != GUEST_RUNNING) - { - return; - } - - dialog = gtk_dialog_new_with_buttons("Connect guest", GTK_WINDOW(window), - GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, - GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, - GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - - table = gtk_table_new(2, 2, TRUE); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - - label = gtk_label_new("Interface name"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); - gtk_widget_show(label); - - name = gtk_entry_new(); - gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(name); - - label = gtk_label_new("Connected switch"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0); - gtk_widget_show(label); - - box = gtk_combo_box_new_text(); - gtk_table_attach(GTK_TABLE(table), box, 1, 2, 1, 2, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - enumerator = dumm->create_bridge_enumerator(dumm); - while (enumerator->enumerate(enumerator, &bridge)) - { - gtk_combo_box_append_text(GTK_COMBO_BOX(box), bridge->get_name(bridge)); - } - enumerator->destroy(enumerator); - gtk_widget_show(box); - - gtk_widget_show(table); - - while (TRUE) - { - switch (gtk_dialog_run(GTK_DIALOG(dialog))) - { - case GTK_RESPONSE_ACCEPT: - { - if (streq(gtk_entry_get_text(GTK_ENTRY(name)), "")) - { - continue; - } - - iface = page->guest->create_iface(page->guest, - (char*)gtk_entry_get_text(GTK_ENTRY(name))); - if (!iface) - { - error_dialog("creating interface failed!"); - continue; - } - enumerator = dumm->create_bridge_enumerator(dumm); - while (enumerator->enumerate(enumerator, &bridge)) - { - if (!bridge->connect_iface(bridge, iface)) - { - error_dialog("connecting interface failed!"); - } - break; - } - enumerator->destroy(enumerator); - break; - } - default: - break; - } - break; - } - gtk_widget_destroy(dialog); -} - -static void disconnect_guest() -{ - -} - -static void delete_guest() -{ - page_t *page; - - page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); - if (page) - { - page->guest->stop(page->guest, idle); - dumm->delete_guest(dumm, page->guest); - gtk_notebook_remove_page(GTK_NOTEBOOK(notebook), page->num); - pages->remove(pages, page, NULL); - g_free(page); - } -} - -/** - * create a new page for a guest - */ -static page_t* create_page(guest_t *guest) -{ - GtkWidget *label; - page_t *page; - - page = g_new(page_t, 1); - page->guest = guest; - page->vte = vte_terminal_new(); - label = gtk_label_new(guest->get_name(guest)); - page->num = gtk_notebook_append_page(GTK_NOTEBOOK(notebook), - page->vte, label); - gtk_widget_show(page->vte); - pages->insert_last(pages, page); - return page; -} - -/** - * create a new guest - */ -static void create_guest() -{ - guest_t *guest; - GtkWidget *dialog, *table, *label, *name, *kernel, *master, *args; - - dialog = gtk_dialog_new_with_buttons("Create new guest", GTK_WINDOW(window), - GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, - GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, - GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - - table = gtk_table_new(4, 2, TRUE); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - - label = gtk_label_new("Guest name"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); - gtk_widget_show(label); - - label = gtk_label_new("UML kernel"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0); - gtk_widget_show(label); - - label = gtk_label_new("Master filesystem"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 2, 3, 0, 0, 0, 0); - gtk_widget_show(label); - - label = gtk_label_new("Kernel arguments"); - gtk_table_attach(GTK_TABLE(table), label, 0, 1, 3, 4, 0, 0, 0, 0); - gtk_widget_show(label); - - name = gtk_entry_new(); - gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(name); - - kernel = gtk_file_chooser_button_new("Select UML kernel image", - GTK_FILE_CHOOSER_ACTION_OPEN); - gtk_table_attach(GTK_TABLE(table), kernel, 1, 2, 1, 2, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(kernel); - - master = gtk_file_chooser_button_new("Select master filesystem", - GTK_FILE_CHOOSER_ACTION_SELECT_FOLDER); - gtk_table_attach(GTK_TABLE(table), master, 1, 2, 2, 3, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(master); - - args = gtk_entry_new(); - gtk_table_attach(GTK_TABLE(table), args, 1, 2, 3, 4, - GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); - gtk_widget_show(args); - - gtk_widget_show(table); - - while (TRUE) - { - switch (gtk_dialog_run(GTK_DIALOG(dialog))) - { - case GTK_RESPONSE_ACCEPT: - { - char *sname, *skernel, *smaster, *sargs; - page_t *page; - - sname = (char*)gtk_entry_get_text(GTK_ENTRY(name)); - skernel = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(kernel)); - smaster = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(master)); - sargs = (char*)gtk_entry_get_text(GTK_ENTRY(args)); - - if (!sname[0] || !skernel || !smaster) - { - continue; - } - guest = dumm->create_guest(dumm, sname, skernel, smaster, sargs); - if (!guest) - { - error_dialog("creating guest failed!"); - continue; - } - page = create_page(guest); - gtk_notebook_set_current_page(GTK_NOTEBOOK(notebook), page->num); - break; - } - default: - break; - } - break; - } - gtk_widget_destroy(dialog); -} - -/** - * main routine, parses args and reads from console - */ -int main(int argc, char *argv[]) -{ - GtkWidget *menubar, *menu, *menuitem, *vbox; - GtkWidget *dummMenu, *guestMenu, *switchMenu; - enumerator_t *enumerator; - guest_t *guest; - - library_init(NULL, "dumm"); - gtk_init(&argc, &argv); - - pages = linked_list_create(); - dumm = dumm_create(NULL); - - /* setup window */ - window = gtk_window_new(GTK_WINDOW_TOPLEVEL); - g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(quit), NULL); - gtk_window_set_title(GTK_WINDOW (window), "Dumm"); - gtk_window_set_default_size(GTK_WINDOW (window), 1000, 500); - g_signal_connect(G_OBJECT(vte_reaper_get()), "child-exited", - G_CALLBACK(child_exited), NULL); - - /* add vbox with menubar, notebook */ - vbox = gtk_vbox_new(FALSE, 0); - gtk_container_add(GTK_CONTAINER(window), vbox); - menubar = gtk_menu_bar_new(); - gtk_box_pack_start(GTK_BOX(vbox), menubar, FALSE, TRUE, 0); - notebook = gtk_notebook_new(); - g_object_set(G_OBJECT(notebook), "homogeneous", TRUE, NULL); - gtk_notebook_set_tab_pos(GTK_NOTEBOOK(notebook), GTK_POS_BOTTOM); - gtk_container_add(GTK_CONTAINER(vbox), notebook); - - /* Dumm menu */ - menu = gtk_menu_new(); - dummMenu = gtk_menu_item_new_with_mnemonic("_Dumm"); - gtk_menu_bar_append(GTK_MENU_BAR(menubar), dummMenu); - gtk_widget_show(dummMenu); - gtk_menu_item_set_submenu(GTK_MENU_ITEM(dummMenu), menu); - - /* Dumm -> exit */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_QUIT, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(quit), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest menu */ - menu = gtk_menu_new(); - guestMenu = gtk_menu_item_new_with_mnemonic("_Guest"); - gtk_menu_bar_append(GTK_MENU_BAR(menubar), guestMenu); - gtk_widget_show(guestMenu); - gtk_menu_item_set_submenu(GTK_MENU_ITEM(guestMenu), menu); - - /* Guest -> new */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(create_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> delete */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(delete_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - menuitem = gtk_separator_menu_item_new(); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> start */ - menuitem = gtk_menu_item_new_with_mnemonic("_Start"); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(start_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> startall */ - menuitem = gtk_menu_item_new_with_mnemonic("Start _all"); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(start_all_guests), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> stop */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_STOP, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(stop_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - menuitem = gtk_separator_menu_item_new(); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> connect */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_CONNECT, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(connect_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Guest -> disconnect */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DISCONNECT, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(disconnect_guest), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_set_sensitive(menuitem, FALSE); - gtk_widget_show(menuitem); - - /* Switch menu */ - menu = gtk_menu_new(); - switchMenu = gtk_menu_item_new_with_mnemonic("_Switch"); - gtk_menu_bar_append(GTK_MENU_BAR(menubar), switchMenu); - gtk_widget_show(switchMenu); - gtk_menu_item_set_submenu(GTK_MENU_ITEM(switchMenu), menu); - - /* Switch -> new */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(create_switch), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_show(menuitem); - - /* Switch -> delete */ - menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL); - g_signal_connect(G_OBJECT(menuitem), "activate", - G_CALLBACK(delete_switch), NULL); - gtk_menu_append(GTK_MENU(menu), menuitem); - gtk_widget_set_sensitive(menuitem, FALSE); - gtk_widget_show(menuitem); - - /* show widgets */ - gtk_widget_show(menubar); - gtk_widget_show(notebook); - gtk_widget_show(vbox); - gtk_widget_show(window); - - /* fill notebook with guests */ - enumerator = dumm->create_guest_enumerator(dumm); - while (enumerator->enumerate(enumerator, (void**)&guest)) - { - create_page(guest); - } - enumerator->destroy(enumerator); - - gtk_main(); - - dumm->destroy(dumm); - pages->destroy_function(pages, g_free); - - library_deinit(); - return 0; -} - diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c deleted file mode 100644 index 3e31bc694..000000000 --- a/src/dumm/mconsole.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * Copyright (C) 2001-2004 Jeff Dike - * - * Based on the "uml_mconsole" utility from Jeff Dike. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE - -#include <sys/types.h> -#include <unistd.h> -#include <stdio.h> -#include <sys/socket.h> -#include <errno.h> -#include <sys/un.h> - -#include <utils/debug.h> - -#include "mconsole.h" - -#define MCONSOLE_MAGIC 0xcafebabe -#define MCONSOLE_VERSION 2 -#define MCONSOLE_MAX_DATA 512 - -typedef struct private_mconsole_t private_mconsole_t; - -struct private_mconsole_t { - /** public interface */ - mconsole_t public; - /** mconsole socket */ - int console; - /** notify socket */ - int notify; - /** address of uml socket */ - struct sockaddr_un uml; - /** idle function */ - void (*idle)(void); -}; - -/** - * mconsole message format from "arch/um/include/mconsole.h" - */ -typedef struct mconsole_request mconsole_request; -/** mconsole request message */ -struct mconsole_request { - uint32_t magic; - uint32_t version; - uint32_t len; - char data[MCONSOLE_MAX_DATA]; -}; - - -typedef struct mconsole_reply mconsole_reply; -/** mconsole reply message */ -struct mconsole_reply { - uint32_t err; - uint32_t more; - uint32_t len; - char data[MCONSOLE_MAX_DATA]; -}; - -typedef struct mconsole_notify mconsole_notify; -/** mconsole notify message */ -struct mconsole_notify { - uint32_t magic; - uint32_t version; - enum { - MCONSOLE_SOCKET, - MCONSOLE_PANIC, - MCONSOLE_HANG, - MCONSOLE_USER_NOTIFY, - } type; - uint32_t len; - char data[MCONSOLE_MAX_DATA]; -}; - -/** - * send a request to UML using mconsole - */ -static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), - void *data, char *command, ...) -{ - mconsole_request request; - mconsole_reply reply; - int len, flags = 0; - va_list args; - - memset(&request, 0, sizeof(request)); - request.magic = MCONSOLE_MAGIC; - request.version = MCONSOLE_VERSION; - va_start(args, command); - request.len = vsnprintf(request.data, sizeof(request.data), command, args); - va_end(args); - - if (this->idle) - { - flags = MSG_DONTWAIT; - } - do - { - if (this->idle) - { - this->idle(); - } - len = sendto(this->console, &request, sizeof(request), flags, - (struct sockaddr*)&this->uml, sizeof(this->uml)); - } - while (len < 0 && (errno == EINTR || errno == EAGAIN)); - - if (len < 0) - { - DBG1(DBG_LIB, "sending mconsole command to UML failed: %m"); - return -1; - } - do - { - len = recv(this->console, &reply, sizeof(reply), flags); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) - { - if (this->idle) - { - this->idle(); - } - continue; - } - if (len < 0) - { - DBG1(DBG_LIB, "receiving from mconsole failed: %m"); - return -1; - } - if (len > 0) - { - if (cb) - { - cb(data, reply.data, reply.len); - } - else if (reply.err) - { - if (reply.len && *reply.data) - { - DBG1(DBG_LIB, "received mconsole error %d: %.*s", - reply.err, (int)reply.len, reply.data); - } - break; - } - } - } - while (reply.more); - - return reply.err; -} - -/** - * ignore error message - */ -static void ignore(void *data, char *buf, size_t len) -{ -} - -METHOD(mconsole_t, add_iface, bool, - private_mconsole_t *this, char *guest, char *host) -{ - int tries = 0; - - while (tries++ < 5) - { - if (request(this, ignore, NULL, "config %s=tuntap,%s", guest, host) == 0) - { - return TRUE; - } - usleep(10000 * tries * tries); - } - return FALSE; -} - -METHOD(mconsole_t, del_iface, bool, - private_mconsole_t *this, char *guest) -{ - if (request(this, NULL, NULL, "remove %s", guest) != 0) - { - return FALSE; - } - return TRUE; -} - -METHOD(mconsole_t, exec, int, - private_mconsole_t *this, void(*cb)(void*,char*,size_t), void *data, - char *cmd) -{ - return request(this, cb, data, "%s", cmd); -} - -/** - * Poll until guest is ready - */ -static void wait_bootup(private_mconsole_t *this) -{ - /* wait for init process to appear */ - while (request(this, ignore, NULL, "exec ps -p 1 > /dev/null")) - { - if (this->idle) - { - this->idle(); - } - usleep(100000); - } -} - -METHOD(mconsole_t, destroy, void, - private_mconsole_t *this) -{ - close(this->console); - close(this->notify); - free(this); -} - -/** - * setup the mconsole notify connection and wait for its readiness - */ -static bool wait_for_notify(private_mconsole_t *this, char *nsock) -{ - struct sockaddr_un addr; - mconsole_notify notify; - int len, flags = 0; - - this->notify = socket(AF_UNIX, SOCK_DGRAM, 0); - if (this->notify < 0) - { - DBG1(DBG_LIB, "opening mconsole notify socket failed: %m"); - return FALSE; - } - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, nsock, sizeof(addr.sun_path)); - if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0) - { - DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m", - nsock); - close(this->notify); - return FALSE; - } - if (this->idle) - { - flags = MSG_DONTWAIT; - } - do - { - if (this->idle) - { - this->idle(); - } - len = recvfrom(this->notify, ¬ify, sizeof(notify), flags, NULL, 0); - } - while (len < 0 && (errno == EINTR || errno == EAGAIN)); - - if (len < 0 || len >= sizeof(notify)) - { - DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m"); - close(this->notify); - unlink(nsock); - return FALSE; - } - if (notify.magic != MCONSOLE_MAGIC || - notify.version != MCONSOLE_VERSION || - notify.type != MCONSOLE_SOCKET) - { - DBG1(DBG_LIB, "received unexpected message from mconsole notify" - " socket: %b", ¬ify, sizeof(notify)); - close(this->notify); - unlink(nsock); - return FALSE; - } - memset(&this->uml, 0, sizeof(this->uml)); - this->uml.sun_family = AF_UNIX; - strncpy(this->uml.sun_path, (char*)¬ify.data, sizeof(this->uml.sun_path)); - return TRUE; -} - -/** - * setup the mconsole console connection - */ -static bool setup_console(private_mconsole_t *this) -{ - struct sockaddr_un addr; - - this->console = socket(AF_UNIX, SOCK_DGRAM, 0); - if (this->console < 0) - { - DBG1(DBG_LIB, "opening mconsole socket failed: %m"); - return FALSE; - } - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - snprintf(&addr.sun_path[1], sizeof(addr.sun_path)-1, "%5d-%d", - getpid(), this->console); - if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0) - { - DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m", - &addr.sun_path[1]); - close(this->console); - return FALSE; - } - return TRUE; -} - -/** - * create the mconsole instance - */ -mconsole_t *mconsole_create(char *notify, void(*idle)(void)) -{ - private_mconsole_t *this; - - INIT(this, - .public = { - .add_iface = _add_iface, - .del_iface = _del_iface, - .exec = _exec, - .destroy = _destroy, - }, - .idle = idle, - ); - - if (!wait_for_notify(this, notify)) - { - free(this); - return NULL; - } - - if (!setup_console(this)) - { - close(this->notify); - unlink(notify); - free(this); - return NULL; - } - unlink(notify); - - wait_bootup(this); - - return &this->public; -} - diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h deleted file mode 100644 index 2b8a1cdff..000000000 --- a/src/dumm/mconsole.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef MCONSOLE_H -#define MCONSOLE_H - -#include <library.h> - -typedef struct mconsole_t mconsole_t; - -/** - * UML mconsole, change running UML configuration using mconsole. - */ -struct mconsole_t { - - /** - * Create a guest interface and connect it to tap host interface. - * - * @param guest name of the interface to create in the guest - * @param host name of the tap device to connect guest to - * @return TRUE if interface created - */ - bool (*add_iface)(mconsole_t *this, char *guest, char *host); - - /** - * Delete a guest interface. - * - * @param guest name of the interface to delete on the guest - * @return TRUE if interface deleted - */ - bool (*del_iface)(mconsole_t *this, char *guest); - - /** - * Execute a command on the mconsole. - * - * @param cb callback function to invoke for each line - * @param data data to pass to callback - * @param cmd command to invoke - * @return return value of command - */ - int (*exec)(mconsole_t *this, void(*cb)(void*,char*,size_t), void *data, - char *cmd); - - /** - * Destroy the mconsole instance - */ - void (*destroy) (mconsole_t *this); -}; - -/** - * Create a new mconsole connection to a guest. - * - * Waits for a notification from the guest through the notify socket and tries - * to connect to the mconsole socket supplied in the received notification. - * - * @param notify unix notify socket path - * @param idle idle function to call while waiting for responses - * @return mconsole instance, or NULL if failed - */ -mconsole_t *mconsole_create(char *notify, void(*idle)(void)); - -#endif /* MCONSOLE_H */ - diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 4106494db..1bc47d165 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -253,6 +252,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -273,8 +274,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -329,8 +328,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -359,8 +356,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index dbaa4f128..35261c9a5 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -302,8 +302,11 @@ enum xfrm_attr_type_t { XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ XFRMA_PAD, XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */ + XFRMA_SET_MARK, /* __u32 */ + XFRMA_SET_MARK_MASK, /* __u32 */ __XFRMA_MAX +#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */ #define XFRMA_MAX (__XFRMA_MAX - 1) }; diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 46715938e..eb3c635e0 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -260,7 +260,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -286,6 +285,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -306,8 +307,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -362,8 +361,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -392,8 +389,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 3f72d52ee..143342ecb 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.6.3dr1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.7.0rc2" "strongSwan" . .SH NAME . @@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files IPSEC_PIDDIR directory containing PID/socket files IPSEC_SCRIPT name of the ipsec script IPSEC_NAME name of ipsec distribution -IPSEC_VERSION version numer of ipsec userland and kernel +IPSEC_VERSION version number of ipsec userland and kernel IPSEC_STARTER_PID PID file for ipsec starter IPSEC_CHARON_PID PID file for IKE keying daemon .ad diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in index 0aef8c031..bfc4d50c2 100644 --- a/src/ipsec/_ipsec.8.in +++ b/src/ipsec/_ipsec.8.in @@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files IPSEC_PIDDIR directory containing PID/socket files IPSEC_SCRIPT name of the ipsec script IPSEC_NAME name of ipsec distribution -IPSEC_VERSION version numer of ipsec userland and kernel +IPSEC_VERSION version number of ipsec userland and kernel IPSEC_STARTER_PID PID file for ipsec starter IPSEC_CHARON_PID PID file for IKE keying daemon .ad diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index 283abdcd5..29b323284 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -42,7 +42,7 @@ IPSEC_STARTER="${IPSEC_DIR}/starter" export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID -IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland" +IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland" command_dir="$IPSEC_DIR" diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 6cd1130f1..8df9c6fcf 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -897,7 +897,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -923,6 +922,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -943,8 +944,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -999,8 +998,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -1029,8 +1026,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/attributes/mem_pool.h b/src/libcharon/attributes/mem_pool.h index 06acbf8f8..519b1d303 100644 --- a/src/libcharon/attributes/mem_pool.h +++ b/src/libcharon/attributes/mem_pool.h @@ -31,7 +31,7 @@ typedef enum mem_pool_op_t mem_pool_op_t; * In-memory IP pool acquire operation. */ enum mem_pool_op_t { - /** Check for an exsiting lease */ + /** Check for an existing lease */ MEM_POOL_EXISTING, /** Get a new lease */ MEM_POOL_NEW, diff --git a/src/libcharon/bus/listeners/custom_logger.h b/src/libcharon/bus/listeners/custom_logger.h index a256ad1ec..4856163f4 100644 --- a/src/libcharon/bus/listeners/custom_logger.h +++ b/src/libcharon/bus/listeners/custom_logger.h @@ -49,12 +49,17 @@ struct custom_logger_t { * @param group debug group to set * @param level max level to log (0..4) */ - void (*set_level) (custom_logger_t *this, debug_t group, level_t level); + void (*set_level)(custom_logger_t *this, debug_t group, level_t level); + + /** + * Reload custom logger configuration. + */ + void (*reload)(custom_logger_t *this); /** * Destroy the custom_logger_t object. */ - void (*destroy) (custom_logger_t *this); + void (*destroy)(custom_logger_t *this); }; /** diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index 02a41a5b3..47f62d59a 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -129,15 +130,77 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other, return match; } -METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*, - private_backend_manager_t *this, host_t *me, host_t *other, - ike_version_t version) +/** + * list element to help sorting + */ +typedef struct { + ike_cfg_match_t match; + ike_cfg_t *cfg; +} ike_match_entry_t; + +CALLBACK(ike_enum_filter, bool, + linked_list_t *configs, enumerator_t *orig, va_list args) +{ + ike_match_entry_t *entry; + ike_cfg_t **out; + + VA_ARGS_VGET(args, out); + + if (orig->enumerate(orig, &entry)) + { + *out = entry->cfg; + return TRUE; + } + return FALSE; +} + +CALLBACK(ike_match_entry_list_destroy, void, + linked_list_t *configs) +{ + ike_match_entry_t *entry; + + while (configs->remove_last(configs, (void**)&entry) == SUCCESS) + { + entry->cfg->destroy(entry->cfg); + free(entry); + } + configs->destroy(configs); +} + +/** + * Insert entry into match-sorted list + */ +static void insert_sorted_ike(ike_match_entry_t *entry, linked_list_t *list) +{ + enumerator_t *enumerator; + ike_match_entry_t *current; + + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (entry->match > current->match) + { + break; + } + } + list->insert_before(list, enumerator, entry); + enumerator->destroy(enumerator); +} + +/** + * Create a sorted list of all matching IKE configs + */ +static linked_list_t *get_matching_ike_cfgs(private_backend_manager_t *this, + host_t *me, host_t *other, + ike_version_t version) { - ike_cfg_t *current, *found = NULL; + ike_cfg_t *current; char *my_addr, *other_addr; enumerator_t *enumerator; - ike_cfg_match_t match, best = MATCH_ANY; ike_data_t *data; + linked_list_t *configs; + ike_cfg_match_t match; + ike_match_entry_t *entry; INIT(data, .this = this, @@ -145,44 +208,82 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*, .other = other, ); - DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other); + configs = linked_list_create(); this->lock->read_lock(this->lock); enumerator = enumerator_create_nested( this->backends->create_enumerator(this->backends), (void*)ike_enum_create, data, (void*)free); - while (enumerator->enumerate(enumerator, (void**)¤t)) + + while (enumerator->enumerate(enumerator, ¤t)) { + my_addr = current->get_my_addr(current); + other_addr = current->get_other_addr(current); match = get_ike_match(current, me, other, version); - DBG3(DBG_CFG, "ike config match: %d (%H %H %N)", - match, me, other, ike_version_names, version); + DBG3(DBG_CFG, "ike config match: %d (%s...%s %N)", match, my_addr, + other_addr, ike_version_names, current->get_version(current)); + if (match) { - my_addr = current->get_my_addr(current); - other_addr = current->get_other_addr(current); DBG2(DBG_CFG, " candidate: %s...%s, prio %d", my_addr, other_addr, match); - if (match > best) - { - DESTROY_IF(found); - found = current; - found->get_ref(found); - best = match; - } + + INIT(entry, + .match = match, + .cfg = current->get_ref(current), + ); + insert_sorted_ike(entry, configs); } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - if (found) + + return configs; +} + +METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*, + private_backend_manager_t *this, host_t *me, host_t *other, + ike_version_t version) +{ + linked_list_t *configs; + ike_match_entry_t *entry; + ike_cfg_t *found = NULL; + char *my_addr, *other_addr; + + DBG2(DBG_CFG, "looking for an %N config for %H...%H", ike_version_names, + version, me, other); + + configs = get_matching_ike_cfgs(this, me, other, version); + if (configs->get_first(configs, (void**)&entry) == SUCCESS) { + found = entry->cfg->get_ref(entry->cfg); + my_addr = found->get_my_addr(found); other_addr = found->get_other_addr(found); DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", - my_addr, other_addr, best); + my_addr, other_addr, entry->match); } + ike_match_entry_list_destroy(configs); + return found; } +METHOD(backend_manager_t, create_ike_cfg_enumerator, enumerator_t*, + private_backend_manager_t *this, host_t *me, host_t *other, + ike_version_t version) +{ + linked_list_t *configs; + + DBG2(DBG_CFG, "looking for %N configs for %H...%H", ike_version_names, + version, me, other); + + configs = get_matching_ike_cfgs(this, me, other, version); + + return enumerator_create_filter(configs->create_enumerator(configs), + ike_enum_filter, configs, + ike_match_entry_list_destroy); +} + /** * Get the best ID match in one of the configs auth_cfg */ @@ -198,7 +299,7 @@ static id_match_t get_peer_match(identification_t *id, if (!id) { - DBG3(DBG_CFG, "peer config match %s: %d (%N)", + DBG3(DBG_CFG, " %s id match: %d (%N)", where, ID_MATCH_ANY, id_type_names, ID_ANY); return ID_MATCH_ANY; } @@ -225,7 +326,7 @@ static id_match_t get_peer_match(identification_t *id, enumerator->destroy(enumerator); data = id->get_encoding(id); - DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)", + DBG3(DBG_CFG, " %s id match: %d (%N: %#B)", where, match, id_type_names, id->get_type(id), &data); return match; } @@ -295,34 +396,26 @@ CALLBACK(peer_enum_filter_destroy, void, } /** - * Insert entry into match-sorted list, using helper + * Insert entry into match-sorted list */ -static void insert_sorted(match_entry_t *entry, linked_list_t *list, - linked_list_t *helper) +static void insert_sorted(match_entry_t *entry, linked_list_t *list) { + enumerator_t *enumerator; match_entry_t *current; - while (list->remove_first(list, (void**)¤t) == SUCCESS) - { - helper->insert_last(helper, current); - } - while (helper->remove_first(helper, (void**)¤t) == SUCCESS) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, ¤t)) { - if (entry && ( - (entry->match_ike > current->match_ike && - entry->match_peer >= current->match_peer) || - (entry->match_ike >= current->match_ike && - entry->match_peer > current->match_peer))) + if ((entry->match_ike > current->match_ike && + entry->match_peer >= current->match_peer) || + (entry->match_ike >= current->match_ike && + entry->match_peer > current->match_peer)) { - list->insert_last(list, entry); - entry = NULL; + break; } - list->insert_last(list, current); - } - if (entry) - { - list->insert_last(list, entry); } + list->insert_before(list, enumerator, entry); + enumerator->destroy(enumerator); } METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, @@ -332,7 +425,7 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, enumerator_t *enumerator; peer_data_t *data; peer_cfg_t *cfg; - linked_list_t *configs, *helper; + linked_list_t *configs; INIT(data, .lock = this->lock, @@ -352,35 +445,46 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, } configs = linked_list_create(); - /* only once allocated helper list for sorting */ - helper = linked_list_create(); while (enumerator->enumerate(enumerator, &cfg)) { - id_match_t match_peer_me, match_peer_other; + ike_cfg_t *ike_cfg = cfg->get_ike_cfg(cfg); ike_cfg_match_t match_ike; + id_match_t match_peer_me, match_peer_other; match_entry_t *entry; + char *my_addr, *other_addr; + + match_ike = get_ike_match(ike_cfg, me, other, version); + my_addr = ike_cfg->get_my_addr(ike_cfg); + other_addr = ike_cfg->get_other_addr(ike_cfg); + DBG3(DBG_CFG, "peer config \"%s\", ike match: %d (%s...%s %N)", + cfg->get_name(cfg), match_ike, my_addr, other_addr, + ike_version_names, ike_cfg->get_version(ike_cfg)); + + if (!match_ike) + { + continue; + } match_peer_me = get_peer_match(my_id, cfg, TRUE); + if (!match_peer_me) + { + continue; + } match_peer_other = get_peer_match(other_id, cfg, FALSE); - match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other, version); - DBG3(DBG_CFG, "ike config match: %d (%H %H %N)", - match_ike, me, other, ike_version_names, version); - if (match_peer_me && match_peer_other && match_ike) + if (match_peer_other) { DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)", cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike); - INIT(entry, .match_peer = match_peer_me + match_peer_other, .match_ike = match_ike, .cfg = cfg->get_ref(cfg), ); - insert_sorted(entry, configs, helper); + insert_sorted(entry, configs); } } enumerator->destroy(enumerator); - helper->destroy(helper); return enumerator_create_filter(configs->create_enumerator(configs), peer_enum_filter, configs, @@ -430,8 +534,7 @@ METHOD(backend_manager_t, destroy, void, } /* - * Described in header-file - + * Described in header */ backend_manager_t *backend_manager_create() { @@ -440,6 +543,7 @@ backend_manager_t *backend_manager_create() INIT(this, .public = { .get_ike_cfg = _get_ike_cfg, + .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, .get_peer_cfg_by_name = _get_peer_cfg_by_name, .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, .add_backend = _add_backend, diff --git a/src/libcharon/config/backend_manager.h b/src/libcharon/config/backend_manager.h index 8ec79ce28..ada295f0d 100644 --- a/src/libcharon/config/backend_manager.h +++ b/src/libcharon/config/backend_manager.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2007 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -64,6 +65,20 @@ struct backend_manager_t { ike_version_t version); /** + * Create an enumerator over all matching IKE configs. + * + * Pass NULL as parameters to match any. The enumerator enumerates over + * ike_cfgs, ordered by priority (best match first). + * + * @param me local address + * @param other remote address + * @param version IKE version to get a config for + * @return enumerator over ike_cfg + */ + enumerator_t* (*create_ike_cfg_enumerator)(backend_manager_t *this, + host_t *me, host_t *other, ike_version_t version); + + /** * Get a peer_config identified by it's name. * * @param name name of the peer_config diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index bc417f936..14148ed03 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -124,6 +124,16 @@ struct private_child_cfg_t { mark_t mark_out; /** + * Optional mark to set to packets after inbound processing + */ + mark_t set_mark_in; + + /** + * Optional mark to set to packets after outbound processing + */ + mark_t set_mark_out; + + /** * Traffic Flow Confidentiality padding, if enabled */ uint32_t tfc; @@ -147,6 +157,11 @@ struct private_child_cfg_t { * HW offload mode */ hw_offload_t hw_offload; + + /** + * DS header field copy mode + */ + dscp_copy_t copy_dscp; }; METHOD(child_cfg_t, get_name, char*, @@ -254,7 +269,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, { DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); - DBG2(DBG_CFG, "selected proposal: %P", selected); + DBG1(DBG_CFG, "selected proposal: %P", selected); break; } } @@ -289,7 +304,7 @@ METHOD(child_cfg_t, add_traffic_selector, void, METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, private_child_cfg_t *this, bool local, linked_list_t *supplied, - linked_list_t *hosts) + linked_list_t *hosts, bool log) { enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; @@ -334,13 +349,19 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, } e1->destroy(e1); - DBG2(DBG_CFG, "%s traffic selectors for %s:", - supplied ? "selecting" : "proposing", local ? "us" : "other"); - if (supplied == NULL) + if (log) + { + DBG2(DBG_CFG, "%s traffic selectors for %s:", + supplied ? "selecting" : "proposing", local ? "us" : "other"); + } + if (!supplied) { while (derived->remove_first(derived, (void**)&ts1) == SUCCESS) { - DBG2(DBG_CFG, " %R", ts1); + if (log) + { + DBG2(DBG_CFG, " %R", ts1); + } result->insert_last(result, ts1); } derived->destroy(derived); @@ -358,11 +379,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*, selected = ts1->get_subset(ts1, ts2); if (selected) { - DBG2(DBG_CFG, " config: %R, received: %R => match: %R", - ts1, ts2, selected); + if (log) + { + DBG2(DBG_CFG, " config: %R, received: %R => match: %R", + ts1, ts2, selected); + } result->insert_last(result, selected); } - else + else if (log) { DBG2(DBG_CFG, " config: %R, received: %R => no match", ts1, ts2); @@ -478,6 +502,12 @@ METHOD(child_cfg_t, get_hw_offload, hw_offload_t, return this->hw_offload; } +METHOD(child_cfg_t, get_copy_dscp, dscp_copy_t, + private_child_cfg_t *this) +{ + return this->copy_dscp; +} + METHOD(child_cfg_t, get_dpd_action, action_t, private_child_cfg_t *this) { @@ -527,6 +557,12 @@ METHOD(child_cfg_t, get_mark, mark_t, return inbound ? this->mark_in : this->mark_out; } +METHOD(child_cfg_t, get_set_mark, mark_t, + private_child_cfg_t *this, bool inbound) +{ + return inbound ? this->set_mark_in : this->set_mark_out; +} + METHOD(child_cfg_t, get_tfc, uint32_t, private_child_cfg_t *this) { @@ -600,9 +636,15 @@ METHOD(child_cfg_t, equals, bool, this->mark_in.mask == other->mark_in.mask && this->mark_out.value == other->mark_out.value && this->mark_out.mask == other->mark_out.mask && + this->set_mark_in.value == other->set_mark_in.value && + this->set_mark_in.mask == other->set_mark_in.mask && + this->set_mark_out.value == other->set_mark_out.value && + this->set_mark_out.mask == other->set_mark_out.mask && this->tfc == other->tfc && this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && + this->hw_offload == other->hw_offload && + this->copy_dscp == other->copy_dscp && streq(this->updown, other->updown) && streq(this->interface, other->interface); } @@ -654,6 +696,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, + .get_set_mark = _get_set_mark, .get_tfc = _get_tfc, .get_manual_prio = _get_manual_prio, .get_interface = _get_interface, @@ -664,6 +707,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .get_ref = _get_ref, .destroy = _destroy, .get_hw_offload = _get_hw_offload, + .get_copy_dscp = _get_copy_dscp, }, .name = strdup(name), .options = data->options, @@ -675,6 +719,8 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .close_action = data->close_action, .mark_in = data->mark_in, .mark_out = data->mark_out, + .set_mark_in = data->set_mark_in, + .set_mark_out = data->set_mark_out, .lifetime = data->lifetime, .inactivity = data->inactivity, .tfc = data->tfc, @@ -687,6 +733,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .replay_window = lib->settings->get_int(lib->settings, "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), .hw_offload = data->hw_offload, + .copy_dscp = data->copy_dscp, ); return &this->public; diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index d566da3ec..e3b59e656 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -135,11 +135,13 @@ struct child_cfg_t { * @param local TRUE for TS on local side, FALSE for remote * @param supplied list with TS to select from, or NULL * @param hosts addresses to use for narrowing "dynamic" TS', host_t + * @param log FALSE to avoid logging details about the selection * @return list containing the traffic selectors */ linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local, linked_list_t *supplied, - linked_list_t *hosts); + linked_list_t *hosts, bool log); + /** * Get the updown script to run for the CHILD_SA. * @@ -190,6 +192,13 @@ struct child_cfg_t { hw_offload_t (*get_hw_offload) (child_cfg_t *this); /** + * Get the copy mode for the DS header field to use for the CHILD_SA. + * + * @return IP header copy mode + */ + dscp_copy_t (*get_copy_dscp) (child_cfg_t *this); + + /** * Action to take if CHILD_SA gets closed. * * @return close action @@ -218,7 +227,7 @@ struct child_cfg_t { uint32_t (*get_reqid)(child_cfg_t *this); /** - * Optional mark for CHILD_SA. + * Optional mark to set on policies/SAs. * * @param inbound TRUE for inbound, FALSE for outbound * @return mark @@ -226,6 +235,14 @@ struct child_cfg_t { mark_t (*get_mark)(child_cfg_t *this, bool inbound); /** + * Optional mark the SAs should apply after processing packets. + * + * @param inbound TRUE for inbound, FALSE for outbound + * @return mark + */ + mark_t (*get_set_mark)(child_cfg_t *this, bool inbound); + + /** * Get the TFC padding value to use for CHILD_SA. * * @return TFC padding, 0 to disable, -1 for MTU @@ -317,6 +334,12 @@ enum child_cfg_option_t { /** Set mark on inbound SAs */ OPT_MARK_IN_SA = (1<<6), + + /** Disable copying the DF bit to the outer IPv4 header in tunnel mode */ + OPT_NO_COPY_DF = (1<<7), + + /** Disable copying the ECN header field in tunnel mode */ + OPT_NO_COPY_ECN = (1<<8), }; /** @@ -331,6 +354,10 @@ struct child_cfg_create_t { mark_t mark_in; /** Optional outbound mark */ mark_t mark_out; + /** Optional inbound mark the SA should apply to traffic */ + mark_t set_mark_in; + /** Optional outbound mark the SA should apply to traffic */ + mark_t set_mark_out; /** Mode to propose for CHILD_SA */ ipsec_mode_t mode; /** TFC padding size, 0 to disable, -1 to pad to PMTU */ @@ -353,6 +380,8 @@ struct child_cfg_create_t { char *updown; /** HW offload mode */ hw_offload_t hw_offload; + /** How to handle the DS header field in tunnel mode */ + dscp_copy_t copy_dscp; }; /** diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index a73a5b5e2..357c4a73b 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2017 Tobias Brunner + * Copyright (C) 2012-2018 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -309,6 +309,25 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*, return proposals; } +METHOD(ike_cfg_t, has_proposal, bool, + private_ike_cfg_t *this, proposal_t *match, bool private) +{ + enumerator_t *enumerator; + proposal_t *proposal; + + enumerator = this->proposals->create_enumerator(this->proposals); + while (enumerator->enumerate(enumerator, &proposal)) + { + if (proposal->matches(proposal, match, private)) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + METHOD(ike_cfg_t, select_proposal, proposal_t*, private_ike_cfg_t *this, linked_list_t *proposals, bool private, bool prefer_self) @@ -344,7 +363,7 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*, { DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); - DBG2(DBG_CFG, "selected proposal: %P", selected); + DBG1(DBG_CFG, "selected proposal: %P", selected); break; } } @@ -618,6 +637,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, .add_proposal = _add_proposal, .get_proposals = _get_proposals, .select_proposal = _select_proposal, + .has_proposal = _has_proposal, .get_dh_group = _get_dh_group, .equals = _equals, .get_ref = _get_ref, diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index ac2deef70..49690c892 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2017 Tobias Brunner + * Copyright (C) 2012-2018 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -180,6 +180,15 @@ struct ike_cfg_t { bool private, bool prefer_self); /** + * Check if the config has a matching proposal. + * + * @param match proposal to check + * @param private accept algorithms from a private range + * @return TRUE if a matching proposal is contained + */ + bool(*has_proposal)(ike_cfg_t *this, proposal_t *match, bool private); + + /** * Should we send a certificate request in IKE_SA_INIT? * * @return certificate request sending policy diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 29f067858..e7dfb5f62 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2017 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -126,12 +126,12 @@ struct private_peer_cfg_t { uint32_t over_time; /** - * DPD check intervall + * DPD check interval */ uint32_t dpd; /** - * DPD timeout intervall (used for IKEv1 only) + * DPD timeout interval (used for IKEv1 only) */ uint32_t dpd_timeout; @@ -155,6 +155,16 @@ struct private_peer_cfg_t { */ linked_list_t *remote_auth; + /** + * PPK ID + */ + identification_t *ppk_id; + + /** + * Whether a PPK is required + */ + bool ppk_required; + #ifdef ME /** * Is this a mediation connection? @@ -258,48 +268,44 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*, private_peer_cfg_t *this, peer_cfg_t *other_pub) { private_peer_cfg_t *other = (private_peer_cfg_t*)other_pub; - linked_list_t *removed, *added; + linked_list_t *new_cfgs, *removed, *added; enumerator_t *mine, *others; child_cfg_t *my_cfg, *other_cfg; child_cfgs_replace_enumerator_t *enumerator; bool found; - removed = linked_list_create(); + added = linked_list_create(); other->lock->read_lock(other->lock); - added = linked_list_create_from_enumerator( + new_cfgs = linked_list_create_from_enumerator( other->child_cfgs->create_enumerator(other->child_cfgs)); - added->invoke_offset(added, offsetof(child_cfg_t, get_ref)); + new_cfgs->invoke_offset(new_cfgs, offsetof(child_cfg_t, get_ref)); other->lock->unlock(other->lock); this->lock->write_lock(this->lock); - others = added->create_enumerator(added); - mine = this->child_cfgs->create_enumerator(this->child_cfgs); - while (mine->enumerate(mine, &my_cfg)) + removed = this->child_cfgs; + this->child_cfgs = new_cfgs; + others = new_cfgs->create_enumerator(new_cfgs); + mine = removed->create_enumerator(removed); + while (others->enumerate(others, &other_cfg)) { found = FALSE; - while (others->enumerate(others, &other_cfg)) + while (mine->enumerate(mine, &my_cfg)) { if (my_cfg->equals(my_cfg, other_cfg)) { - added->remove_at(added, others); - other_cfg->destroy(other_cfg); + removed->remove_at(removed, mine); + my_cfg->destroy(my_cfg); found = TRUE; break; } } - added->reset_enumerator(added, others); + removed->reset_enumerator(removed, mine); if (!found) { - this->child_cfgs->remove_at(this->child_cfgs, mine); - removed->insert_last(removed, my_cfg); + added->insert_last(added, other_cfg->get_ref(other_cfg)); } } - while (others->enumerate(others, &other_cfg)) - { - this->child_cfgs->insert_last(this->child_cfgs, - other_cfg->get_ref(other_cfg)); - } others->destroy(others); mine->destroy(mine); this->lock->unlock(this->lock); @@ -379,7 +385,7 @@ static int get_ts_match(child_cfg_t *cfg, bool local, int match = 0, round; /* fetch configured TS list, narrowing dynamic TS */ - cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts); + cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts, TRUE); /* use a round counter to rate leading TS with higher priority */ round = sup_list->get_count(sup_list); @@ -581,6 +587,18 @@ METHOD(peer_cfg_t, create_auth_cfg_enumerator, enumerator_t*, return this->remote_auth->create_enumerator(this->remote_auth); } +METHOD(peer_cfg_t, get_ppk_id, identification_t*, + private_peer_cfg_t *this) +{ + return this->ppk_id; +} + +METHOD(peer_cfg_t, ppk_required, bool, + private_peer_cfg_t *this) +{ + return this->ppk_required; +} + #ifdef ME METHOD(peer_cfg_t, is_mediation, bool, private_peer_cfg_t *this) @@ -655,6 +673,14 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) return equal; } +/** + * Check if two identities are equal, or both are not set + */ +static bool id_equal(identification_t *this, identification_t *other) +{ + return this == other || (this && other && this->equals(this, other)); +} + METHOD(peer_cfg_t, equals, bool, private_peer_cfg_t *this, private_peer_cfg_t *other) { @@ -688,13 +714,13 @@ METHOD(peer_cfg_t, equals, bool, this->dpd == other->dpd && this->aggressive == other->aggressive && this->pull_mode == other->pull_mode && - auth_cfg_equal(this, other) + auth_cfg_equal(this, other) && + this->ppk_required == other->ppk_required && + id_equal(this->ppk_id, other->ppk_id) #ifdef ME && this->mediation == other->mediation && streq(this->mediated_by, other->mediated_by) && - (this->peer_id == other->peer_id || - (this->peer_id && other->peer_id && - this->peer_id->equals(this->peer_id, other->peer_id))) + id_equal(this->peer_id, other->peer_id) #endif /* ME */ ); } @@ -724,6 +750,7 @@ METHOD(peer_cfg_t, destroy, void, DESTROY_IF(this->peer_id); free(this->mediated_by); #endif /* ME */ + DESTROY_IF(this->ppk_id); this->lock->destroy(this->lock); free(this->name); free(this); @@ -778,6 +805,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, .create_pool_enumerator = _create_pool_enumerator, .add_auth_cfg = _add_auth_cfg, .create_auth_cfg_enumerator = _create_auth_cfg_enumerator, + .get_ppk_id = _get_ppk_id, + .ppk_required = _ppk_required, .equals = (void*)_equals, .get_ref = _get_ref, .destroy = _destroy, @@ -803,6 +832,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, .pull_mode = !data->push_mode, .dpd = data->dpd, .dpd_timeout = data->dpd_timeout, + .ppk_id = data->ppk_id, + .ppk_required = data->ppk_required, .vips = linked_list_create(), .pools = linked_list_create(), .local_auth = linked_list_create(), diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index 6074a7cd4..49c4d1492 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2017 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -157,11 +157,9 @@ struct peer_cfg_t { /** * Replace the CHILD configs with those in the given PEER config. * - * Configs that are equal are not replaced. - * * The enumerator enumerates the removed and added CHILD configs * (child_cfg_t*, bool), where the flag is FALSE for removed configs and - * TRUE for added configs. + * TRUE for added configs. Configs that are equal are not enumerated. * * @param other other config to get CHILD configs from * @return an enumerator over removed/added CHILD configs @@ -313,6 +311,20 @@ struct peer_cfg_t { */ enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this); + /** + * Get the PPK ID to use with this peer. + * + * @return PPK id + */ + identification_t *(*get_ppk_id)(peer_cfg_t *this); + + /** + * Whether a PPK is required with this peer. + * + * @return TRUE, if a PPK is required + */ + bool (*ppk_required)(peer_cfg_t *this); + #ifdef ME /** * Is this a mediation connection? @@ -395,6 +407,10 @@ struct peer_cfg_create_t { uint32_t dpd; /** DPD timeout interval (IKEv1 only), if 0 default applies */ uint32_t dpd_timeout; + /** Postquantum Preshared Key ID (adopted) */ + identification_t *ppk_id; + /** TRUE if a PPK is required, FALSE if it's optional */ + bool ppk_required; #ifdef ME /** TRUE if this is a mediation connection */ bool mediation; diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index e4b819710..d2f3afdd3 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -480,25 +480,27 @@ static void load_sys_logger(private_daemon_t *this, char *facility, /** * Load the given file logger configured in strongswan.conf */ -static void load_file_logger(private_daemon_t *this, char *filename, +static void load_file_logger(private_daemon_t *this, char *section, linked_list_t *current_loggers) { file_logger_t *file_logger; debug_t group; level_t def; bool add_ms, ike_name, flush_line, append; - char *time_format; + char *time_format, *filename; time_format = lib->settings->get_str(lib->settings, - "%s.filelog.%s.time_format", NULL, lib->ns, filename); + "%s.filelog.%s.time_format", NULL, lib->ns, section); add_ms = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename); + "%s.filelog.%s.time_add_ms", FALSE, lib->ns, section); ike_name = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.ike_name", FALSE, lib->ns, filename); + "%s.filelog.%s.ike_name", FALSE, lib->ns, section); flush_line = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.flush_line", FALSE, lib->ns, filename); + "%s.filelog.%s.flush_line", FALSE, lib->ns, section); append = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.append", TRUE, lib->ns, filename); + "%s.filelog.%s.append", TRUE, lib->ns, section); + filename = lib->settings->get_str(lib->settings, + "%s.filelog.%s.path", section, lib->ns, section); file_logger = add_file_logger(this, filename, current_loggers); if (!file_logger) @@ -510,12 +512,12 @@ static void load_file_logger(private_daemon_t *this, char *filename, file_logger->open(file_logger, flush_line, append); def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1, - lib->ns, filename); + lib->ns, section); for (group = 0; group < DBG_MAX; group++) { file_logger->set_level(file_logger, group, lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def, - lib->ns, filename, debug_lower_names, group)); + lib->ns, section, debug_lower_names, group)); } charon->bus->add_logger(charon->bus, &file_logger->logger); } @@ -545,6 +547,10 @@ static void load_custom_logger(private_daemon_t *this, lib->settings->get_int(lib->settings, "%s.customlog.%s.%N", def, lib->ns, entry->name, debug_lower_names, group)); } + if (custom_logger->reload) + { + custom_logger->reload(custom_logger); + } charon->bus->add_logger(charon->bus, &custom_logger->logger); } diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 1b8cd76f4..b72a2bf2d 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2014 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2006 Daniel Roethlisberger @@ -2095,8 +2095,8 @@ METHOD(message_t, fragment, status_t, count = data.len / frag_len + (data.len % frag_len ? 1 : 0); this->fragments = array_create(0, count); - DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into " - "%hu fragments", len, count); + DBG1(DBG_ENC, "splitting IKE message (%zu bytes) into %hu fragments", len, + count); for (num = 1; num <= count; num++) { len = min(data.len, frag_len); @@ -2821,11 +2821,11 @@ METHOD(message_t, add_fragment_v1, status_t, return NEED_MORE; } - DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE " - "message", num); - data = merge_fragments(this, message); this->packet->set_data(this->packet, data); + DBG1(DBG_ENC, "received fragment #%hhu, reassembled fragmented IKE " + "message (%zu bytes)", num, data.len); + this->parser = parser_create(data); if (parse_header(this) != SUCCESS) @@ -2842,9 +2842,11 @@ METHOD(message_t, add_fragment_v2, status_t, encrypted_fragment_payload_t *encrypted_fragment; encrypted_payload_t *encrypted; payload_t *payload; + aead_t *aead; enumerator_t *enumerator; chunk_t data; uint16_t total, num; + size_t len; status_t status; if (!this->frag) @@ -2904,15 +2906,30 @@ METHOD(message_t, add_fragment_v2, status_t, return NEED_MORE; } - DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE " - "message", num, total); + encrypted = (encrypted_payload_t*)encrypted_fragment; + aead = encrypted->get_transform(encrypted); data = merge_fragments(this, message); + encrypted = encrypted_payload_create_from_plain(this->first_payload, data); + encrypted->set_transform(encrypted, aead); this->payloads->insert_last(this->payloads, encrypted); /* update next payload type (could be an unencrypted payload) */ this->payloads->get_first(this->payloads, (void**)&payload); this->first_payload = payload->get_type(payload); + + /* we report the length of the complete IKE message when splitting, do the + * same here, so add the IKEv2 header len to the reassembled payload data */ + len = 28; + enumerator = create_payload_enumerator(this); + while (enumerator->enumerate(enumerator, &payload)) + { + len += payload->get_length(payload); + } + enumerator->destroy(enumerator); + + DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembled fragmented IKE " + "message (%zu bytes)", num, total, len); return SUCCESS; } diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c index 4f4b1d1d6..ba56ace55 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.c +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Tobias Brunner + * Copyright (C) 2011-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter @@ -326,6 +326,21 @@ METHOD2(payload_t, encrypted_payload_t, get_length, size_t, return this->payload_length; } +METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t, + private_encrypted_payload_t *this) +{ + /* contains only the decrypted payload data, no IV, padding or ICV */ + this->payload_length = this->encrypted.len; + + if (this->aead) + { + this->payload_length += compute_overhead(this->aead, + this->payload_length); + } + this->payload_length += get_header_length(this); + return this->payload_length; +} + METHOD(encrypted_payload_t, add_payload, void, private_encrypted_payload_t *this, payload_t *payload) { @@ -727,6 +742,12 @@ METHOD(encrypted_payload_t, set_transform, void, this->aead = aead; } +METHOD(encrypted_payload_t, get_transform, aead_t*, + private_encrypted_payload_t *this) +{ + return this->aead; +} + METHOD2(payload_t, encrypted_payload_t, destroy, void, private_encrypted_payload_t *this) { @@ -759,6 +780,7 @@ encrypted_payload_t *encrypted_payload_create(payload_type_t type) .remove_payload = _remove_payload, .generate_payloads = _generate_payloads, .set_transform = _set_transform, + .get_transform = _get_transform, .encrypt = _encrypt, .decrypt = _decrypt, .destroy = _destroy, @@ -787,10 +809,11 @@ encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next, private_encrypted_payload_t *this; this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED); + this->public.payload_interface.get_length = _get_length_plain; + this->public.get_length = _get_length_plain; this->public.decrypt = _decrypt_plain; this->next_payload = next; this->encrypted = plain; - compute_length(this); return &this->public; } @@ -899,6 +922,12 @@ METHOD(encrypted_payload_t, frag_set_transform, void, this->aead = aead; } +METHOD(encrypted_payload_t, frag_get_transform, aead_t*, + private_encrypted_fragment_payload_t *this) +{ + return this->aead; +} + /** * Append the encrypted fragment payload header to the associated data */ @@ -996,6 +1025,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create() .remove_payload = (void*)return_null, .generate_payloads = nop, .set_transform = _frag_set_transform, + .get_transform = _frag_get_transform, .encrypt = _frag_encrypt, .decrypt = _frag_decrypt, .destroy = _frag_destroy, diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index 72a256553..be7a24f43 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter @@ -74,9 +74,16 @@ struct encrypted_payload_t { /** * Set the AEAD transform to use. * - * @param aead aead transform to use + * @param aead aead transform to use */ - void (*set_transform) (encrypted_payload_t *this, aead_t *aead); + void (*set_transform)(encrypted_payload_t *this, aead_t *aead); + + /** + * Get the AEAD transform that to use (or was used). + * + * @param aead aead transform to use (or was used) + */ + aead_t *(*get_transform)(encrypted_payload_t *this); /** * Generate, encrypt and sign contained payloads. diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 0c6f010b5..a69db9357 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG - * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -114,7 +114,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, MS_NOTI "SENDER_REQUEST_ID", "FRAGMENTATION_SUPPORTED", "SIGNATURE_HASH_ALGORITHMS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS, +ENUM_NEXT(notify_type_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS, + "USE_PPK", + "PPK_IDENTITY", + "NO_PPK_AUTH"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -224,7 +228,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, M "SENDER_REQ_ID", "FRAG_SUP", "HASH_ALG"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS, +ENUM_NEXT(notify_type_short_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS, + "USE_PPK", + "PPK_ID", + "NO_PPK"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 39e4c915b..b0cf69d02 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -153,6 +153,12 @@ enum notify_type_t { FRAGMENTATION_SUPPORTED = 16430, /* Signature Hash Algorithms, RFC 7427 */ SIGNATURE_HASH_ALGORITHMS = 16431, + /* Use Postquantum Preshared Key (draft-ietf-ipsecme-qr-ikev2) */ + USE_PPK = 16435, + /* Postquantum Preshared Key Identity (draft-ietf-ipsecme-qr-ikev2) */ + PPK_IDENTITY = 16436, + /* No Postquantum Preshared Key Auth (draft-ietf-ipsecme-qr-ikev2) */ + NO_PPK_AUTH = 16437, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 94b9c284b..4158eb45e 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2016 Andreas Steffen - * Copyright (C) 2006-2016 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -93,8 +93,16 @@ struct kernel_ipsec_add_sa_t { bool encap; /** no (disabled), yes (enabled), auto (enabled if supported) */ hw_offload_t hw_offload; + /** Mark the SA should apply to packets after processing */ + mark_t mark; /** TRUE to use Extended Sequence Numbers */ bool esn; + /** TRUE to copy the DF bit to the outer IPv4 header in tunnel mode */ + bool copy_df; + /** TRUE to copy the ECN header field to/from the outer header */ + bool copy_ecn; + /** Whether to copy the DSCP header field to/from the outer header */ + dscp_copy_t copy_dscp; /** TRUE if initiator of the exchange creating the SA */ bool initiator; /** TRUE if this is an inbound SA */ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 4c72b5609..acdba345c 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -646,13 +646,13 @@ receiver_t *receiver_create() this->receive_delay = lib->settings->get_int(lib->settings, "%s.receive_delay", 0, lib->ns); this->receive_delay_type = lib->settings->get_int(lib->settings, - "%s.receive_delay_type", 0, lib->ns), + "%s.receive_delay_type", 0, lib->ns); this->receive_delay_request = lib->settings->get_bool(lib->settings, - "%s.receive_delay_request", TRUE, lib->ns), + "%s.receive_delay_request", TRUE, lib->ns); this->receive_delay_response = lib->settings->get_bool(lib->settings, - "%s.receive_delay_response", TRUE, lib->ns), + "%s.receive_delay_response", TRUE, lib->ns); this->initiator_only = lib->settings->get_bool(lib->settings, - "%s.initiator_only", FALSE, lib->ns), + "%s.initiator_only", FALSE, lib->ns); this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!this->hasher) diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 62ce323d0..c16899048 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index bba9591ec..4cecc1431 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 0a5c7ec8d..5d0c826f5 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index 2e7170472..af810b959 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index b8b9885f2..cc2c22ddc 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in index f882f6bc0..84b3bb3b2 100644 --- a/src/libcharon/plugins/bypass_lan/Makefile.in +++ b/src/libcharon/plugins/bypass_lan/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index cbfb07597..f057d25c2 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index 6f0a2bddf..b88af5a24 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/counters/Makefile.in b/src/libcharon/plugins/counters/Makefile.in index 491ba80b3..e58c467bf 100644 --- a/src/libcharon/plugins/counters/Makefile.in +++ b/src/libcharon/plugins/counters/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 5859a21ee..1d9a7cbc7 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index f8e2d7398..5975ea98b 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index c26fcc920..1e208d094 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create() destroy(this); return NULL; } - if (!is_broadcast(this->dst)) + if (!is_broadcast(this->dst) && + lib->settings->get_bool(lib->settings, + "%s.plugins.dhcp.use_server_port", FALSE, + lib->ns)) { /* when setting giaddr (which we do when we don't broadcast), the server * should respond to the server port on that IP, according to RFC 2131, @@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create() * kernel will respond with an ICMP port unreachable if there is no * socket bound to that port, which might be problematic with certain * DHCP servers. instead of opening an additional socket, that we don't - * actually use, we can also just send our requests from port 67 */ + * actually use, we can also just send our requests from port 67. + * we don't do this by default, as it might cause conflicts with DHCP + * servers running on the same host */ src.sin_port = htons(DHCP_SERVER_PORT); } if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index d0a4d7fc3..d9f80a7ba 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 9be0c495b..93ed6609a 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -346,6 +345,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -366,8 +367,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -422,8 +421,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,8 +449,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index dd66b65b7..202051fdd 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in index d8515c05b..8aef51cef 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in @@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -347,6 +346,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -367,8 +368,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -423,8 +422,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -453,8 +450,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in index 65b86199c..5c45477ad 100644 --- a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index f5fc3fb48..b60fbd03b 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 494f0a8c5..0ebde2034 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index 4dc68f94f..f8b9580e8 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 44f097ef4..405660c8c 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 3c634db82..5e6da5e1b 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 505d6ea52..9ac83b0eb 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 20f2ecab1..e3d498c5b 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index f5100fc53..832c7d0dd 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index ae25d21c2..2996eaa8a 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index a02cbbd23..3792f24aa 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index d9cfda351..3992a0f19 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c index dbf660889..141b123ae 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c +++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c @@ -124,6 +124,7 @@ METHOD(simaka_card_t, get_triplet, bool, if (rv != SCARD_S_SUCCESS) { DBG1(DBG_IKE, "SCardListReaders: %s", pcsc_stringify_error(rv)); + free(mszReaders); return FALSE; } diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 9f56b01da..8bc917d2a 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 9e41bf270..9a3aeb813 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index 0f6b7e95a..3f4b66735 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 83726b645..a5c69c5fb 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 1047ea0e0..f979c523a 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 1a779c60b..135d5e1b1 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 7439befbc..66b7cad89 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -347,6 +346,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -367,8 +368,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -423,8 +422,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -453,8 +450,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index d669b5707..f7904fdde 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index dc07f34c1..752fba7e6 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index f89ed736d..7e2f2a3c3 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 455108834..05093df22 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c index 7fdcfef28..20cf04844 100644 --- a/src/libcharon/plugins/ha/ha_kernel.c +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -240,7 +240,7 @@ static void enable_disable(private_ha_kernel_t *this, u_int segment, } /** - * Get the currenlty active segments in the kernel for a clusterip file + * Get the currently active segments in the kernel for a clusterip file */ static segment_mask_t get_active(private_ha_kernel_t *this, char *file) { diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index b212e2e33..74b3729c7 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index cc4450a95..fa8b093ca 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 09c03ed33..478d53dba 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 7ec64084b..b6b3af6d5 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -381,6 +380,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -401,8 +402,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -457,8 +456,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -487,8 +484,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 4926c3de8..1292e0895 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1131,7 +1131,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, watcher_event_t event) { - char response[1024]; + char response[netlink_get_buflen()]; struct nlmsghdr *hdr = (struct nlmsghdr*)response; struct sockaddr_nl addr; socklen_t addr_len = sizeof(addr); @@ -1336,6 +1336,23 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) } /** + * Add a uint32 attribute to message + */ +static bool add_uint32(struct nlmsghdr *hdr, int buflen, + enum xfrm_attr_type_t type, uint32_t value) +{ + uint32_t *xvalue; + + xvalue = netlink_reserve(hdr, buflen, type, sizeof(*xvalue)); + if (!xvalue) + { + return FALSE; + } + *xvalue = value; + return TRUE; +} + +/** * Check if kernel supports HW offload */ static void netlink_find_offload_feature(const char *ifname, int query_socket) @@ -1586,6 +1603,49 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa->id.proto = id->proto; sa->family = id->src->get_family(id->src); sa->mode = mode2kernel(mode); + + if (!data->copy_df) + { + sa->flags |= XFRM_STATE_NOPMTUDISC; + } + + if (!data->copy_ecn) + { + sa->flags |= XFRM_STATE_NOECN; + } + + if (data->inbound) + { + switch (data->copy_dscp) + { + case DSCP_COPY_YES: + case DSCP_COPY_IN_ONLY: + sa->flags |= XFRM_STATE_DECAP_DSCP; + break; + default: + break; + } + } + else + { + switch (data->copy_dscp) + { + case DSCP_COPY_IN_ONLY: + case DSCP_COPY_NO: + { + /* currently the only extra flag */ + if (!add_uint32(hdr, sizeof(request), XFRMA_SA_EXTRA_FLAGS, + XFRM_SA_XFLAG_DONT_ENCAP_DSCP)) + { + goto failed; + } + break; + } + default: + break; + } + } + switch (mode) { case MODE_TUNNEL: @@ -1829,17 +1889,23 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } + if (ipcomp == IPCOMP_NONE && (data->mark.value | data->mark.mask)) + { + if (!add_uint32(hdr, sizeof(request), XFRMA_SET_MARK, + data->mark.value) || + !add_uint32(hdr, sizeof(request), XFRMA_SET_MARK_MASK, + data->mark.mask)) + { + goto failed; + } + } + if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL) { /* the kernel supports TFC padding only for tunnel mode ESP SAs */ - uint32_t *tfcpad; - - tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD, - sizeof(*tfcpad)); - if (!tfcpad) + if (!add_uint32(hdr, sizeof(request), XFRMA_TFCPAD, data->tfc)) { goto failed; } - *tfcpad = data->tfc; } if (id->proto != IPPROTO_COMP) diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index b6eb54370..760a875ca 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1504,7 +1504,7 @@ static void process_rule(private_kernel_netlink_net_t *this, struct nlmsghdr *hd static bool receive_events(private_kernel_netlink_net_t *this, int fd, watcher_event_t event) { - char response[1536]; + char response[netlink_get_buflen()]; struct nlmsghdr *hdr = (struct nlmsghdr*)response; struct sockaddr_nl addr; socklen_t addr_len = sizeof(addr); @@ -2586,11 +2586,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, memset(half_net.ptr, 0, half_net.len); half_prefixlen = 1; - status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, - gateway, src_ip, if_name); + status = manage_srcroute(this, nlmsg_type, flags, half_net, + half_prefixlen, gateway, src_ip, if_name); half_net.ptr[0] |= 0x80; - status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, - gateway, src_ip, if_name); + status |= manage_srcroute(this, nlmsg_type, flags, half_net, + half_prefixlen, gateway, src_ip, if_name); return status; } @@ -2925,7 +2925,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, msg->rtm_flags |= FIB_RULE_INVERT; fwmark++; } - if (mark_from_string(fwmark, &mark)) + if (mark_from_string(fwmark, MARK_OP_NONE, &mark)) { chunk = chunk_from_thing(mark.value); netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request)); diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index 441c0c482..84d78eca2 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -381,7 +381,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in, for (i = 0, *out_len = 0; i < array_count(entry->hdrs); i++) { array_get(entry->hdrs, i, &hdr); - *out_len += hdr->nlmsg_len; + *out_len += NLMSG_ALIGN(hdr->nlmsg_len); } ptr = malloc(*out_len); *out = (struct nlmsghdr*)ptr; @@ -394,7 +394,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in, hdr->nlmsg_seq, hdr, hdr->nlmsg_len); } memcpy(ptr, hdr, hdr->nlmsg_len); - ptr += hdr->nlmsg_len; + ptr += NLMSG_ALIGN(hdr->nlmsg_len); free(hdr); } destroy_entry(entry); @@ -587,8 +587,31 @@ METHOD(netlink_socket_t, destroy, void, free(this); } -/** - * Described in header. +/* + * Described in header + */ +u_int netlink_get_buflen() +{ + u_int buflen; + + buflen = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.buflen", 0, lib->ns); + if (!buflen) + { + long pagesize = sysconf(_SC_PAGESIZE); + + if (pagesize == -1) + { + pagesize = 4096; + } + /* base this on NLMSG_GOODSIZE */ + buflen = min(pagesize, 8192); + } + return buflen; +} + +/* + * Described in header */ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, bool parallel) @@ -612,8 +635,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, .entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4), .protocol = protocol, .names = names, - .buflen = lib->settings->get_int(lib->settings, - "%s.plugins.kernel-netlink.buflen", 0, lib->ns), + .buflen = netlink_get_buflen(), .timeout = lib->settings->get_int(lib->settings, "%s.plugins.kernel-netlink.timeout", 0, lib->ns), .retries = lib->settings->get_int(lib->settings, @@ -624,16 +646,6 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, .parallel = parallel, ); - if (!this->buflen) - { - long pagesize = sysconf(_SC_PAGESIZE); - if (pagesize == -1) - { - pagesize = 4096; - } - /* base this on NLMSG_GOODSIZE */ - this->buflen = min(pagesize, 8192); - } if (this->socket == -1) { DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)", diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h index 7056e6ccc..82dce4c5c 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h @@ -101,4 +101,11 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data, */ void* netlink_reserve(struct nlmsghdr *hdr, int buflen, int type, int len); +/** + * Determine buffer size for received messages (e.g. events). + * + * @return buffer size + */ +u_int netlink_get_buflen(); + #endif /* KERNEL_NETLINK_SHARED_H_ */ diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index 0d3d3775b..539d1dc46 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 80c484b47..dbe409a62 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -890,10 +890,15 @@ static kernel_algorithm_t encryption_algs[] = { {ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 }, {ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 }, {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 }, +#elif defined(SADB_X_EALG_AES_GCM) /* macOS */ + {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM }, #endif #ifdef SADB_X_EALG_CAMELLIACBC {ENCR_CAMELLIA_CBC, SADB_X_EALG_CAMELLIACBC }, #endif +#ifdef SADB_X_EALG_CHACHA20POLY1305 + {ENCR_CHACHA20_POLY1305, SADB_X_EALG_CHACHA20POLY1305}, +#endif {END_OF_LIST, 0 }, }; @@ -2456,6 +2461,45 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, } /** + * Check if any significant data has changed to warrant sending an update to + * the kernel. + */ +static bool policy_update_required(policy_sa_t *current, policy_sa_t *updated) +{ + if (current->type != updated->type +#ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY + || current->priority != updated->priority +#endif + ) + { + return TRUE; + } + if (current->type == POLICY_IPSEC) + { + ipsec_sa_cfg_t *cur = ¤t->sa->cfg, *upd = &updated->sa->cfg; + + /* we don't use ipsec_sa_cfg_equals() here as e.g. SPIs are not + * relevant for this kernel interface, so we don't have to update the + * policy during a rekeying */ + if (cur->mode != upd->mode || + cur->reqid != upd->reqid || + cur->esp.use != upd->esp.use || + cur->ah.use != upd->ah.use || + cur->ipcomp.transform != upd->ipcomp.transform) + { + return TRUE; + } + if (cur->mode == MODE_TUNNEL && + (!current->sa->src->ip_equals(current->sa->src, updated->sa->src) || + !current->sa->dst->ip_equals(current->sa->dst, updated->sa->dst))) + { + return TRUE; + } + } + return FALSE; +} + +/** * Add or update a policy in the kernel. * * Note: The mutex has to be locked when entering this function. @@ -2629,7 +2673,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; - policy_sa_t *assigned_sa, *current_sa; + policy_sa_t *assigned_sa, *current_sa = NULL; enumerator_t *enumerator; bool update = TRUE; @@ -2692,6 +2736,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t, policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa); enumerator->destroy(enumerator); + if (update && current_sa) + { /* check if there are actually any relevant changes, if not, we don't + * send an update to the kernel as e.g. FreeBSD doesn't do that + * atomically, causing unnecessary traffic loss during rekeyings */ + update = policy_update_required(current_sa, assigned_sa); + } + if (!update) { /* we don't update the policy if the priority is lower than that of the * currently installed one */ @@ -2889,22 +2940,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return SUCCESS; } policy->used_by->remove(policy->used_by, to_remove, NULL); - mapping = to_remove; if (policy->used_by->get_count(policy->used_by) > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); - policy_sa_destroy(mapping, id->dir, this); + + if (is_installed) + { /* check if there are actually any relevant changes, if not, we do + * not send an update to the kernel as e.g. FreeBSD doesn't do that + * atomically, causing unnecessary traffic loss during rekeyings */ + policy->used_by->get_first(policy->used_by, (void**)&mapping); + is_installed = policy_update_required(mapping, to_remove); + } + policy_sa_destroy(to_remove, id->dir, this); if (!is_installed) - { /* no need to update as the policy was not installed for this SA */ + { /* no need to update as the policy */ this->mutex->unlock(this->mutex); return SUCCESS; } DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts, policy_dir_names, id->dir); - policy->used_by->get_first(policy->used_by, (void**)&mapping); if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS) { DBG1(DBG_KNL, "unable to update policy %R === %R %N", @@ -2926,7 +2983,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); pol->sadb_x_policy_dir = dir2kernel(id->dir); - pol->sadb_x_policy_type = type2kernel(mapping->type); + pol->sadb_x_policy_type = type2kernel(to_remove->type); PFKEY_EXT_ADD(msg, pol); add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, @@ -2949,7 +3006,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, } this->policies->remove(this->policies, found, NULL); - policy_sa_destroy(mapping, id->dir, this); + policy_sa_destroy(to_remove, id->dir, this); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index dc4d1c852..b75e0bcde 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index 98e147717..36c3b828c 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -347,6 +346,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -367,8 +368,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -423,8 +422,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -453,8 +450,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 7abb83daa..d500bc704 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 42ad9abf3..deb3620c7 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -323,7 +323,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -349,6 +348,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -369,8 +370,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -425,8 +424,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -455,8 +452,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c index 24076d443..8e89ab435 100644 --- a/src/libcharon/plugins/load_tester/load_tester_control.c +++ b/src/libcharon/plugins/load_tester/load_tester_control.c @@ -69,7 +69,7 @@ struct init_listener_t { hashtable_t *initiated; /** - * IKE_SAs we have completed to initate (success or failure) + * IKE_SAs we have completed to initiate (success or failure) */ hashtable_t *completed; diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index b8c5d2249..905ff8d35 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -345,6 +344,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -365,8 +366,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -421,8 +420,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,8 +448,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 47175b4b9..84d0b86ce 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 176e2a5cb..7300a774b 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index ec1916aba..7795ac7a6 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 9afed4111..5500bdcba 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index ee16cceb8..f12e54e72 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 45e2723cc..ec5c0d420 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/save_keys/Makefile.in b/src/libcharon/plugins/save_keys/Makefile.in index a56d8eacd..7b1ad145d 100644 --- a/src/libcharon/plugins/save_keys/Makefile.in +++ b/src/libcharon/plugins/save_keys/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 33484587b..9b476f807 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 86296443d..29d3d2dad 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -76,7 +76,8 @@ static void write_id(xmlTextWriterPtr writer, char *element, identification_t *i switch (id->get_type(id)) { { - char *type = ""; + char *type; + while (TRUE) { case ID_ANY: @@ -324,10 +325,12 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write xmlTextWriterStartElement(writer, "childconfig"); xmlTextWriterWriteElement(writer, "name", child_cfg->get_name(child_cfg)); - list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); write_networks(writer, "local", list); list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); - list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); write_networks(writer, "remote", list); list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); xmlTextWriterEndElement(writer); diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 05684706e..50529c480 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 57e092968..68e5a7a0e 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -745,7 +745,7 @@ static int open_socket(private_socket_default_socket_t *this, fwmark = lib->settings->get_str(lib->settings, "%s.plugins.socket-default.fwmark", NULL, lib->ns); - if (fwmark && mark_from_string(fwmark, &mark)) + if (fwmark && mark_from_string(fwmark, MARK_OP_NONE, &mark)) { if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value, sizeof(mark.value)) < 0) diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 39558dc24..6ffcafa98 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index bb349c0a3..5c67e15fd 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 96733406e..a0fcd8857 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 3cf95f9a9..4124da4a6 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index d1bf139c2..d7671481d 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -580,8 +580,10 @@ METHOD(stroke_list_t, status, void, children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { - my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); - other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, + NULL, NULL, FALSE); + other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, + NULL, NULL, FALSE); fprintf(out, "%12s: child: %#R === %#R %N", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); @@ -614,8 +616,10 @@ METHOD(stroke_list_t, status, void, fprintf(out, "Shunted Connections:\n"); first = FALSE; } - my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); - other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); + other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); fprintf(out, "%12s: %#R === %#R %N\n", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); @@ -1055,7 +1059,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, fprintf(out, "Leases in pool '%s', usage: %u/%u, %u online\n", pool, online + offline, size, online); enumerator = this->attribute->create_lease_enumerator(this->attribute, pool); - while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on)) + while (enumerator->enumerate(enumerator, &id, &lease, &on)) { if (!address || address->ip_equals(address, lease)) { diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 0667d359c..aef21673b 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index dcf2c5858..6f1a4a356 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index 02587d1f0..13cb136ab 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -343,6 +342,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -363,8 +364,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -419,8 +418,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,8 +446,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 17f0cd464..bdad67ba5 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -665,7 +665,7 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even server_ip = host_create_any(client_ip->get_family(client_ip)); /* At this moment the client identity is not known yet */ - client_id = identification_create_from_encoding(ID_ANY, chunk_empty), + client_id = identification_create_from_encoding(ID_ANY, chunk_empty); tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE, this->server, client_id, server_ip, diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index a01a5f74e..da8e2a7c2 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index fd29de336..08924353c 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index 05ae8d504..afbd6cc7e 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -56,7 +56,7 @@ static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts, received = linked_list_create(); received->insert_last(received, ts); - selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL); + selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL, FALSE); while (selected->remove_first(selected, (void**)&ts) == SUCCESS) { list->insert_last(list, ts); @@ -140,7 +140,8 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local) { ts->destroy(ts); } - configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL, + FALSE); while (configured->remove_first(configured, (void**)&ts) == SUCCESS) { diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index b52ffeeb1..76aad47e6 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -160,7 +160,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, &child_cfg)) { - current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL, + FALSE); while (current->remove_first(current, (void**)&ts) == SUCCESS) { if (use_ts(ts)) diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 0f2a055d2..4927e945a 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index d28223dca..31054634a 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -409,7 +409,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -435,6 +434,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -455,8 +456,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -511,8 +510,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -541,8 +538,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 0038f0844..5bd8c1727 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -75,7 +75,7 @@ for example. The defined packet types optionally wrap a message with additional data. Messages are currently used in CMD_REQUEST/CMD_RESPONSE, and in EVENT packets. -A message uses a hierarchial tree of sections. Each section (or the implicit +A message uses a hierarchical tree of sections. Each section (or the implicit root section) contains an arbitrary set of key/value pairs, lists and sub-sections. The length of a message is not part of the message itself, but the wrapping layer, usually calculated from the transport byte sequence length. @@ -140,7 +140,7 @@ Consider the following structure using pseudo-markup for this example: list1 = [ item1, item2 ] } -The example above reprensents a valid tree structure, that gets encoded as +The example above represents a valid tree structure, that gets encoded as the following C array: char msg[] = { @@ -302,6 +302,7 @@ Initiate the rekeying of an SA. ike = <rekey an IKE_SA by configuration name> child-id = <rekey a CHILD_SA by its reqid> ike-id = <rekey an IKE_SA by its unique id> + reauth = <reauthenticate instead of rekey an IKEv2 SA> } => { success = <yes or no> matches = <number of matched SAs> diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 59b0774b8..42e35745e 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -253,6 +252,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -273,8 +274,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -329,8 +328,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -359,8 +356,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm index b0a942c04..d0700fa97 100644 --- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm @@ -29,7 +29,9 @@ sub from_data { my $data = shift; my %hash = (); - parse($data, \%hash); + open my $data_fd, '<', \$data; + parse($data_fd, \%hash); + close $data_fd; my $self = { Hash => \%hash @@ -62,29 +64,30 @@ sub result { # private functions sub parse { - my $data = shift; + my $fd = shift; my $hash = shift; + my $data; - while (length($data) > 0) + until ( eof $fd ) { - (my $type, $data) = unpack('Ca*', $data); + my $type = unpack('C', read_data($fd, 1)); - if ($type == SECTION_END) - { - return $data; - } + if ( $type == SECTION_END ) + { + return; + } - (my $key, $data) = unpack('C/a*a*', $data); + my $key = read_len_data($fd, 1); if ( $type == KEY_VALUE ) { - (my $value, $data) = unpack('n/a*a*', $data); + my $value = read_len_data($fd, 2); $hash->{$key} = $value; } elsif ( $type == SECTION_START ) { my %section = (); - $data = parse($data, \%section); + parse($fd, \%section); $hash->{$key} = \%section; } elsif ( $type == LIST_START ) @@ -92,19 +95,20 @@ sub parse { my @list = (); my $more = 1; - while (length($data) > 0 and $more) + while ( !eof($fd) and $more ) { - (my $type, $data) = unpack('Ca*', $data); + my $type = unpack('C', read_data($fd, 1)); + if ( $type == LIST_ITEM ) { - (my $value, $data) = unpack('n/a*a*', $data); + my $value = read_len_data($fd, 2); push(@list, $value); } elsif ( $type == LIST_END ) { $more = 0; $hash->{$key} = \@list; - } + } else { die "message parsing error: ", $type, "\n" @@ -116,9 +120,28 @@ sub parse { die "message parsing error: ", $type, "\n" } } +} + +sub read_data { + my $fd = shift; + my $len = shift; + my $data; + + my $res = read $fd, $data, $len; + unless (defined $res and $res == $len) + { + die "message parsing error: unable to read ", $len, " bytes\n"; + } return $data; } +sub read_len_data { + my $fd = shift; + my $len = shift; + + $len = unpack($len == 1 ? 'C' : 'n', read_data($fd, $len)); + return read_data($fd, $len); +} sub encode_hash { my $hash = shift; diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 057ea88f4..6592a1ae0 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -249,7 +249,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -275,6 +274,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -295,8 +296,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -351,8 +350,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -381,8 +378,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index ff4e07d2d..fb9d348d1 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -253,6 +252,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -273,8 +274,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -329,8 +328,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -359,8 +356,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb index f846a14af..61de99a1f 100644 --- a/src/libcharon/plugins/vici/ruby/lib/vici.rb +++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb @@ -450,7 +450,7 @@ module Vici ## # Flush credential cache. - def flush_certs((match = nil) + def flush_certs(match = nil) check_success(@transp.request("flush-certs", Message.new(match))) end diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index 4d174253d..f7c7ce13a 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -705,7 +705,7 @@ CALLBACK(get_pools, vici_message_t*, i = 0; builder->begin_section(builder, "leases"); leases = vips->create_lease_enumerator(vips); - while (leases && leases->enumerate(leases, &uid, &lease, &on)) + while (leases->enumerate(leases, &uid, &lease, &on)) { snprintf(buf, sizeof(buf), "%d", i++); builder->begin_section(builder, buf); diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index f4e9e33ee..10c62dc89 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -2,8 +2,8 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * - * Copyright (C) 2015-2017 Tobias Brunner - * Copyright (C) 2015-2016 Andreas Steffen + * Copyright (C) 2015-2018 Tobias Brunner + * Copyright (C) 2015-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -304,6 +304,8 @@ typedef struct { bool mobike; bool send_certreq; bool pull; + identification_t *ppk_id; + bool ppk_required; cert_policy_t send_cert; uint64_t dpd_delay; uint64_t dpd_timeout; @@ -403,6 +405,8 @@ static void log_peer_data(peer_data_t *data) DBG2(DBG_CFG, " remote_port = %u", data->remote_port); DBG2(DBG_CFG, " send_certreq = %u", data->send_certreq); DBG2(DBG_CFG, " send_cert = %N", cert_policy_names, data->send_cert); + DBG2(DBG_CFG, " ppk_id = %Y", data->ppk_id); + DBG2(DBG_CFG, " ppk_required = %u", data->ppk_required); DBG2(DBG_CFG, " mobike = %u", data->mobike); DBG2(DBG_CFG, " aggressive = %u", data->aggressive); DBG2(DBG_CFG, " dscp = 0x%.2x", data->dscp); @@ -469,6 +473,7 @@ static void free_peer_data(peer_data_t *data) free(data->pools); free(data->local_addrs); free(data->remote_addrs); + DESTROY_IF(data->ppk_id); #ifdef ME free(data->mediated_by); DESTROY_IF(data->peer_id); @@ -484,7 +489,6 @@ typedef struct { linked_list_t *local_ts; linked_list_t *remote_ts; uint32_t replay_window; - bool policies; child_cfg_create_t cfg; } child_data_t; @@ -511,7 +515,7 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " ipcomp = %u", has_opt(OPT_IPCOMP)); DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode, has_opt(OPT_PROXY_MODE) ? "_PROXY" : ""); - DBG2(DBG_CFG, " policies = %u", data->policies); + DBG2(DBG_CFG, " policies = %u", !has_opt(OPT_NO_POLICIES)); DBG2(DBG_CFG, " policies_fwd_out = %u", has_opt(OPT_FWD_OUT_POLICIES)); if (data->replay_window != REPLAY_UNDEFINED) { @@ -529,12 +533,19 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA)); DBG2(DBG_CFG, " mark_out = %u/%u", cfg->mark_out.value, cfg->mark_out.mask); + DBG2(DBG_CFG, " set_mark_in = %u/%u", + cfg->set_mark_in.value, cfg->set_mark_in.mask); + DBG2(DBG_CFG, " set_mark_out = %u/%u", + cfg->set_mark_out.value, cfg->set_mark_out.mask); DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity); DBG2(DBG_CFG, " proposals = %#P", data->proposals); DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload); DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96)); + DBG2(DBG_CFG, " copy_df = %u", !has_opt(OPT_NO_COPY_DF)); + DBG2(DBG_CFG, " copy_ecn = %u", !has_opt(OPT_NO_COPY_ECN)); + DBG2(DBG_CFG, " copy_dscp = %N", dscp_copy_names, cfg->copy_dscp); } /** @@ -847,16 +858,17 @@ CALLBACK(parse_mode, bool, } /** - * Enable a child_cfg_option_t + * Enable a child_cfg_option_t, the flag controls whether the option is enabled + * if the parsed value is TRUE or FALSE. */ static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt, - chunk_t v) + chunk_t v, bool add_if_true) { bool val; if (parse_bool(&val, v)) { - if (val) + if (val == add_if_true) { *out |= opt; } @@ -871,7 +883,16 @@ static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt, CALLBACK(parse_opt_haccess, bool, child_cfg_option_t *out, chunk_t v) { - return parse_option(out, OPT_HOSTACCESS, v); + return parse_option(out, OPT_HOSTACCESS, v, TRUE); +} + +/** + * Parse OPT_NO_POLICIES option + */ +CALLBACK(parse_opt_policies, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_NO_POLICIES, v, FALSE); } /** @@ -880,7 +901,7 @@ CALLBACK(parse_opt_haccess, bool, CALLBACK(parse_opt_fwd_out, bool, child_cfg_option_t *out, chunk_t v) { - return parse_option(out, OPT_FWD_OUT_POLICIES, v); + return parse_option(out, OPT_FWD_OUT_POLICIES, v, TRUE); } /** @@ -889,17 +910,16 @@ CALLBACK(parse_opt_fwd_out, bool, CALLBACK(parse_opt_ipcomp, bool, child_cfg_option_t *out, chunk_t v) { - return parse_option(out, OPT_IPCOMP, v); + return parse_option(out, OPT_IPCOMP, v, TRUE); } - /** * Parse OPT_SHA256_96 option */ CALLBACK(parse_opt_sha256_96, bool, child_cfg_option_t *out, chunk_t v) { - return parse_option(out, OPT_SHA256_96, v); + return parse_option(out, OPT_SHA256_96, v, TRUE); } /** @@ -908,7 +928,47 @@ CALLBACK(parse_opt_sha256_96, bool, CALLBACK(parse_opt_mark_in, bool, child_cfg_option_t *out, chunk_t v) { - return parse_option(out, OPT_MARK_IN_SA, v); + return parse_option(out, OPT_MARK_IN_SA, v, TRUE); +} + +/** + * Parse OPT_NO_COPY_DF option + */ +CALLBACK(parse_opt_copy_df, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_NO_COPY_DF, v, FALSE); +} + +/** + * Parse OPT_NO_COPY_ECN option + */ +CALLBACK(parse_opt_copy_ecn, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_NO_COPY_ECN, v, FALSE); +} + +/** + * Parse a dscp_copy_t + */ +CALLBACK(parse_copy_dscp, bool, + dscp_copy_t *out, chunk_t v) +{ + enum_map_t map[] = { + { "no", DSCP_COPY_NO }, + { "in", DSCP_COPY_IN_ONLY }, + { "out", DSCP_COPY_OUT_ONLY }, + { "yes", DSCP_COPY_YES }, + }; + int d; + + if (parse_map(map, countof(map), &d, v)) + { + *out = d; + return TRUE; + } + return FALSE; } /** @@ -1126,7 +1186,22 @@ CALLBACK(parse_mark, bool, { return FALSE; } - return mark_from_string(buf, out); + return mark_from_string(buf, MARK_OP_UNIQUE, out); +} + +/** + * Parse a mark_t when using it as set_mark. + */ +CALLBACK(parse_set_mark, bool, + mark_t *out, chunk_t v) +{ + char buf[32]; + + if (!vici_stringify(v, buf, sizeof(buf))) + { + return FALSE; + } + return mark_from_string(buf, MARK_OP_SAME, out); } /** @@ -1514,9 +1589,8 @@ CALLBACK(parse_hosts, bool, return TRUE; } -#ifdef ME /** - * Parse peer ID + * Parse peer/ppk ID */ CALLBACK(parse_peer_id, bool, identification_t **out, chunk_t v) @@ -1530,7 +1604,7 @@ CALLBACK(parse_peer_id, bool, *out = identification_create_from_string(buf); return TRUE; } -#endif /* ME */ + CALLBACK(cert_kv, bool, cert_data_t *cert, vici_message_t *message, char *name, chunk_t value) @@ -1567,7 +1641,7 @@ CALLBACK(child_kv, bool, { "updown", parse_string, &child->cfg.updown }, { "hostaccess", parse_opt_haccess, &child->cfg.options }, { "mode", parse_mode, &child->cfg }, - { "policies", parse_bool, &child->policies }, + { "policies", parse_opt_policies, &child->cfg.options }, { "policies_fwd_out", parse_opt_fwd_out, &child->cfg.options }, { "replay_window", parse_uint32, &child->replay_window }, { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, @@ -1588,11 +1662,16 @@ CALLBACK(child_kv, bool, { "mark_in", parse_mark, &child->cfg.mark_in }, { "mark_in_sa", parse_opt_mark_in, &child->cfg.options }, { "mark_out", parse_mark, &child->cfg.mark_out }, + { "set_mark_in", parse_set_mark, &child->cfg.set_mark_in }, + { "set_mark_out", parse_set_mark, &child->cfg.set_mark_out }, { "tfc_padding", parse_tfc, &child->cfg.tfc }, { "priority", parse_uint32, &child->cfg.priority }, { "interface", parse_string, &child->cfg.interface }, { "hw_offload", parse_hw_offload, &child->cfg.hw_offload }, { "sha256_96", parse_opt_sha256_96,&child->cfg.options }, + { "copy_df", parse_opt_copy_df, &child->cfg.options }, + { "copy_ecn", parse_opt_copy_ecn, &child->cfg.options }, + { "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp }, }; return parse_rules(rules, countof(rules), name, value, @@ -1604,7 +1683,7 @@ CALLBACK(auth_li, bool, { parse_rule_t rules[] = { { "groups", parse_group, auth->cfg }, - { "cert_policy", parse_cert_policy, auth }, + { "cert_policy", parse_cert_policy, auth->cfg }, { "certs", parse_certs, auth }, { "cacerts", parse_cacerts, auth }, { "pubkeys", parse_pubkeys, auth }, @@ -1669,6 +1748,8 @@ CALLBACK(peer_kv, bool, { "rekey_time", parse_time, &peer->rekey_time }, { "over_time", parse_time, &peer->over_time }, { "rand_time", parse_time, &peer->rand_time }, + { "ppk_id", parse_peer_id, &peer->ppk_id }, + { "ppk_required", parse_bool, &peer->ppk_required }, #ifdef ME { "mediation", parse_bool, &peer->mediation }, { "mediated_by", parse_string, &peer->mediated_by }, @@ -1802,7 +1883,6 @@ CALLBACK(children_sn, bool, .proposals = linked_list_create(), .local_ts = linked_list_create(), .remote_ts = linked_list_create(), - .policies = TRUE, .replay_window = REPLAY_UNDEFINED, .cfg = { .mode = MODE_TUNNEL, @@ -1858,7 +1938,6 @@ CALLBACK(children_sn, bool, child.proposals->insert_last(child.proposals, proposal); } } - child.cfg.options |= child.policies ? 0 : OPT_NO_POLICIES; check_lifetimes(&child.cfg.lifetime); @@ -2212,8 +2291,8 @@ static void merge_config(private_vici_config_t *this, peer_cfg_t *peer_cfg) { DBG1(DBG_CFG, "replaced vici connection: %s", peer_cfg->get_name(peer_cfg)); + this->conns->insert_before(this->conns, enumerator, peer_cfg); this->conns->remove_at(this->conns, enumerator); - this->conns->insert_last(this->conns, peer_cfg); handle_start_actions(this, current, TRUE); handle_start_actions(this, peer_cfg, FALSE); current->destroy(current); @@ -2407,6 +2486,8 @@ CALLBACK(config_sn, bool, .push_mode = !peer.pull, .dpd = peer.dpd_delay, .dpd_timeout = peer.dpd_timeout, + .ppk_id = peer.ppk_id ? peer.ppk_id->clone(peer.ppk_id) : NULL, + .ppk_required = peer.ppk_required, }; #ifdef ME cfg.mediation = peer.mediation; diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index ce19608dc..16e49fdbc 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -373,11 +373,13 @@ CALLBACK(rekey, vici_message_t*, ike_sa_t *ike_sa; child_sa_t *child_sa; vici_builder_t *builder; + bool reauth; child = request->get_str(request, NULL, "child"); ike = request->get_str(request, NULL, "ike"); child_id = request->get_int(request, 0, "child-id"); ike_id = request->get_int(request, 0, "ike-id"); + reauth = request->get_bool(request, FALSE, "reauth"); if (!child && !ike && !ike_id && !child_id) { @@ -438,7 +440,7 @@ CALLBACK(rekey, vici_message_t*, (ike_id && ike_id == ike_sa->get_unique_id(ike_sa))) { lib->processor->queue_job(lib->processor, - (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE)); + (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), reauth)); found++; } } diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index ec6c80a5b..038338805 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -442,6 +442,10 @@ CALLBACK(load_shared, vici_message_t*, { type = SHARED_NT_HASH; } + else if (strcaseeq(str, "ppk")) + { + type = SHARED_PPK; + } else { return create_reply("invalid shared key type: %s", str); diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index 13761f59d..df5b85c64 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -102,18 +102,10 @@ bool vici_verify_type(vici_type_t type, u_int section, bool list) DBG1(DBG_ENC, "'%N' outside of section", vici_type_names, type); return FALSE; } - if (type == VICI_END) + if (type == VICI_END && section) { - if (section) - { - DBG1(DBG_ENC, "'%N' within section", vici_type_names, type); - return FALSE; - } - if (list) - { - DBG1(DBG_ENC, "'%N' within list", vici_type_names, type); - return FALSE; - } + DBG1(DBG_ENC, "'%N' within section", vici_type_names, type); + return FALSE; } return TRUE; } diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 82c3d7855..d7b61ca72 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015-2017 Tobias Brunner - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi @@ -417,6 +417,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "dh-group", "%N", diffie_hellman_group_names, alg); } } + add_condition(b, ike_sa, "ppk", COND_PPK); if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { @@ -570,7 +571,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike, list_mode(b, NULL, cfg); b->begin_list(b, "local-ts"); - list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL); + list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL, FALSE); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &ts)) { @@ -581,7 +582,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike, b->end_list(b /* local-ts */); b->begin_list(b, "remote-ts"); - list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL); + list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL, FALSE); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &ts)) { @@ -737,6 +738,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b) rules->destroy(rules); b->end_list(b); + b->begin_list(b, "cert_policy"); + rules = auth->create_enumerator(auth); + while (rules->enumerate(rules, &rule, &v)) + { + if (rule == AUTH_RULE_CERT_POLICY) + { + b->add_li(b, "%s", v.str); + } + } + rules->destroy(rules); + b->end_list(b); + b->begin_list(b, "certs"); rules = auth->create_enumerator(auth); while (rules->enumerate(rules, &rule, &v)) @@ -775,6 +788,7 @@ CALLBACK(list_conns, vici_message_t*, child_cfg_t *child_cfg; char *ike, *str, *interface; uint32_t manual_prio, dpd_delay, dpd_timeout; + identification_t *ppk_id; linked_list_t *list; traffic_selector_t *ts; lifetime_cfg_t *lft; @@ -837,6 +851,16 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "dpd_timeout", "%u", dpd_timeout); } + ppk_id = peer_cfg->get_ppk_id(peer_cfg); + if (ppk_id) + { + b->add_kv(b, "ppk_id", "%Y", ppk_id); + } + if (peer_cfg->ppk_required(peer_cfg)) + { + b->add_kv(b, "ppk_required", "yes"); + } + build_auth_cfgs(peer_cfg, TRUE, b); build_auth_cfgs(peer_cfg, FALSE, b); @@ -861,7 +885,8 @@ CALLBACK(list_conns, vici_message_t*, child_cfg->get_close_action(child_cfg)); b->begin_list(b, "local-ts"); - list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, + NULL, FALSE); selectors = list->create_enumerator(list); while (selectors->enumerate(selectors, &ts)) { @@ -872,7 +897,8 @@ CALLBACK(list_conns, vici_message_t*, b->end_list(b /* local-ts */); b->begin_list(b, "remote-ts"); - list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); + list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, + NULL, FALSE); selectors = list->create_enumerator(list); while (selectors->enumerate(selectors, &ts)) { diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index ad9a092cc..9a661077e 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -346,6 +345,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -366,8 +367,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -422,8 +421,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,8 +449,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index d702a01a6..f9b387d45 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index eeeb4190a..b26065c8c 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 87a6c872a..cd5848cf3 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index a224ffba4..26ab290c3 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c index 497ad3dd9..f979d1103 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c @@ -89,7 +89,7 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, private_xauth_pam_plugin_t *this) { - this->listener->destroy(this->listener), + this->listener->destroy(this->listener); free(this); } diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h index 42d9ce32e..58a8ca04f 100644 --- a/src/libcharon/sa/authenticator.h +++ b/src/libcharon/sa/authenticator.h @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil * @@ -157,6 +157,17 @@ struct authenticator_t { status_t (*build)(authenticator_t *this, message_t *message); /** + * Optional method to set a Postquantum Preshared Key (PPK) to be used + * during authentication. + * + * Has to be called before the final call to process()/build(). + * + * @param ppk PPK to use + * @param no_ppk_auth whether to add a NO_PPK_AUTH notify in build() + */ + void (*use_ppk)(authenticator_t *this, chunk_t ppk, bool no_ppk_auth); + + /** * Check if the authenticator is capable of mutual authentication. * * Some authenticator authenticate both peers, e.g. EAP. To support diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 7eeb578f3..c33398bee 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -890,12 +890,21 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, .cpi = cpi, .encap = this->encap, .hw_offload = this->config->get_hw_offload(this->config), + .mark = this->config->get_set_mark(this->config, inbound), .esn = esn, + .copy_df = !this->config->has_option(this->config, OPT_NO_COPY_DF), + .copy_ecn = !this->config->has_option(this->config, OPT_NO_COPY_ECN), + .copy_dscp = this->config->get_copy_dscp(this->config), .initiator = initiator, .inbound = inbound, .update = update, }; + if (sa.mark.value == MARK_SAME) + { + sa.mark.value = inbound ? this->mark_in.value : this->mark_out.value; + } + status = charon->kernel->add_sa(charon->kernel, &id, &sa); my_ts->destroy(my_ts); @@ -1723,7 +1732,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) traffic_selector_t *ts; list = linked_list_create_with_items(ike, NULL); - ts_list = config->get_traffic_selectors(config, local, NULL, list); + ts_list = config->get_traffic_selectors(config, local, NULL, list, FALSE); list->destroy(list); enumerator = ts_list->create_enumerator(ts_list); diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index f39fed6f0..a4ad866d3 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -674,6 +674,7 @@ METHOD(ike_sa_t, get_ike_cfg, ike_cfg_t*, METHOD(ike_sa_t, set_ike_cfg, void, private_ike_sa_t *this, ike_cfg_t *ike_cfg) { + DESTROY_IF(this->ike_cfg); ike_cfg->get_ref(ike_cfg); this->ike_cfg = ike_cfg; } diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 316b713ee..c1d3e1d7a 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -156,6 +156,11 @@ enum ike_extension_t { * IKEv2 Message ID sync, RFC 6311 */ EXT_IKE_MESSAGE_ID_SYNC = (1<<14), + + /** + * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2 + */ + EXT_PPK = (1<<15), }; /** @@ -227,6 +232,11 @@ enum ike_condition_t { * Online certificate revocation checking is suspended for this IKE_SA */ COND_ONLINE_VALIDATION_SUSPENDED = (1<<12), + + /** + * A Postquantum Preshared Key was used when this IKE_SA was created + */ + COND_PPK = (1<<13), }; /** diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 2a499db40..c50c70860 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2011 Martin Willi * Copyright (C) 2011 revosec AG * - * Copyright (C) 2008-2017 Tobias Brunner + * Copyright (C) 2008-2018 Tobias Brunner * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil * @@ -1620,17 +1620,6 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool, unlock_single_segment(this, segment); return FALSE; } - /* threads waiting for this entry do so using the (soon) wrong IKE_SA - * ID and, therefore, likely on the wrong segment, so drive them out */ - entry->driveout_waiting_threads = TRUE; - entry->driveout_new_threads = TRUE; - while (entry->waiting_threads) - { - entry->condvar->broadcast(entry->condvar); - entry->condvar->wait(entry->condvar, this->segments[segment].mutex); - } - remove_entry(this, entry); - unlock_single_segment(this, segment); } else { @@ -1638,7 +1627,19 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool, return FALSE; } + /* the hashtable row and segment are determined by the local SPI as + * initiator, so if we change it the row and segment derived from it might + * change as well. This could be a problem for threads waiting for the + * entry (in particular those enumerating entries to check them out by + * unique ID or name). In order to avoid having to drive them out and thus + * preventing them from checking out the entry (even though the ID or name + * will not change and enumerating it is also fine), we mask the new SPI and + * merge it with the old SPI so the entry ends up in the same row/segment. + * Since SPIs are 64-bit and the number of rows/segments is usually + * relatively low this should not be a problem. */ spi = ike_sa_id->get_initiator_spi(ike_sa_id); + new_spi = (spi & (uint64_t)this->table_mask) | + (new_spi & ~(uint64_t)this->table_mask); DBG2(DBG_MGR, "change initiator SPI of IKE_SA %s[%u] from %.16"PRIx64" to " "%.16"PRIx64, ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -1647,10 +1648,7 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool, ike_sa_id->set_initiator_spi(ike_sa_id, new_spi); entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa_id); - entry->driveout_waiting_threads = FALSE; - entry->driveout_new_threads = FALSE; - - segment = put_entry(this, entry); + entry->condvar->signal(entry->condvar); unlock_single_segment(this, segment); return TRUE; } @@ -2017,6 +2015,8 @@ static status_t enforce_replace(private_ike_sa_manager_t *this, * CHILD_SAs to keep connectivity up. */ lib->scheduler->schedule_job(lib->scheduler, (job_t*) delete_ike_sa_job_create(duplicate->get_id(duplicate), TRUE), 10); + DBG1(DBG_IKE, "schedule delete of duplicate IKE_SA for peer '%Y' due " + "to uniqueness policy and suspected reauthentication", other); return SUCCESS; } DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer '%Y' due to " diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 1de05b4ec..bcea1f388 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -219,7 +219,6 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e, encryption_algorithm_names, alg, key_size); return NULL; } - key_size = crypter->get_key_size(crypter); if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka)) { return NULL; diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 5856f829e..b99d75142 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -311,7 +311,7 @@ static void save_auth_cfg(private_phase1_t *this, return; } auth = auth_cfg_create(); - /* for local config, we _copy_ entires from the config, as it contains + /* for local config, we _copy_ entries from the config, as it contains * certificates we must send later. */ auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local); this->ike_sa->add_auth_cfg(this->ike_sa, local, auth); diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 3472d2c35..5f6c3bbe8 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -721,6 +721,7 @@ METHOD(task_manager_t, initiate, status_t, { case IKE_CONNECTING: /* close after sending an INFORMATIONAL when unestablished */ + charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return FAILED; case IKE_DELETING: /* close after sending a DELETE */ @@ -920,15 +921,16 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) } else /* DPD_R_U_THERE_ACK */ { - if (seq == this->dpd_send - 1) + if (seq == this->dpd_send) { + this->dpd_send++; this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND, time_monotonic(NULL)); } else { DBG1(DBG_IKE, "received invalid DPD sequence number %u " - "(expected %u), ignored", seq, this->dpd_send - 1); + "(expected %u), ignored", seq, this->dpd_send); } } return TRUE; @@ -1843,7 +1845,7 @@ METHOD(task_manager_t, queue_dpd, void, uint32_t t, retransmit; queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE, - this->dpd_send++)); + this->dpd_send)); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); /* compute timeout in milliseconds */ diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 82d647a6c..023119dd4 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -270,11 +270,6 @@ METHOD(task_t, build_i, status_t, return FAILED; } id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); - if (!id) - { - DBG1(DBG_CFG, "own identity not known"); - return FAILED; - } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(PLV1_ID, id); this->id_data = id_payload->get_encoded(id_payload); @@ -302,6 +297,7 @@ METHOD(task_t, build_i, status_t, this->id_data)) { this->id_data = chunk_empty; + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } this->id_data = chunk_empty; @@ -330,6 +326,7 @@ METHOD(task_t, build_i, status_t, } if (!establish(this)) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } break; @@ -428,6 +425,7 @@ METHOD(task_t, process_r, status_t, { DBG1(DBG_IKE, "Aggressive Mode PSK disabled for " "security reasons"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } break; @@ -455,6 +453,7 @@ METHOD(task_t, process_r, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, INVALID_PAYLOAD_TYPE); } @@ -465,6 +464,7 @@ METHOD(task_t, process_r, status_t, this->method, TRUE, id); if (!this->peer_cfg) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg); @@ -493,6 +493,7 @@ METHOD(task_t, process_r, status_t, this->method, TRUE, NULL); if (!this->peer_cfg) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg); @@ -502,6 +503,7 @@ METHOD(task_t, process_r, status_t, { DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids " "IKE_SA, cancelling"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } @@ -528,6 +530,7 @@ METHOD(task_t, process_r, status_t, } if (!establish(this)) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } job = adopt_children_job_create( @@ -602,11 +605,6 @@ METHOD(task_t, build_r, status_t, } id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); - if (!id) - { - DBG1(DBG_CFG, "own identity not known"); - return send_notify(this, INVALID_ID_INFORMATION); - } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(PLV1_ID, id); @@ -615,6 +613,7 @@ METHOD(task_t, build_r, status_t, if (!this->ph1->build_auth(this->ph1, this->method, message, id_payload->get_encoded(id_payload))) { + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } return NEED_MORE; @@ -679,6 +678,7 @@ METHOD(task_t, process_i, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } id = id_payload->get_identification(id_payload); @@ -687,6 +687,7 @@ METHOD(task_t, process_i, status_t, { DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid); id->destroy(id); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, INVALID_ID_INFORMATION); } this->ike_sa->set_other_id(this->ike_sa, id); @@ -698,6 +699,7 @@ METHOD(task_t, process_i, status_t, if (!this->ph1->verify_auth(this->ph1, this->method, message, id_payload->get_encoded(id_payload))) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } if (!charon->bus->authorize(charon->bus, FALSE)) diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 6a296f221..b26a11bb4 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -59,7 +59,7 @@ struct private_isakmp_vendor_t { ike_sa_t *ike_sa; /** - * Are we the inititator of this task + * Are we the initiator of this task */ bool initiator; diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 1f764e547..b60c84992 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -332,11 +332,6 @@ METHOD(task_t, build_i, status_t, identification_t *id; id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); - if (!id) - { - DBG1(DBG_CFG, "own identity not known"); - return send_notify(this, INVALID_ID_INFORMATION); - } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(PLV1_ID, id); message->add_payload(message, &id_payload->payload_interface); @@ -344,6 +339,7 @@ METHOD(task_t, build_i, status_t, if (!this->ph1->build_auth(this->ph1, this->method, message, id_payload->get_encoded(id_payload))) { + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } @@ -445,6 +441,7 @@ METHOD(task_t, process_r, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDii payload missing"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, INVALID_PAYLOAD_TYPE); } id = id_payload->get_identification(id_payload); @@ -457,6 +454,7 @@ METHOD(task_t, process_r, status_t, this->method, FALSE, id); if (!this->peer_cfg) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg); @@ -472,6 +470,7 @@ METHOD(task_t, process_r, status_t, { DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, " "cancelling"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } @@ -523,11 +522,6 @@ METHOD(task_t, build_r, status_t, xauth_t *xauth = NULL; id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); - if (!id) - { - DBG1(DBG_CFG, "own identity not known"); - return send_notify(this, INVALID_ID_INFORMATION); - } this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(PLV1_ID, id); @@ -536,6 +530,7 @@ METHOD(task_t, build_r, status_t, if (!this->ph1->build_auth(this->ph1, this->method, message, id_payload->get_encoded(id_payload))) { + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } @@ -562,6 +557,7 @@ METHOD(task_t, build_r, status_t, } if (!establish(this)) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_notify(this, AUTHENTICATION_FAILED); } job = adopt_children_job_create( @@ -688,6 +684,7 @@ METHOD(task_t, process_i, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } id = id_payload->get_identification(id_payload); @@ -696,6 +693,7 @@ METHOD(task_t, process_i, status_t, { DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid); id->destroy(id); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } this->ike_sa->set_other_id(this->ike_sa, id); @@ -703,12 +701,14 @@ METHOD(task_t, process_i, status_t, if (!this->ph1->verify_auth(this->ph1, this->method, message, id_payload->get_encoded(id_payload))) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } if (!charon->bus->authorize(charon->bus, FALSE)) { DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, " "cancelling"); + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } @@ -736,6 +736,7 @@ METHOD(task_t, process_i, status_t, } if (!establish(this)) { + charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); return send_delete(this); } break; diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index 43897c304..9b692588d 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -583,7 +583,6 @@ static status_t build_ack(private_mode_config_t *this, message_t *message) enumerator = this->vips->create_enumerator(this->vips); while (enumerator->enumerate(enumerator, &host)) { - type = INTERNAL_IP6_ADDRESS; if (host->get_family(host) == AF_INET6) { type = INTERNAL_IP6_ADDRESS; diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 5e5b61e7f..007e94d96 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local, hosts = get_dynamic_hosts(this->ike_sa, local); list = this->config->get_traffic_selectors(this->config, - local, supplied, hosts); + local, supplied, hosts, TRUE); hosts->destroy(hosts); if (list->get_first(list, (void**)&ts) == SUCCESS) { diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index 968b4386c..bec2cfe7d 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -226,7 +226,7 @@ static bool select_compliant_config(private_xauth_t *this) { /* current config is fine */ return TRUE; } - DBG1(DBG_CFG, "selected peer config '%s' inacceptable", + DBG1(DBG_CFG, "selected peer config '%s' unacceptable", old->get_name(old)); aggressive = old->use_aggressive(old); diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index bcf262725..e1e6cd7ee 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2018 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -65,6 +65,16 @@ struct private_eap_authenticator_t { char reserved[3]; /** + * PPK to use + */ + chunk_t ppk; + + /** + * Add a NO_PPK_AUTH notify + */ + bool no_ppk_auth; + + /** * Current EAP method processing */ eap_method_t *method; @@ -444,6 +454,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, chunk_t nonce, chunk_t init) { auth_payload_t *auth_payload; + notify_payload_t *notify; chunk_t auth_data, recv_auth_data; identification_t *other_id; auth_cfg_t *auth; @@ -458,14 +469,26 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, DBG1(DBG_IKE, "AUTH payload missing"); return FALSE; } + recv_auth_data = auth_payload->get_data(auth_payload); + + if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) && + !this->ppk.ptr) + { /* look for a NO_PPK_AUTH notify if we have no PPK */ + notify = message->get_notify(message, NO_PPK_AUTH); + if (notify) + { + DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify"); + recv_auth_data = notify->get_notification_data(notify); + } + } + other_id = this->ike_sa->get_other_id(this->ike_sa); keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); - if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, - this->msk, other_id, this->reserved, &auth_data)) + if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->msk, this->ppk, + other_id, this->reserved, &auth_data)) { return FALSE; } - recv_auth_data = auth_payload->get_data(auth_payload); if (!auth_data.len || !chunk_equals_const(auth_data, recv_auth_data)) { DBG1(DBG_IKE, "verification of AUTH payload with%s EAP MSK failed", @@ -507,8 +530,8 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message, DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_class_names, AUTH_CLASS_EAP); - if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, - this->msk, my_id, this->reserved, &auth_data)) + if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, this->ppk, + my_id, this->reserved, &auth_data)) { return FALSE; } @@ -517,6 +540,18 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message, auth_payload->set_data(auth_payload, auth_data); message->add_payload(message, (payload_t*)auth_payload); chunk_free(&auth_data); + + if (this->no_ppk_auth) + { + if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, + chunk_empty, my_id, this->reserved, &auth_data)) + { + DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify"); + return FALSE; + } + message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data); + chunk_free(&auth_data); + } return TRUE; } @@ -698,6 +733,13 @@ METHOD(authenticator_t, is_mutual, bool, return TRUE; } +METHOD(authenticator_t, use_ppk, void, + private_eap_authenticator_t *this, chunk_t ppk, bool no_ppk_auth) +{ + this->ppk = ppk; + this->no_ppk_auth = no_ppk_auth; +} + METHOD(authenticator_t, destroy, void, private_eap_authenticator_t *this) { @@ -723,6 +765,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, .authenticator = { .build = _build_client, .process = _process_client, + .use_ppk = _use_ppk, .is_mutual = _is_mutual, .destroy = _destroy, }, @@ -753,6 +796,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, .authenticator = { .build = _build_server, .process = _process_server, + .use_ppk = _use_ppk, .is_mutual = _is_mutual, .destroy = _destroy, }, diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c index c1decb130..76571e702 100644 --- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -51,6 +52,16 @@ struct private_psk_authenticator_t { * Reserved bytes of ID payload */ char reserved[3]; + + /** + * PPK to use + */ + chunk_t ppk; + + /** + * Add a NO_PPK_AUTH notify + */ + bool no_ppk_auth; }; METHOD(authenticator_t, build, status_t, @@ -68,18 +79,19 @@ METHOD(authenticator_t, build, status_t, DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_method_names, AUTH_PSK); key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id); - if (key == NULL) + if (!key) { DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id); return NOT_FOUND; } if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce, - key->get_key(key), my_id, this->reserved, &auth_data)) + key->get_key(key), this->ppk, my_id, + this->reserved, &auth_data)) { key->destroy(key); return FAILED; } - key->destroy(key); + DBG2(DBG_IKE, "successfully created shared key MAC"); auth_payload = auth_payload_create(); auth_payload->set_auth_method(auth_payload, AUTH_PSK); @@ -87,6 +99,21 @@ METHOD(authenticator_t, build, status_t, chunk_free(&auth_data); message->add_payload(message, (payload_t*)auth_payload); + if (this->no_ppk_auth) + { + if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce, + key->get_key(key), chunk_empty, my_id, + this->reserved, &auth_data)) + { + DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify"); + key->destroy(key); + return SUCCESS; + } + DBG2(DBG_IKE, "successfully created shared key MAC without PPK"); + message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data); + chunk_free(&auth_data); + } + key->destroy(key); return SUCCESS; } @@ -96,6 +123,7 @@ METHOD(authenticator_t, process, status_t, chunk_t auth_data, recv_auth_data; identification_t *my_id, *other_id; auth_payload_t *auth_payload; + notify_payload_t *notify; auth_cfg_t *auth; shared_key_t *key; enumerator_t *enumerator; @@ -108,8 +136,20 @@ METHOD(authenticator_t, process, status_t, { return FAILED; } - keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); recv_auth_data = auth_payload->get_data(auth_payload); + + if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) && + !this->ppk.ptr) + { /* look for a NO_PPK_AUTH notify if we have no PPK */ + notify = message->get_notify(message, NO_PPK_AUTH); + if (notify) + { + DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify"); + recv_auth_data = notify->get_notification_data(notify); + } + } + + keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, @@ -119,7 +159,8 @@ METHOD(authenticator_t, process, status_t, keys_found++; if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce, - key->get_key(key), other_id, this->reserved, &auth_data)) + key->get_key(key), this->ppk, other_id, + this->reserved, &auth_data)) { continue; } @@ -150,6 +191,13 @@ METHOD(authenticator_t, process, status_t, return SUCCESS; } +METHOD(authenticator_t, use_ppk, void, + private_psk_authenticator_t *this, chunk_t ppk, bool no_ppk_auth) +{ + this->ppk = ppk; + this->no_ppk_auth = no_ppk_auth; +} + METHOD(authenticator_t, destroy, void, private_psk_authenticator_t *this) { @@ -170,6 +218,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, .authenticator = { .build = _build, .process = (void*)return_failed, + .use_ppk = _use_ppk, .is_mutual = (void*)return_false, .destroy = _destroy, }, @@ -197,6 +246,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, .authenticator = { .build = (void*)return_failed, .process = _process, + .use_ppk = _use_ppk, .is_mutual = (void*)return_false, .destroy = _destroy, }, diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 652b837fe..1fcef03cc 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -56,6 +56,16 @@ struct private_pubkey_authenticator_t { * Reserved bytes of ID payload */ char reserved[3]; + + /** + * PPK to use + */ + chunk_t ppk; + + /** + * Add a NO_PPK_AUTH notify + */ + bool no_ppk_auth; }; /** @@ -204,17 +214,42 @@ CALLBACK(destroy_scheme, void, } /** + * Adds the given auth data to the message, either in an AUTH payload or + * a NO_PPK_AUTH notify. + * + * The data is freed. + */ +static void add_auth_to_message(message_t *message, auth_method_t method, + chunk_t data, bool notify) +{ + auth_payload_t *auth_payload; + + if (notify) + { + message->add_notify(message, FALSE, NO_PPK_AUTH, data); + } + else + { + auth_payload = auth_payload_create(); + auth_payload->set_auth_method(auth_payload, method); + auth_payload->set_data(auth_payload, data); + message->add_payload(message, (payload_t*)auth_payload); + } + chunk_free(&data); +} + +/** * Create a signature using RFC 7427 signature authentication */ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, - auth_cfg_t *auth, private_key_t *private, - identification_t *id, chunk_t *auth_data) + auth_cfg_t *auth, private_key_t *private, + identification_t *id, message_t *message) { enumerator_t *enumerator; keymat_v2_t *keymat; signature_params_t *params = NULL; array_t *schemes; - chunk_t octets = chunk_empty; + chunk_t octets = chunk_empty, auth_data; status_t status = FAILED; keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); @@ -227,26 +262,46 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, return FAILED; } - if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, - this->nonce, id, this->reserved, &octets, - schemes)) + if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce, + this->ppk, id, this->reserved, &octets, schemes)) { enumerator = array_create_enumerator(schemes); while (enumerator->enumerate(enumerator, ¶ms)) { - if (private->sign(private, params->scheme, params->params, octets, - auth_data) && - build_signature_auth_data(auth_data, params)) - { - status = SUCCESS; - break; - } - else + if (!private->sign(private, params->scheme, params->params, octets, + &auth_data) || + !build_signature_auth_data(&auth_data, params)) { DBG2(DBG_IKE, "unable to create %N signature for %N key", signature_scheme_names, params->scheme, key_type_names, private->get_type(private)); + continue; } + add_auth_to_message(message, AUTH_DS, auth_data, FALSE); + status = SUCCESS; + + if (this->no_ppk_auth) + { + chunk_free(&octets); + + if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, + this->nonce, chunk_empty, id, + this->reserved, &octets, schemes) && + private->sign(private, params->scheme, params->params, + octets, &auth_data) && + build_signature_auth_data(&auth_data, params)) + { + add_auth_to_message(message, AUTH_DS, auth_data, TRUE); + } + else + { + DBG2(DBG_IKE, "unable to create %N signature for %N key " + "without PPK", signature_scheme_names, params->scheme, + key_type_names, private->get_type(private)); + status = FAILED; + } + } + break; } enumerator->destroy(enumerator); } @@ -281,8 +336,8 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, * keymat). */ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this, - bool verify, identification_t *id, - chunk_t *octets, signature_params_t **scheme) + bool verify, identification_t *id, chunk_t ppk, + chunk_t *octets, signature_params_t **scheme) { keymat_v2_t *keymat; array_t *schemes; @@ -293,7 +348,8 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this, keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce, - id, this->reserved, octets, schemes) && + ppk, id, this->reserved, octets, + schemes) && array_remove(schemes, 0, scheme)) { success = TRUE; @@ -311,19 +367,19 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this, */ static status_t sign_classic(private_pubkey_authenticator_t *this, auth_cfg_t *auth, private_key_t *private, - identification_t *id, auth_method_t *auth_method, - chunk_t *auth_data) + identification_t *id, message_t *message) { signature_scheme_t scheme; signature_params_t *params; - chunk_t octets = chunk_empty; + auth_method_t auth_method = AUTH_NONE; + chunk_t octets = chunk_empty, auth_data; status_t status = FAILED; switch (private->get_type(private)) { case KEY_RSA: scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - *auth_method = AUTH_RSA; + auth_method = AUTH_RSA; break; case KEY_ECDSA: /* deduct the signature scheme from the keysize */ @@ -331,15 +387,15 @@ static status_t sign_classic(private_pubkey_authenticator_t *this, { case 256: scheme = SIGN_ECDSA_256; - *auth_method = AUTH_ECDSA_256; + auth_method = AUTH_ECDSA_256; break; case 384: scheme = SIGN_ECDSA_384; - *auth_method = AUTH_ECDSA_384; + auth_method = AUTH_ECDSA_384; break; case 521: scheme = SIGN_ECDSA_521; - *auth_method = AUTH_ECDSA_521; + auth_method = AUTH_ECDSA_521; break; default: DBG1(DBG_IKE, "%d bit ECDSA private key size not supported", @@ -356,17 +412,34 @@ static status_t sign_classic(private_pubkey_authenticator_t *this, INIT(params, .scheme = scheme, ); - if (get_auth_octets_scheme(this, FALSE, id, &octets, ¶ms) && - private->sign(private, params->scheme, NULL, octets, auth_data)) + if (get_auth_octets_scheme(this, FALSE, id, this->ppk, &octets, ¶ms) && + private->sign(private, params->scheme, NULL, octets, &auth_data)) { + add_auth_to_message(message, auth_method, auth_data, FALSE); status = SUCCESS; + + if (this->no_ppk_auth) + { + chunk_free(&octets); + if (get_auth_octets_scheme(this, FALSE, id, chunk_empty, &octets, + ¶ms) && + private->sign(private, params->scheme, NULL, octets, + &auth_data)) + { + add_auth_to_message(message, auth_method, auth_data, TRUE); + } + else + { + status = FAILED; + } + } } if (params) { signature_params_destroy(params); } DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id, - auth_method_names, *auth_method, + auth_method_names, auth_method, status == SUCCESS ? "successful" : "failed"); chunk_free(&octets); return status; @@ -378,10 +451,7 @@ METHOD(authenticator_t, build, status_t, private_key_t *private; identification_t *id; auth_cfg_t *auth; - chunk_t auth_data; status_t status; - auth_payload_t *auth_payload; - auth_method_t auth_method = AUTH_NONE; id = this->ike_sa->get_my_id(this->ike_sa); auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); @@ -394,24 +464,13 @@ METHOD(authenticator_t, build, status_t, if (this->ike_sa->supports_extension(this->ike_sa, EXT_SIGNATURE_AUTH)) { - auth_method = AUTH_DS; - status = sign_signature_auth(this, auth, private, id, &auth_data); + status = sign_signature_auth(this, auth, private, id, message); } else { - status = sign_classic(this, auth, private, id, &auth_method, - &auth_data); + status = sign_classic(this, auth, private, id, message); } private->destroy(private); - - if (status == SUCCESS) - { - auth_payload = auth_payload_create(); - auth_payload->set_auth_method(auth_payload, auth_method); - auth_payload->set_data(auth_payload, auth_data); - chunk_free(&auth_data); - message->add_payload(message, (payload_t*)auth_payload); - } return status; } @@ -444,6 +503,7 @@ METHOD(authenticator_t, process, status_t, public_key_t *public; auth_method_t auth_method; auth_payload_t *auth_payload; + notify_payload_t *notify; chunk_t auth_data, octets; identification_t *id; auth_cfg_t *auth, *current_auth; @@ -459,9 +519,21 @@ METHOD(authenticator_t, process, status_t, { return FAILED; } - INIT(params); auth_method = auth_payload->get_auth_method(auth_payload); auth_data = auth_payload->get_data(auth_payload); + + if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) && + !this->ppk.ptr) + { /* look for a NO_PPK_AUTH notify if we have no PPK */ + notify = message->get_notify(message, NO_PPK_AUTH); + if (notify) + { + DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify"); + auth_data = notify->get_notification_data(notify); + } + } + + INIT(params); switch (auth_method) { case AUTH_RSA: @@ -491,7 +563,7 @@ METHOD(authenticator_t, process, status_t, return INVALID_ARG; } id = this->ike_sa->get_other_id(this->ike_sa); - if (!get_auth_octets_scheme(this, TRUE, id, &octets, ¶ms)) + if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, ¶ms)) { return FAILED; } @@ -551,6 +623,13 @@ METHOD(authenticator_t, process, status_t, return status; } +METHOD(authenticator_t, use_ppk, void, + private_pubkey_authenticator_t *this, chunk_t ppk, bool no_ppk_auth) +{ + this->ppk = ppk; + this->no_ppk_auth = no_ppk_auth; +} + METHOD(authenticator_t, destroy, void, private_pubkey_authenticator_t *this) { @@ -571,6 +650,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, .authenticator = { .build = _build, .process = (void*)return_failed, + .use_ppk = _use_ppk, .is_mutual = (void*)return_false, .destroy = _destroy, }, @@ -598,6 +678,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, .authenticator = { .build = (void*)return_failed, .process = _process, + .use_ppk = _use_ppk, .is_mutual = (void*)return_false, .destroy = _destroy, }, diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index f8b23b66e..db46b816b 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -491,6 +491,93 @@ failure: return this->skp_build.len && this->skp_verify.len; } +/** + * Derives a key from the given key and a PRF that was initialized with a PPK + */ +static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key, + chunk_t *new_key) +{ + prf_plus_t *prf_plus; + + prf_plus = prf_plus_create(prf, TRUE, key); + if (!prf_plus || + !prf_plus->allocate_bytes(prf_plus, key.len, new_key)) + { + DBG1(DBG_IKE, "unable to derive %s with PPK", name); + DESTROY_IF(prf_plus); + return FALSE; + } + prf_plus->destroy(prf_plus); + return TRUE; +} + +/** + * Use the given PPK to derive a new SK_pi/r + */ +static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp, + chunk_t *new_skp) +{ + if (!this->prf->set_key(this->prf, ppk)) + { + DBG1(DBG_IKE, "unable to set PPK in PRF"); + return FALSE; + } + return derive_ppk_key(this->prf, "SK_p", skp, new_skp); +} + +METHOD(keymat_v2_t, derive_ike_keys_ppk, bool, + private_keymat_v2_t *this, chunk_t ppk) +{ + chunk_t skd = chunk_empty, new_skpi = chunk_empty, new_skpr = chunk_empty; + chunk_t *skpi, *skpr; + + if (!this->skd.ptr) + { + return FALSE; + } + + if (this->initiator) + { + skpi = &this->skp_build; + skpr = &this->skp_verify; + } + else + { + skpi = &this->skp_verify; + skpr = &this->skp_build; + } + + DBG4(DBG_IKE, "derive keys using PPK %B", &ppk); + + if (!this->prf->set_key(this->prf, ppk)) + { + DBG1(DBG_IKE, "unable to set PPK in PRF"); + return FALSE; + } + if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) || + !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) || + !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr)) + { + chunk_clear(&skd); + chunk_clear(&new_skpi); + chunk_clear(&new_skpr); + return FALSE; + } + + DBG4(DBG_IKE, "Sk_d secret %B", &skd); + chunk_clear(&this->skd); + this->skd = skd; + + DBG4(DBG_IKE, "Sk_pi secret %B", &new_skpi); + chunk_clear(skpi); + *skpi = new_skpi; + + DBG4(DBG_IKE, "Sk_pr secret %B", &new_skpr); + chunk_clear(skpr); + *skpr = new_skpr; + return TRUE; +} + METHOD(keymat_v2_t, derive_child_keys, bool, private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, @@ -632,13 +719,23 @@ METHOD(keymat_t, get_aead, aead_t*, METHOD(keymat_v2_t, get_auth_octets, bool, private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets, - array_t *schemes) + chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3], + chunk_t *octets, array_t *schemes) { chunk_t chunk, idx; + chunk_t skp_ppk = chunk_empty; chunk_t skp; skp = verify ? this->skp_verify : this->skp_build; + if (ppk.ptr) + { + DBG4(DBG_IKE, "PPK %B", &ppk); + if (!derive_skp_ppk(this, ppk, skp, &skp_ppk)) + { + return FALSE; + } + skp = skp_ppk; + } chunk = chunk_alloca(4); chunk.ptr[0] = id->get_type(id); @@ -650,8 +747,10 @@ METHOD(keymat_v2_t, get_auth_octets, bool, if (!this->prf->set_key(this->prf, skp) || !this->prf->allocate_bytes(this->prf, idx, &chunk)) { + chunk_clear(&skp_ppk); return FALSE; } + chunk_clear(&skp_ppk); *octets = chunk_cat("ccm", ike_sa_init, nonce, chunk); DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets); return TRUE; @@ -665,41 +764,53 @@ METHOD(keymat_v2_t, get_auth_octets, bool, METHOD(keymat_v2_t, get_psk_sig, bool, private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, - chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig) + chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3], + chunk_t *sig) { - chunk_t key_pad, key, octets; + chunk_t skp_ppk = chunk_empty, key = chunk_empty, octets = chunk_empty; + chunk_t key_pad; + bool success = FALSE; if (!secret.len) { /* EAP uses SK_p if no MSK has been established */ secret = verify ? this->skp_verify : this->skp_build; + if (ppk.ptr) + { + if (!derive_skp_ppk(this, ppk, secret, &skp_ppk)) + { + return FALSE; + } + secret = skp_ppk; + } } - if (!get_auth_octets(this, verify, ike_sa_init, nonce, id, reserved, + if (!get_auth_octets(this, verify, ike_sa_init, nonce, ppk, id, reserved, &octets, NULL)) { - return FALSE; + goto failure; } /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */ key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH); if (!this->prf->set_key(this->prf, secret) || !this->prf->allocate_bytes(this->prf, key_pad, &key)) { - chunk_free(&octets); - return FALSE; + goto failure; } if (!this->prf->set_key(this->prf, key) || !this->prf->allocate_bytes(this->prf, octets, sig)) { - chunk_free(&key); - chunk_free(&octets); - return FALSE; + goto failure; } DBG4(DBG_IKE, "secret %B", &secret); DBG4(DBG_IKE, "prf(secret, keypad) %B", &key); DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig); + success = TRUE; + +failure: + chunk_clear(&skp_ppk); chunk_free(&octets); chunk_free(&key); + return success; - return TRUE; } METHOD(keymat_v2_t, hash_algorithm_supported, bool, @@ -752,6 +863,7 @@ keymat_v2_t *keymat_v2_create(bool initiator) .destroy = _destroy, }, .derive_ike_keys = _derive_ike_keys, + .derive_ike_keys_ppk = _derive_ike_keys_ppk, .derive_child_keys = _derive_child_keys, .get_skd = _get_skd, .get_auth_octets = _get_auth_octets, diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h index 5dc9cda38..3cc071aeb 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.h +++ b/src/libcharon/sa/ikev2/keymat_v2.h @@ -58,6 +58,16 @@ struct keymat_v2_t { chunk_t rekey_skd); /** + * Derive SK_d, SK_pi and SK_pr after authentication using the given + * Postquantum Preshared Key and the previous values of these keys that + * were derived by derive_ike_keys(). + * + * @param ppk the postquantum preshared key + * @return TRUE on success + */ + bool (*derive_ike_keys_ppk)(keymat_v2_t *this, chunk_t ppk); + + /** * Derive keys for a CHILD_SA. * * The keys for the CHILD_SA are allocated in the integ and encr chunks. @@ -95,9 +105,10 @@ struct keymat_v2_t { * key. PSK and EAP authentication include a secret into the data, use * the get_psk_sig() method instead. * - * @param verify TRUE to create for verfification, FALSE to sign + * @param verify TRUE to create for verification, FALSE to sign * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value + * @param ppk optional postquantum preshared key * @param id identity * @param reserved reserved bytes of id_payload * @param octests chunk receiving allocated auth octets @@ -107,7 +118,7 @@ struct keymat_v2_t { * @return TRUE if octets created successfully */ bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id, + chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3], chunk_t *octets, array_t *schemes); /** @@ -117,17 +128,18 @@ struct keymat_v2_t { * includes the secret into the signature. If no secret is given, SK_p is * used as secret (used for EAP methods without MSK). * - * @param verify TRUE to create for verfification, FALSE to sign + * @param verify TRUE to create for verification, FALSE to sign * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value * @param secret optional secret to include into signature + * @param ppk optional postquantum preshared key * @param id identity * @param reserved reserved bytes of id_payload * @param sign chunk receiving allocated signature octets * @return TRUE if signature created successfully */ bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, chunk_t secret, + chunk_t nonce, chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3], chunk_t *sig); /** diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index fff567233..910c77a2d 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -109,7 +109,7 @@ struct private_task_manager_t { array_t *packets; /** - * type of the initated exchange + * type of the initiated exchange */ exchange_type_t type; @@ -1946,8 +1946,7 @@ METHOD(task_manager_t, queue_dpd, void, { ike_mobike_t *mobike; - if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) && - this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) + if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) { #ifdef ME peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index c90af23b9..c7eb0c854 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -481,12 +481,14 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local, this->ike_sa->has_condition(this->ike_sa, cond)) { nat = get_transport_nat_ts(this, local, in); - ts = this->config->get_traffic_selectors(this->config, local, nat, hosts); + ts = this->config->get_traffic_selectors(this->config, local, nat, + hosts, TRUE); nat->destroy_offset(nat, offsetof(traffic_selector_t, destroy)); } else { - ts = this->config->get_traffic_selectors(this->config, local, in, hosts); + ts = this->config->get_traffic_selectors(this->config, local, in, + hosts, TRUE); } hosts->destroy(hosts); @@ -497,8 +499,8 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local, /** * Install a CHILD_SA for usage, return value: * - FAILED: no acceptable proposal - * - INVALID_ARG: diffie hellman group inacceptable - * - NOT_FOUND: TS inacceptable + * - INVALID_ARG: diffie hellman group unacceptable + * - NOT_FOUND: TS unacceptable */ static status_t select_and_install(private_child_create_t *this, bool no_dh, bool ike_auth) @@ -559,7 +561,7 @@ static status_t select_and_install(private_child_create_t *this, if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { - DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N", + DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N", diffie_hellman_group_names, this->dh_group, diffie_hellman_group_names, group); this->dh_group = group; @@ -1075,7 +1077,7 @@ METHOD(task_t, build_i, status_t, if (list->get_count(list)) { this->tsi = this->config->get_traffic_selectors(this->config, - TRUE, NULL, list); + TRUE, NULL, list, TRUE); list->destroy_offset(list, offsetof(host_t, destroy)); } else @@ -1083,12 +1085,12 @@ METHOD(task_t, build_i, status_t, list->destroy(list); list = get_dynamic_hosts(this->ike_sa, TRUE); this->tsi = this->config->get_traffic_selectors(this->config, - TRUE, NULL, list); + TRUE, NULL, list, TRUE); list->destroy(list); } list = get_dynamic_hosts(this->ike_sa, FALSE); this->tsr = this->config->get_traffic_selectors(this->config, - FALSE, NULL, list); + FALSE, NULL, list, TRUE); list->destroy(list); if (this->packet_tsi) @@ -1356,7 +1358,7 @@ METHOD(task_t, build_r, status_t, } if (this->config == NULL) { - DBG1(DBG_IKE, "traffic selectors %#R === %#R inacceptable", + DBG1(DBG_IKE, "traffic selectors %#R === %#R unacceptable", this->tsr, this->tsi); charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr); message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 6b63197d5..b055ff064 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -24,6 +24,7 @@ #include <encoding/payloads/auth_payload.h> #include <encoding/payloads/eap_payload.h> #include <encoding/payloads/nonce_payload.h> +#include <sa/ikev2/keymat_v2.h> #include <sa/ikev2/authenticators/eap_authenticator.h> #include <processing/jobs/delete_ike_sa_job.h> @@ -60,6 +61,16 @@ struct private_ike_auth_t { chunk_t other_nonce; /** + * PPK_ID sent or received + */ + identification_t *ppk_id; + + /** + * Optional PPK to use + */ + chunk_t ppk; + + /** * IKE_SA_INIT message sent by us */ packet_t *my_packet; @@ -144,7 +155,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this, /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); - if (nonce == NULL) + if (!nonce) { return FAILED; } @@ -170,7 +181,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE); - if (nonce == NULL) + if (!nonce) { return FAILED; } @@ -279,19 +290,47 @@ static bool do_another_auth(private_ike_auth_t *this) } /** + * Check if this is the first authentication round + */ +static bool is_first_round(private_ike_auth_t *this, bool local) +{ + enumerator_t *done; + auth_cfg_t *cfg; + + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) + { + return TRUE; + } + + done = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, local); + if (done->enumerate(done, &cfg)) + { + done->destroy(done); + return FALSE; + } + done->destroy(done); + return TRUE; +} + +/** * Get peer configuration candidates from backends */ static bool load_cfg_candidates(private_ike_auth_t *this) { enumerator_t *enumerator; peer_cfg_t *peer_cfg; + ike_cfg_t *ike_cfg; host_t *me, *other; identification_t *my_id, *other_id; + proposal_t *ike_proposal; + bool private; me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); + ike_proposal = this->ike_sa->get_proposal(this->ike_sa); + private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]", me, my_id, other, other_id); @@ -299,11 +338,18 @@ static bool load_cfg_candidates(private_ike_auth_t *this) me, other, my_id, other_id, IKEV2); while (enumerator->enumerate(enumerator, &peer_cfg)) { + /* ignore all configs that have no matching IKE proposal */ + ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); + if (!ike_cfg->has_proposal(ike_cfg, ike_proposal, private)) + { + DBG2(DBG_CFG, "ignore candidate '%s' without matching IKE proposal", + peer_cfg->get_name(peer_cfg)); + continue; + } peer_cfg->get_ref(peer_cfg); - if (this->peer_cfg == NULL) + if (!this->peer_cfg) { /* best match */ this->peer_cfg = peer_cfg; - this->ike_sa->set_peer_cfg(this->ike_sa, peer_cfg); } else { @@ -313,6 +359,7 @@ static bool load_cfg_candidates(private_ike_auth_t *this) enumerator->destroy(enumerator); if (this->peer_cfg) { + this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg); DBG1(DBG_CFG, "selected peer config '%s'", this->peer_cfg->get_name(this->peer_cfg)); return TRUE; @@ -369,7 +416,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) { break; } - DBG1(DBG_CFG, "selected peer config '%s' inacceptable: %s", + DBG1(DBG_CFG, "selected peer config '%s' unacceptable: %s", this->peer_cfg->get_name(this->peer_cfg), comply_error); this->peer_cfg->destroy(this->peer_cfg); } @@ -391,6 +438,149 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) return this->peer_cfg != NULL; } +/** + * Currently defined PPK_ID types + */ +#define PPK_ID_OPAQUE 1 +#define PPK_ID_FIXED 2 + +/** + * Parse the payload data of the given PPK_IDENTITY notify + */ +static bool parse_ppk_identity(notify_payload_t *notify, identification_t **id) +{ + chunk_t data; + + data = notify->get_notification_data(notify); + if (data.len < 2) + { + return FALSE; + } + switch (data.ptr[0]) + { + case PPK_ID_FIXED: + data = chunk_skip(data, 1); + break; + default: + return FALSE; + } + *id = identification_create_from_data(data); + return TRUE; +} + +/** + * Add a PPK_IDENTITY with the given PPK_ID to the given message + */ +static void add_ppk_identity(identification_t *id, message_t *msg) +{ + chunk_t data; + uint8_t type = PPK_ID_FIXED; + + /* we currently only support one type */ + data = chunk_cata("cc", chunk_from_thing(type), id->get_encoding(id)); + msg->add_notify(msg, FALSE, PPK_IDENTITY, data); +} + +/** + * Use the given PPK_ID to find a PPK and store it and the ID in the task + */ +static bool get_ppk(private_ike_auth_t *this, identification_t *ppk_id) +{ + shared_key_t *key; + + key = lib->credmgr->get_shared(lib->credmgr, SHARED_PPK, ppk_id, NULL); + if (!key) + { + if (this->peer_cfg->ppk_required(this->peer_cfg)) + { + DBG1(DBG_CFG, "PPK required but no PPK found for '%Y'", ppk_id); + return FALSE; + } + DBG1(DBG_CFG, "no PPK for '%Y' found, ignored because PPK is not " + "required", ppk_id); + return TRUE; + } + this->ppk = chunk_clone(key->get_key(key)); + this->ppk_id = ppk_id->clone(ppk_id); + key->destroy(key); + return TRUE; +} + +/** + * Check if we have a PPK available and, if not, whether we require one as + * initiator + */ +static bool get_ppk_i(private_ike_auth_t *this) +{ + identification_t *ppk_id; + + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK)) + { + if (this->peer_cfg->ppk_required(this->peer_cfg)) + { + DBG1(DBG_CFG, "PPK required but peer does not support PPK"); + return FALSE; + } + return TRUE; + } + + ppk_id = this->peer_cfg->get_ppk_id(this->peer_cfg); + if (!ppk_id) + { + if (this->peer_cfg->ppk_required(this->peer_cfg)) + { + DBG1(DBG_CFG, "PPK required but no PPK_ID configured"); + return FALSE; + } + return TRUE; + } + return get_ppk(this, ppk_id); +} + +/** + * Check if we have a PPK available and if not whether we require one as + * responder + */ +static bool get_ppk_r(private_ike_auth_t *this, message_t *msg) +{ + notify_payload_t *notify; + identification_t *ppk_id, *ppk_id_cfg; + bool result; + + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK)) + { + if (this->peer_cfg->ppk_required(this->peer_cfg)) + { + DBG1(DBG_CFG, "PPK required but peer does not support PPK"); + return FALSE; + } + return TRUE; + } + + notify = msg->get_notify(msg, PPK_IDENTITY); + if (!notify || !parse_ppk_identity(notify, &ppk_id)) + { + if (this->peer_cfg->ppk_required(this->peer_cfg)) + { + DBG1(DBG_CFG, "PPK required but no PPK_IDENTITY received"); + return FALSE; + } + return TRUE; + } + + ppk_id_cfg = this->peer_cfg->get_ppk_id(this->peer_cfg); + if (ppk_id_cfg && !ppk_id->matches(ppk_id, ppk_id_cfg)) + { + DBG1(DBG_CFG, "received PPK_ID '%Y', but require '%Y'", ppk_id, + ppk_id_cfg); + ppk_id->destroy(ppk_id); + return FALSE; + } + result = get_ppk(this, ppk_id); + ppk_id->destroy(ppk_id); + return result; +} + METHOD(task_t, build_i, status_t, private_ike_auth_t *this, message_t *message) { @@ -401,7 +591,7 @@ METHOD(task_t, build_i, status_t, return collect_my_init_data(this, message); } - if (this->peer_cfg == NULL) + if (!this->peer_cfg) { this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->peer_cfg->get_ref(this->peer_cfg); @@ -420,6 +610,12 @@ METHOD(task_t, build_i, status_t, /* indicate support for RFC 6311 Message ID synchronization */ message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED, chunk_empty); + /* only use a PPK in the first round */ + if (!get_ppk_i(this)) + { + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); + return FAILED; + } } if (!this->do_another_auth && !this->my_auth) @@ -428,7 +624,7 @@ METHOD(task_t, build_i, status_t, } /* check if an authenticator is in progress */ - if (this->my_auth == NULL) + if (!this->my_auth) { identification_t *idi, *idr = NULL; id_payload_t *id_payload; @@ -495,6 +691,14 @@ METHOD(task_t, build_i, status_t, return FAILED; } } + /* for authentication methods that return NEED_MORE, the PPK will be reset + * in process_i() for messages without PPK_ID notify, so we always set it + * during the first round (afterwards the PPK won't be available) */ + if (this->ppk.ptr && this->my_auth->use_ppk) + { + this->my_auth->use_ppk(this->my_auth, this->ppk, + !this->peer_cfg->ppk_required(this->peer_cfg)); + } switch (this->my_auth->build(this->my_auth, message)) { case SUCCESS: @@ -509,6 +713,12 @@ METHOD(task_t, build_i, status_t, return FAILED; } + /* add a PPK_IDENTITY notify to the message that contains AUTH */ + if (this->ppk_id && message->get_payload(message, PLV2_AUTH)) + { + add_ppk_identity(this->ppk_id, message); + } + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -536,7 +746,7 @@ METHOD(task_t, process_r, status_t, return collect_other_init_data(this, message); } - if (this->my_auth == NULL && this->do_another_auth) + if (!this->my_auth && this->do_another_auth) { /* handle (optional) IDr payload, apply proposed identity */ id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER); @@ -573,7 +783,7 @@ METHOD(task_t, process_r, status_t, } } - if (this->other_auth == NULL) + if (!this->other_auth) { /* handle IDi payload */ id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR); @@ -588,7 +798,7 @@ METHOD(task_t, process_r, status_t, cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - if (this->peer_cfg == NULL) + if (!this->peer_cfg) { if (!load_cfg_candidates(this)) { @@ -596,14 +806,14 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } - if (message->get_payload(message, PLV2_AUTH) == NULL) + if (!message->get_payload(message, PLV2_AUTH)) { /* before authenticating with EAP, we need a EAP config */ cand = get_auth_cfg(this, FALSE); while (!cand || ( (uintptr_t)cand->get(cand, AUTH_RULE_EAP_TYPE) == EAP_NAK && (uintptr_t)cand->get(cand, AUTH_RULE_EAP_VENDOR) == 0)) { /* peer requested EAP, but current config does not match */ - DBG1(DBG_IKE, "peer requested EAP, config inacceptable"); + DBG1(DBG_IKE, "peer requested EAP, config unacceptable"); this->peer_cfg->destroy(this->peer_cfg); this->peer_cfg = NULL; if (!update_cfg_candidates(this, FALSE)) @@ -642,6 +852,19 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } } + if (message->get_payload(message, PLV2_AUTH) && + is_first_round(this, FALSE)) + { + if (!get_ppk_r(this, message)) + { + this->authentication_failed = TRUE; + return NEED_MORE; + } + else if (this->ppk.ptr && this->other_auth->use_ppk) + { + this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE); + } + } switch (this->other_auth->process(this->other_auth, message)) { case SUCCESS: @@ -675,7 +898,7 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } - if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) + if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS)) { this->expect_another_auth = FALSE; if (!update_cfg_candidates(this, TRUE)) @@ -687,6 +910,37 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } +/** + * Clear the PPK and PPK_ID + */ +static void clear_ppk(private_ike_auth_t *this) +{ + DESTROY_IF(this->ppk_id); + this->ppk_id = NULL; + chunk_clear(&this->ppk); +} + +/** + * Derive new keys and clear the PPK + */ +static bool apply_ppk(private_ike_auth_t *this) +{ + keymat_v2_t *keymat; + + if (this->ppk.ptr) + { + keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); + if (!keymat->derive_ike_keys_ppk(keymat, this->ppk)) + { + return FALSE; + } + DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id); + this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE); + } + clear_ppk(this); + return TRUE; +} + METHOD(task_t, build_r, status_t, private_ike_auth_t *this, message_t *message) { @@ -703,12 +957,12 @@ METHOD(task_t, build_r, status_t, return collect_my_init_data(this, message); } - if (this->authentication_failed || this->peer_cfg == NULL) + if (this->authentication_failed || !this->peer_cfg) { goto peer_auth_failed; } - if (this->my_auth == NULL && this->do_another_auth) + if (!this->my_auth && this->do_another_auth) { identification_t *id, *id_cfg; id_payload_t *id_payload; @@ -793,6 +1047,10 @@ METHOD(task_t, build_r, status_t, } if (this->my_auth) { + if (this->ppk.ptr && this->my_auth->use_ppk) + { + this->my_auth->use_ppk(this->my_auth, this->ppk, FALSE); + } switch (this->my_auth->build(this->my_auth, message)) { case SUCCESS: @@ -807,6 +1065,16 @@ METHOD(task_t, build_r, status_t, } } + /* add a PPK_IDENTITY notify and derive new keys and clear the PPK */ + if (this->ppk.ptr) + { + message->add_notify(message, FALSE, PPK_IDENTITY, chunk_empty); + if (!apply_ppk(this)) + { + goto local_auth_failed; + } + } + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -942,7 +1210,7 @@ METHOD(task_t, process_i, status_t, enumerator_t *enumerator; payload_t *payload; auth_cfg_t *cfg; - bool mutual_eap = FALSE; + bool mutual_eap = FALSE, ppk_id_received = FALSE; if (message->get_exchange_type(message) == IKE_SA_INIT) { @@ -998,6 +1266,9 @@ METHOD(task_t, process_i, status_t, this->ike_sa->enable_extension(this->ike_sa, EXT_IKE_MESSAGE_ID_SYNC); break; + case PPK_IDENTITY: + ppk_id_received = TRUE; + break; default: { if (type <= 16383) @@ -1019,7 +1290,7 @@ METHOD(task_t, process_i, status_t, if (this->expect_another_auth) { - if (this->other_auth == NULL) + if (!this->other_auth) { id_payload_t *id_payload; identification_t *id; @@ -1059,6 +1330,11 @@ METHOD(task_t, process_i, status_t, } if (this->other_auth) { + if (ppk_id_received && is_first_round(this, FALSE) && + this->other_auth->use_ppk) + { + this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE); + } switch (this->other_auth->process(this->other_auth, message)) { case SUCCESS: @@ -1094,6 +1370,14 @@ METHOD(task_t, process_i, status_t, if (this->my_auth) { + /* while we already set the PPK in build_i(), we MUST not use it if + * the peer did not reply with a PPK_ID notify */ + if (this->ppk.ptr && this->my_auth->use_ppk) + { + this->my_auth->use_ppk(this->my_auth, + ppk_id_received ? this->ppk : chunk_empty, + FALSE); + } switch (this->my_auth->process(this->my_auth, message)) { case SUCCESS: @@ -1109,11 +1393,29 @@ METHOD(task_t, process_i, status_t, case NEED_MORE: break; default: - charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); - send_auth_failed_informational(this, message); - return FAILED; + goto local_auth_failed; + } + } + + /* change keys and clear PPK after we are done with our authentication, so + * we only explicitly use it for the first round, afterwards we just use the + * changed SK_p keys implicitly */ + if (!this->my_auth && this->ppk_id) + { + if (ppk_id_received) + { + if (!apply_ppk(this)) + { + goto local_auth_failed; + } + } + else + { + DBG1(DBG_CFG, "peer didn't use PPK for PPK_ID '%Y'", this->ppk_id); } + clear_ppk(this); } + if (mutual_eap) { if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth)) @@ -1124,7 +1426,7 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "allow mutual EAP-only authentication"); } - if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) + if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS)) { this->expect_another_auth = FALSE; } @@ -1162,6 +1464,10 @@ peer_auth_failed: charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); send_auth_failed_informational(this, message); return FAILED; +local_auth_failed: + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); + send_auth_failed_informational(this, message); + return FAILED; } METHOD(task_t, get_type, task_type_t, @@ -1173,6 +1479,7 @@ METHOD(task_t, get_type, task_type_t, METHOD(task_t, migrate, void, private_ike_auth_t *this, ike_sa_t *ike_sa) { + clear_ppk(this); chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); DESTROY_IF(this->my_packet); @@ -1199,6 +1506,7 @@ METHOD(task_t, migrate, void, METHOD(task_t, destroy, void, private_ike_auth_t *this) { + clear_ppk(this); chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); DESTROY_IF(this->my_packet); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h index f6862ca27..fd14e9faf 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h +++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h @@ -45,7 +45,7 @@ struct ike_auth_lifetime_t { * Create a new TASK_IKE_AUTH_LIFETIME task. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if taks is initiated by us + * @param initiator TRUE if task is initiated by us * @return ike_auth_lifetime task to handle by the task_manager */ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 3d73d728b..307d99264 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -55,11 +55,6 @@ struct private_ike_init_t { bool initiator; /** - * IKE config to establish - */ - ike_cfg_t *config; - - /** * diffie hellman group to use */ diffie_hellman_group_t dh_group; @@ -275,6 +270,38 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this, } /** + * Check whether to send a USE_PPK notify + */ +static bool send_use_ppk(private_ike_init_t *this) +{ + peer_cfg_t *peer; + enumerator_t *keys; + shared_key_t *key; + bool use_ppk = FALSE; + + if (this->initiator) + { + peer = this->ike_sa->get_peer_cfg(this->ike_sa); + if (peer->get_ppk_id(peer)) + { + use_ppk = TRUE; + } + } + else if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK)) + { + /* check if we have at least one PPK available */ + keys = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PPK, + NULL, NULL); + if (keys->enumerate(keys, &key, NULL, NULL)) + { + use_ppk = TRUE; + } + keys->destroy(keys); + } + return use_ppk; +} + +/** * build the payloads for the message */ static bool build_payloads(private_ike_init_t *this, message_t *message) @@ -286,14 +313,15 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) ike_sa_id_t *id; proposal_t *proposal; enumerator_t *enumerator; + ike_cfg_t *ike_cfg; id = this->ike_sa->get_id(this->ike_sa); - this->config = this->ike_sa->get_ike_cfg(this->ike_sa); + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); if (this->initiator) { - proposal_list = this->config->get_proposals(this->config); + proposal_list = ike_cfg->get_proposals(ike_cfg); other_dh_groups = linked_list_create(); enumerator = proposal_list->create_enumerator(proposal_list); while (enumerator->enumerate(enumerator, (void**)&proposal)) @@ -334,8 +362,6 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) } message->add_payload(message, (payload_t*)sa_payload); - nonce_payload = nonce_payload_create(PLV2_NONCE); - nonce_payload->set_nonce(nonce_payload, this->my_nonce); ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh); if (!ke_payload) @@ -343,6 +369,8 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) DBG1(DBG_IKE, "creating KE payload failed"); return FALSE; } + nonce_payload = nonce_payload_create(PLV2_NONCE); + nonce_payload->set_nonce(nonce_payload, this->my_nonce); if (this->old_sa) { /* payload order differs if we are rekeying */ @@ -357,7 +385,7 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) /* negotiate fragmentation if we are not rekeying */ if (!this->old_sa && - this->config->fragmentation(this->config) != FRAGMENTATION_NO) + ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO) { if (this->initiator || this->ike_sa->supports_extension(this->ike_sa, @@ -400,10 +428,77 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) chunk_empty); } } + /* notify the peer if we want to use/support PPK */ + if (!this->old_sa && send_use_ppk(this)) + { + message->add_notify(message, FALSE, USE_PPK, chunk_empty); + } return TRUE; } /** + * Process the SA payload and select a proposal + */ +static void process_sa_payload(private_ike_init_t *this, message_t *message, + sa_payload_t *sa_payload) +{ + ike_cfg_t *ike_cfg, *cfg, *alt_cfg = NULL; + enumerator_t *enumerator; + linked_list_t *proposal_list; + host_t *me, *other; + bool private, prefer_configured; + + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + + proposal_list = sa_payload->get_proposals(sa_payload); + private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); + + this->proposal = ike_cfg->select_proposal(ike_cfg, proposal_list, private, + prefer_configured); + if (!this->proposal) + { + if (!this->initiator && !this->old_sa) + { + me = message->get_destination(message); + other = message->get_source(message); + enumerator = charon->backends->create_ike_cfg_enumerator( + charon->backends, me, other, IKEV2); + while (enumerator->enumerate(enumerator, &cfg)) + { + if (ike_cfg == cfg) + { /* already tried and failed */ + continue; + } + DBG1(DBG_IKE, "no matching proposal found, trying alternative " + "config"); + this->proposal = cfg->select_proposal(cfg, proposal_list, + private, prefer_configured); + if (this->proposal) + { + alt_cfg = cfg->get_ref(cfg); + break; + } + } + enumerator->destroy(enumerator); + } + if (alt_cfg) + { + this->ike_sa->set_ike_cfg(this->ike_sa, alt_cfg); + alt_cfg->destroy(alt_cfg); + } + else + { + charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, + proposal_list); + } + } + proposal_list->destroy_offset(proposal_list, + offsetof(proposal_t, destroy)); +} + +/** * Read payloads from message */ static void process_payloads(private_ike_init_t *this, message_t *message) @@ -419,24 +514,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { case PLV2_SECURITY_ASSOCIATION: { - sa_payload_t *sa_payload = (sa_payload_t*)payload; - linked_list_t *proposal_list; - bool private, prefer_configured; - - proposal_list = sa_payload->get_proposals(sa_payload); - private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); - this->proposal = this->config->select_proposal(this->config, - proposal_list, private, prefer_configured); - if (!this->proposal) - { - charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, - proposal_list); - } - proposal_list->destroy_offset(proposal_list, - offsetof(proposal_t, destroy)); + process_sa_payload(this, message, (sa_payload_t*)payload); break; } case PLV2_KEY_EXCHANGE: @@ -469,6 +547,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message) handle_supported_hash_algorithms(this, notify); } break; + case USE_PPK: + if (!this->old_sa) + { + this->ike_sa->enable_extension(this->ike_sa, + EXT_PPK); + } + break; case REDIRECTED_FROM: { identification_t *gateway; @@ -533,7 +618,10 @@ static void process_payloads(private_ike_init_t *this, message_t *message) METHOD(task_t, build_i, status_t, private_ike_init_t *this, message_t *message) { - this->config = this->ike_sa->get_ike_cfg(this->ike_sa); + ike_cfg_t *ike_cfg; + + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), @@ -563,12 +651,12 @@ METHOD(task_t, build_i, status_t, } else { /* this shouldn't happen, but let's be safe */ - this->dh_group = this->config->get_dh_group(this->config); + this->dh_group = ike_cfg->get_dh_group(ike_cfg); } } else { - this->dh_group = this->config->get_dh_group(this->config); + this->dh_group = ike_cfg->get_dh_group(ike_cfg); } this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat, this->dh_group); @@ -627,7 +715,6 @@ METHOD(task_t, build_i, status_t, METHOD(task_t, process_r, status_t, private_ike_init_t *this, message_t *message) { - this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); @@ -699,7 +786,7 @@ METHOD(task_t, build_r, status_t, if (this->proposal == NULL || this->other_nonce.len == 0 || this->my_nonce.len == 0) { - DBG1(DBG_IKE, "received proposals inacceptable"); + DBG1(DBG_IKE, "received proposals unacceptable"); message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return FAILED; } @@ -728,7 +815,7 @@ METHOD(task_t, build_r, status_t, if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { - DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N", + DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N", diffie_hellman_group_names, this->dh_group, diffie_hellman_group_names, group); this->dh_group = group; @@ -770,12 +857,14 @@ METHOD(task_t, build_r, status_t, */ static void raise_alerts(private_ike_init_t *this, notify_type_t type) { + ike_cfg_t *ike_cfg; linked_list_t *list; switch (type) { case NO_PROPOSAL_CHOSEN: - list = this->config->get_proposals(this->config); + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + list = ike_cfg->get_proposals(ike_cfg); charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, list); list->destroy_offset(list, offsetof(proposal_t, destroy)); break; diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index fe41a1cac..b2ad0a02a 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -193,7 +193,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) case NAT_DETECTION_DESTINATION_IP: { /* NAT check in this MOBIKE exchange, create subtask for it */ - if (this->natd == NULL) + if (!this->natd) { this->natd = ike_natd_create(this->ike_sa, this->initiator); } @@ -648,7 +648,7 @@ METHOD(ike_mobike_t, roam, void, METHOD(ike_mobike_t, dpd, void, private_ike_mobike_t *this) { - if (!this->natd) + if (!this->natd && this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) { this->natd = ike_natd_create(this->ike_sa, this->initiator); } diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h index 288b87178..8789ac0af 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h @@ -91,7 +91,7 @@ struct ike_mobike_t { * Create a new ike_mobike task. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if taks is initiated by us + * @param initiator TRUE if task is initiated by us * @return ike_mobike task to handle by the task_manager */ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index 11123b415..57f9a797e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -259,7 +259,7 @@ METHOD(task_t, build_r, status_t, } if (this->new_sa == NULL) { - /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */ + /* IKE_SA/a CHILD_SA is in an unacceptable state, deny rekeying */ message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index 8d8969ea0..e81a18a14 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -59,7 +59,7 @@ struct private_ike_vendor_t { ike_sa_t *ike_sa; /** - * Are we the inititator of this task + * Are we the initiator of this task */ bool initiator; }; diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index a83da0480..d66e70937 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -117,8 +117,10 @@ static bool install_shunt_policy(child_cfg_t *child) host_any6 = host_create_any(AF_INET6); hosts = linked_list_create_with_items(host_any, host_any6, NULL); - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts, + FALSE); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts, + FALSE); hosts->destroy(hosts); manual_prio = child->get_manual_prio(child); @@ -287,8 +289,10 @@ static void uninstall_shunt_policy(child_cfg_t *child) host_any6 = host_create_any(AF_INET6); hosts = linked_list_create_with_items(host_any, host_any6, NULL); - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts, + FALSE); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts, + FALSE); hosts->destroy(hosts); manual_prio = child->get_manual_prio(child); diff --git a/src/libcharon/sa/task.h b/src/libcharon/sa/task.h index 1a0a1acfa..987ac489d 100644 --- a/src/libcharon/sa/task.h +++ b/src/libcharon/sa/task.h @@ -115,7 +115,7 @@ extern enum_name_t *task_type_names; /** * Interface for a task, an operation handled within exchanges. * - * A task is an elemantary operation. It may be handled by a single or by + * A task is an elementary operation. It may be handled by a single or by * multiple exchanges. An exchange may even complete multiple tasks. * A task has a build() and an process() operation. The build() operation * creates payloads and adds it to the message. The process() operation @@ -128,7 +128,7 @@ extern enum_name_t *task_type_names; * that the task completed, even when the task completed unsuccessfully. The * manager then removes the task from the list. A NEED_MORE is returned when * the task needs further build()/process() calls to complete, the manager - * leaves the taks in the queue. A returned FAILED indicates a critical failure. + * leaves the task in the queue. A returned FAILED indicates a critical failure. * The manager closes the IKE_SA whenever a task returns FAILED. */ struct task_t { @@ -180,7 +180,7 @@ struct task_t { * Migrate a task to a new IKE_SA. * * After migrating a task, it goes back to a state where it can be - * used again to initate an exchange. This is useful when a task + * used again to initiate an exchange. This is useful when a task * has to get migrated to a new IKE_SA. * A special usage is when a INVALID_KE_PAYLOAD is received. A call * to reset resets the task, but uses another DH group for the next diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 979f9290a..148df3923 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -168,7 +168,7 @@ static bool dynamic_remote_ts(child_cfg_t *child) traffic_selector_t *ts; bool found = FALSE; - other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL); + other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL, FALSE); enumerator = other_ts->create_enumerator(other_ts); while (enumerator->enumerate(enumerator, &ts)) { @@ -296,11 +296,11 @@ METHOD(trap_manager_t, install, bool, child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0); list = linked_list_create_with_items(me, NULL); - my_ts = child->get_traffic_selectors(child, TRUE, NULL, list); + my_ts = child->get_traffic_selectors(child, TRUE, NULL, list, FALSE); list->destroy_offset(list, offsetof(host_t, destroy)); list = linked_list_create_with_items(other, NULL); - other_ts = child->get_traffic_selectors(child, FALSE, NULL, list); + other_ts = child->get_traffic_selectors(child, FALSE, NULL, list, FALSE); list->destroy_offset(list, offsetof(host_t, destroy)); /* We don't know the finally negotiated protocol (ESP|AH), we install diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am index 5ebd0456c..101b534f0 100644 --- a/src/libcharon/tests/Makefile.am +++ b/src/libcharon/tests/Makefile.am @@ -4,6 +4,7 @@ check_PROGRAMS = $(TESTS) libcharon_tests_SOURCES = \ suites/test_ike_cfg.c \ + suites/test_peer_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ libcharon_tests.h libcharon_tests.c @@ -35,6 +36,7 @@ exchange_tests_SOURCES = \ utils/job_asserts.h \ utils/mock_dh.h utils/mock_dh.c \ utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_net.h utils/mock_net.c \ utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ utils/mock_sender.h utils/mock_sender.c \ utils/sa_asserts.h \ diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 24552d201..c545c6334 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -121,6 +121,7 @@ am_exchange_tests_OBJECTS = \ utils/exchange_tests-exchange_test_helper.$(OBJEXT) \ utils/exchange_tests-mock_dh.$(OBJEXT) \ utils/exchange_tests-mock_ipsec.$(OBJEXT) \ + utils/exchange_tests-mock_net.$(OBJEXT) \ utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \ utils/exchange_tests-mock_sender.$(OBJEXT) \ exchange_tests-exchange_tests.$(OBJEXT) @@ -139,6 +140,7 @@ exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(LDFLAGS) -o $@ am_libcharon_tests_OBJECTS = \ suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \ + suites/libcharon_tests-test_peer_cfg.$(OBJEXT) \ suites/libcharon_tests-test_mem_pool.$(OBJEXT) \ suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \ libcharon_tests-libcharon_tests.$(OBJEXT) @@ -334,7 +336,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -360,6 +361,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -380,8 +383,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -436,8 +437,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -466,8 +465,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -475,6 +478,7 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ libcharon_tests_SOURCES = \ suites/test_ike_cfg.c \ + suites/test_peer_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ libcharon_tests.h libcharon_tests.c @@ -505,6 +509,7 @@ exchange_tests_SOURCES = \ utils/job_asserts.h \ utils/mock_dh.h utils/mock_dh.c \ utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_net.h utils/mock_net.c \ utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ utils/mock_sender.h utils/mock_sender.c \ utils/sa_asserts.h \ @@ -598,6 +603,8 @@ utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_net.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \ @@ -608,6 +615,8 @@ exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES $(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS) suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) +suites/libcharon_tests-test_peer_cfg.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_mem_pool.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_message_chapoly.$(OBJEXT): \ @@ -636,10 +645,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_net.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_sender.Po@am__quote@ @@ -807,6 +818,20 @@ utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi` +utils/exchange_tests-mock_net.o: utils/mock_net.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c + +utils/exchange_tests-mock_net.obj: utils/mock_net.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi` + utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po @@ -863,6 +888,20 @@ suites/libcharon_tests-test_ike_cfg.obj: suites/test_ike_cfg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_ike_cfg.obj `if test -f 'suites/test_ike_cfg.c'; then $(CYGPATH_W) 'suites/test_ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_cfg.c'; fi` +suites/libcharon_tests-test_peer_cfg.o: suites/test_peer_cfg.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c + +suites/libcharon_tests-test_peer_cfg.obj: suites/test_peer_cfg.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi` + suites/libcharon_tests-test_mem_pool.o: suites/test_mem_pool.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_mem_pool.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo -c -o suites/libcharon_tests-test_mem_pool.o `test -f 'suites/test_mem_pool.c' || echo '$(srcdir)/'`suites/test_mem_pool.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h index d17ea041d..bc0521a75 100644 --- a/src/libcharon/tests/libcharon_tests.h +++ b/src/libcharon/tests/libcharon_tests.h @@ -25,5 +25,6 @@ */ TEST_SUITE(ike_cfg_suite_create) +TEST_SUITE(peer_cfg_suite_create) TEST_SUITE(mem_pool_suite_create) TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32) diff --git a/src/libcharon/tests/suites/test_peer_cfg.c b/src/libcharon/tests/suites/test_peer_cfg.c new file mode 100644 index 000000000..02e38a314 --- /dev/null +++ b/src/libcharon/tests/suites/test_peer_cfg.c @@ -0,0 +1,229 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <config/peer_cfg.h> +#include <config/child_cfg.h> + +/** + * Create a simple IKE config + */ +static ike_cfg_t *create_ike_cfg() +{ + return ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", 500, + "127.0.0.1", 500, FRAGMENTATION_NO, 0); +} + +/** + * Create a simple peer config + */ +static peer_cfg_t *create_peer_cfg() +{ + peer_cfg_create_t peer = {}; + + return peer_cfg_create("peer", create_ike_cfg(), &peer); +} + +static peer_cfg_t *peer_a, *peer_b; + +START_SETUP(setup_replace) +{ + peer_a = create_peer_cfg(); + peer_b = create_peer_cfg(); +} +END_SETUP + +START_TEARDOWN(teardown_replace) +{ + peer_a->destroy(peer_a); + peer_b->destroy(peer_b); +} +END_TEARDOWN + +/** + * Check if the changes are correctly reported + * All given objects are destroyed + */ +static void test_replace(enumerator_t *changes, linked_list_t *rem, + linked_list_t *add) +{ + child_cfg_t *child; + bool added; + + while (changes->enumerate(changes, &child, &added)) + { + if (added) + { + ck_assert_msg(add->remove(add, child, NULL) == 1, "child config " + "was unexpectedly added"); + } + else + { + ck_assert_msg(rem->remove(rem, child, NULL) == 1, "child config " + "was unexpectedly removed"); + } + } + changes->destroy(changes); + ck_assert_msg(!rem->get_count(rem), "expected child config was not removed"); + ck_assert_msg(!add->get_count(add), "expected child config was not added"); + rem->destroy(rem); + add->destroy(add); +} + +/** + * Check if the given child configs are contained in the peer config + * The list is destroyed + */ +static void test_child_cfgs(peer_cfg_t *peer, linked_list_t *children) +{ + enumerator_t *enumerator; + child_cfg_t *child; + + enumerator = peer->create_child_cfg_enumerator(peer); + while (enumerator->enumerate(enumerator, &child)) + { + ck_assert_msg(children->remove(children, child, NULL) == 1, "child " + "config was unexpectedly contained in peer config"); + } + enumerator->destroy(enumerator); + ck_assert_msg(!children->get_count(children), "expected child config was " + "not contained in peer config"); + children->destroy(children); +} + +START_TEST(replace_child_cfgs_empty) +{ + child_cfg_create_t cfg = {}; + child_cfg_t *child; + + child = child_cfg_create("c", &cfg); + peer_b->add_child_cfg(peer_b, child->get_ref(child)); + + test_replace(peer_a->replace_child_cfgs(peer_a, peer_b), + linked_list_create(), + linked_list_create_with_items(child, NULL)); + test_child_cfgs(peer_a, + linked_list_create_with_items(child, NULL)); + + child->destroy(child); +} +END_TEST + +START_TEST(replace_child_cfgs_same) +{ + child_cfg_create_t cfg = {}; + child_cfg_t *child; + + child = child_cfg_create("c", &cfg); + peer_a->add_child_cfg(peer_a, child->get_ref(child)); + peer_b->add_child_cfg(peer_b, child->get_ref(child)); + + test_replace(peer_a->replace_child_cfgs(peer_a, peer_b), + linked_list_create(), + linked_list_create()); + test_child_cfgs(peer_a, + linked_list_create_with_items(child, NULL)); + + child->destroy(child); +} +END_TEST + +START_TEST(replace_child_cfgs_same_replace) +{ + child_cfg_create_t cfg = {}; + child_cfg_t *c1, *c2; + + c1 = child_cfg_create("c1", &cfg); + peer_a->add_child_cfg(peer_a, c1->get_ref(c1)); + c2 = child_cfg_create("c2", &cfg); + peer_b->add_child_cfg(peer_b, c2->get_ref(c2)); + + test_replace(peer_a->replace_child_cfgs(peer_a, peer_b), + linked_list_create(), + linked_list_create()); + test_child_cfgs(peer_a, + linked_list_create_with_items(c2, NULL)); + + c1->destroy(c1); + c2->destroy(c2); +} +END_TEST + +START_TEST(replace_child_cfgs_clear) +{ + child_cfg_create_t cfg = {}; + child_cfg_t *child; + + child = child_cfg_create("c", &cfg); + peer_a->add_child_cfg(peer_a, child->get_ref(child)); + + test_replace(peer_a->replace_child_cfgs(peer_a, peer_b), + linked_list_create_with_items(child, NULL), + linked_list_create()); + test_child_cfgs(peer_a, + linked_list_create()); + + child->destroy(child); +} +END_TEST + +START_TEST(replace_child_cfgs_mixed) +{ + child_cfg_create_t cfg1 = {}, cfg2 = { .mode = MODE_TUNNEL, }; + child_cfg_create_t cfg3 = { .mode = MODE_TRANSPORT}; + child_cfg_t *c1, *c2, *c3, *c4; + + c1 = child_cfg_create("c1", &cfg1); + peer_a->add_child_cfg(peer_a, c1->get_ref(c1)); + c2 = child_cfg_create("c2", &cfg2); + peer_a->add_child_cfg(peer_a, c2->get_ref(c2)); + + c3 = child_cfg_create("c3", &cfg3); + peer_b->add_child_cfg(peer_b, c3->get_ref(c3)); + c4 = child_cfg_create("c4", &cfg2); + peer_b->add_child_cfg(peer_b, c4->get_ref(c4)); + + test_replace(peer_a->replace_child_cfgs(peer_a, peer_b), + linked_list_create_with_items(c1, NULL), + linked_list_create_with_items(c3, NULL)); + test_child_cfgs(peer_a, + linked_list_create_with_items(c3, c4, NULL)); + + c1->destroy(c1); + c2->destroy(c2); + c3->destroy(c3); + c4->destroy(c4); +} +END_TEST + +Suite *peer_cfg_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("peer_cfg"); + + tc = tcase_create("replace_child_cfgs"); + tcase_add_checked_fixture(tc, setup_replace, teardown_replace); + tcase_add_test(tc, replace_child_cfgs_empty); + tcase_add_test(tc, replace_child_cfgs_same); + tcase_add_test(tc, replace_child_cfgs_same_replace); + tcase_add_test(tc, replace_child_cfgs_clear); + tcase_add_test(tc, replace_child_cfgs_mixed); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c index fce0ccedf..bebf33463 100644 --- a/src/libcharon/tests/utils/exchange_test_helper.c +++ b/src/libcharon/tests/utils/exchange_test_helper.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2016-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,6 +16,7 @@ #include "exchange_test_helper.h" #include "mock_dh.h" #include "mock_ipsec.h" +#include "mock_net.h" #include "mock_nonce_gen.h" #include <collections/array.h> @@ -333,6 +334,7 @@ void exchange_test_helper_init(char *plugins) /* and there is no kernel plugin loaded * TODO: we'd have more control if we'd implement kernel_interface_t */ charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create); + charon->kernel->add_net_interface(charon->kernel, mock_net_create); /* like SPIs for IPsec SAs, make IKE SPIs predictable */ charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi, this); diff --git a/src/libcharon/tests/utils/mock_net.c b/src/libcharon/tests/utils/mock_net.c new file mode 100644 index 000000000..5b560871e --- /dev/null +++ b/src/libcharon/tests/utils/mock_net.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_net.h" + +#include <daemon.h> + +#include <assert.h> + +typedef struct private_kernel_net_t private_kernel_net_t; + +/** + * Private data + */ +struct private_kernel_net_t { + + /** + * Public interface + */ + kernel_net_t public; + + /** + * Local IP address + */ + host_t *host; +}; + +/** + * Global instance + */ +static private_kernel_net_t *instance; + +METHOD(kernel_net_t, get_source_addr, host_t*, + private_kernel_net_t *this, host_t *dest, host_t *src) +{ + return this->host->clone(this->host); +} + +METHOD(kernel_net_t, get_nexthop, host_t*, + private_kernel_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) +{ + if (iface) + { + *iface = strdup("lo"); + } + return this->host->clone(this->host); +} + +METHOD(kernel_net_t, get_interface, bool, + private_kernel_net_t *this, host_t *host, char **name) +{ + if (host->ip_equals(host, this->host)) + { + if (name) + { + *name = strdup("lo"); + } + return TRUE; + } + return FALSE; +} + +METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, + private_kernel_net_t *this, kernel_address_type_t which) +{ + return enumerator_create_single(this->host, NULL); +} + +METHOD(kernel_net_t, destroy, void, + private_kernel_net_t *this) +{ + this->host->destroy(this->host); + free(this); +} + +/* + * Described in header + */ +kernel_net_t *mock_net_create() +{ + private_kernel_net_t *this; + + INIT(this, + .public = { + .get_source_addr = _get_source_addr, + .get_nexthop = _get_nexthop, + .get_interface = _get_interface, + .create_address_enumerator = _create_address_enumerator, + .create_local_subnet_enumerator = (void*)enumerator_create_empty, + .add_ip = (void*)return_failed, + .del_ip = (void*)return_failed, + .add_route = (void*)return_failed, + .del_route = (void*)return_failed, + .destroy = _destroy, + }, + .host = host_create_from_string("127.0.0.1", 500), + ); + + instance = this; + + return &this->public; +} diff --git a/src/libimcv/plugins/imv_swid/imv_swid.c b/src/libcharon/tests/utils/mock_net.h index cab011580..15ad1ac0c 100644 --- a/src/libimcv/plugins/imv_swid/imv_swid.c +++ b/src/libcharon/tests/utils/mock_net.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,12 +13,24 @@ * for more details. */ -#include "imv_swid_agent.h" +/** + * kernel_net_t implementation used for exchange unit tests. Simply returns + * an IP address so it seems we're connected. + * + * @defgroup mock_net mock_net + * @{ @ingroup test_utils_c + */ -static const char imv_name[] = "SWID"; -static const imv_agent_create_t imv_agent_create = imv_swid_agent_create; +#ifndef MOCK_NET_H_ +#define MOCK_NET_H_ -/* include generic TGC TNC IF-IMV API code below */ +#include <kernel/kernel_net.h> -#include <imv/imv_if.h> +/** + * Create an instance of kernel_net_t + * + * @return created object + */ +kernel_net_t *mock_net_create(); +#endif /** MOCK_NET_H_ @}*/ diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 604899b5a..397ae9b3a 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c index 70ff40466..d5ce77193 100644 --- a/src/libfast/fast_dispatcher.c +++ b/src/libfast/fast_dispatcher.c @@ -30,7 +30,7 @@ #include <collections/linked_list.h> #include <collections/hashtable.h> -/** Intervall to check for expired sessions, in seconds */ +/** Interval to check for expired sessions, in seconds */ #define CLEANUP_INTERVAL 30 typedef struct private_fast_dispatcher_t private_fast_dispatcher_t; diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h index ffa49d9db..3deb0b7dd 100644 --- a/src/libfast/fast_dispatcher.h +++ b/src/libfast/fast_dispatcher.h @@ -83,7 +83,7 @@ struct fast_dispatcher_t { * The first controller added serves as default controller. Client's * get redirected to it if no other controller matches. * - * @param constructor constructor function to the conntroller + * @param constructor constructor function to the controller * @param param param to pass to constructor */ void (*add_controller)(fast_dispatcher_t *this, diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 9f3172074..cde6ce23f 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -75,10 +75,6 @@ libimcv_la_SOURCES := \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -108,10 +104,7 @@ libimcv_la_SOURCES := \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES)) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index a6397c5ff..444de3f42 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -96,10 +96,6 @@ libimcv_la_SOURCES = \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -129,10 +125,7 @@ libimcv_la_SOURCES = \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -183,14 +176,6 @@ if USE_IMV_ATTESTATION SUBDIRS += plugins/imv_attestation endif -if USE_IMC_SWID - SUBDIRS += plugins/imc_swid -endif - -if USE_IMV_SWID - SUBDIRS += plugins/imv_swid -endif - if USE_IMC_SWIMA SUBDIRS += plugins/imc_swima endif diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index ef2c9c35b..105442d20 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -101,12 +101,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) @USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os @USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation @USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation -@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid -@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid -@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima -@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima -@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd +@USE_IMC_SWIMA_TRUE@am__append_10 = plugins/imc_swima +@USE_IMV_SWIMA_TRUE@am__append_11 = plugins/imv_swima +@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv @@ -202,12 +200,11 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \ pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \ seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \ - swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \ - swid/swid_tag_id.lo swid_gen/swid_gen.lo \ - swid_gen/swid_gen_info.lo swima/swima_data_model.lo \ - swima/swima_record.lo swima/swima_event.lo \ - swima/swima_events.lo swima/swima_inventory.lo \ - swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \ + swid_gen/swid_gen.lo swid_gen/swid_gen_info.lo \ + swima/swima_data_model.lo swima/swima_record.lo \ + swima/swima_event.lo swima/swima_events.lo \ + swima/swima_inventory.lo swima/swima_collector.lo \ + swima/swima_error.lo tcg/tcg_attr.lo \ tcg/pts/tcg_pts_attr_proto_caps.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \ @@ -226,9 +223,7 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ tcg/pts/tcg_pts_attr_unix_file_meta.lo \ tcg/seg/tcg_seg_attr_max_size.lo \ tcg/seg/tcg_seg_attr_seg_env.lo \ - tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \ - tcg/swid/tcg_swid_attr_tag_id_inv.lo \ - tcg/swid/tcg_swid_attr_tag_inv.lo + tcg/seg/tcg_seg_attr_next_seg.lo libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -378,8 +373,8 @@ am__tty_colors = { \ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imv_scanner plugins/imc_os plugins/imv_os \ plugins/imc_attestation plugins/imv_attestation \ - plugins/imc_swid plugins/imv_swid plugins/imc_swima \ - plugins/imv_swima plugins/imc_hcd plugins/imv_hcd + plugins/imc_swima plugins/imv_swima plugins/imc_hcd \ + plugins/imv_hcd am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -506,7 +501,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -532,6 +526,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -552,8 +548,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -608,8 +602,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -638,8 +630,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -737,10 +733,6 @@ libimcv_la_SOURCES = \ seg/seg_contract.h seg/seg_contract.c \ seg/seg_contract_manager.h seg/seg_contract_manager.c \ seg/seg_env.h seg/seg_env.c \ - swid/swid_error.h swid/swid_error.c \ - swid/swid_inventory.h swid/swid_inventory.c \ - swid/swid_tag.h swid/swid_tag.c \ - swid/swid_tag_id.h swid/swid_tag_id.c \ swid_gen/swid_gen.h swid_gen/swid_gen.c \ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \ swima/swima_data_model.h swima/swima_data_model.c \ @@ -770,10 +762,7 @@ libimcv_la_SOURCES = \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \ - tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \ - tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ - tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ - tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c + tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk @@ -791,8 +780,7 @@ imv_policy_manager_LDADD = \ SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ $(am__append_5) $(am__append_6) $(am__append_7) \ $(am__append_8) $(am__append_9) $(am__append_10) \ - $(am__append_11) $(am__append_12) $(am__append_13) \ - $(am__append_14) $(am__append_15) + $(am__append_11) $(am__append_12) $(am__append_13) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ @@ -1102,19 +1090,6 @@ seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) seg/seg_contract_manager.lo: seg/$(am__dirstamp) \ seg/$(DEPDIR)/$(am__dirstamp) seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp) -swid/$(am__dirstamp): - @$(MKDIR_P) swid - @: > swid/$(am__dirstamp) -swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) swid/$(DEPDIR) - @: > swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_error.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_inventory.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp) -swid/swid_tag_id.lo: swid/$(am__dirstamp) \ - swid/$(DEPDIR)/$(am__dirstamp) swid_gen/$(am__dirstamp): @$(MKDIR_P) swid_gen @: > swid_gen/$(am__dirstamp) @@ -1204,18 +1179,6 @@ tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \ tcg/seg/$(DEPDIR)/$(am__dirstamp) tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \ tcg/seg/$(DEPDIR)/$(am__dirstamp) -tcg/swid/$(am__dirstamp): - @$(MKDIR_P) tcg/swid - @: > tcg/swid/$(am__dirstamp) -tcg/swid/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) tcg/swid/$(DEPDIR) - @: > tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) -tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \ - tcg/swid/$(DEPDIR)/$(am__dirstamp) libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES) $(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS) @@ -1405,8 +1368,6 @@ mostlyclean-compile: -rm -f seg/*.$(OBJEXT) -rm -f seg/*.lo -rm -f suites/*.$(OBJEXT) - -rm -f swid/*.$(OBJEXT) - -rm -f swid/*.lo -rm -f swid_gen/*.$(OBJEXT) -rm -f swid_gen/*.lo -rm -f swima/*.$(OBJEXT) @@ -1417,8 +1378,6 @@ mostlyclean-compile: -rm -f tcg/pts/*.lo -rm -f tcg/seg/*.$(OBJEXT) -rm -f tcg/seg/*.lo - -rm -f tcg/swid/*.$(OBJEXT) - -rm -f tcg/swid/*.lo distclean-compile: -rm -f *.tab.c @@ -1505,10 +1464,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@ @@ -1547,9 +1502,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -1889,13 +1841,11 @@ clean-libtool: -rm -rf pwg/.libs pwg/_libs -rm -rf rest/.libs rest/_libs -rm -rf seg/.libs seg/_libs - -rm -rf swid/.libs swid/_libs -rm -rf swid_gen/.libs swid_gen/_libs -rm -rf swima/.libs swima/_libs -rm -rf tcg/.libs tcg/_libs -rm -rf tcg/pts/.libs tcg/pts/_libs -rm -rf tcg/seg/.libs tcg/seg/_libs - -rm -rf tcg/swid/.libs tcg/swid/_libs install-dist_templatesDATA: $(dist_templates_DATA) @$(NORMAL_INSTALL) @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ @@ -2233,8 +2183,6 @@ distclean-generic: -rm -f seg/$(am__dirstamp) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) - -rm -f swid/$(DEPDIR)/$(am__dirstamp) - -rm -f swid/$(am__dirstamp) -rm -f swid_gen/$(DEPDIR)/$(am__dirstamp) -rm -f swid_gen/$(am__dirstamp) -rm -f swima/$(DEPDIR)/$(am__dirstamp) @@ -2245,8 +2193,6 @@ distclean-generic: -rm -f tcg/pts/$(am__dirstamp) -rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp) -rm -f tcg/seg/$(am__dirstamp) - -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp) - -rm -f tcg/swid/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -2257,7 +2203,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -2304,7 +2250,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR) + -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 44e0ef24f..b1bcd9214 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,9 +30,7 @@ #include "ietf/swima/ietf_swima_attr_sw_ev.h" #include "generic/generic_attr_bool.h" - -ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, - IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, +ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_SRC_METADATA_RESP, "Testing", "Attribute Request", "Product Information", @@ -46,10 +44,6 @@ ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING, "Remediation Instructions", "Forwarding Enabled", "Factory Default Password Enabled", -); -ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST, - IETF_ATTR_SRC_METADATA_RESP, - IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, "SWIMA Request", "SW Identifier Inventory", "SW Identifier Events", @@ -60,7 +54,6 @@ ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST, "SW Source Metadata Request", "SW Source Metadata Response", ); -ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP); /** * See header diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index cbf4a49a2..0f802fd45 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ typedef enum ietf_attr_t ietf_attr_t; */ enum ietf_attr_t { - /* RFC 5792 */ + /* RFC 5792 PA-TNC */ IETF_ATTR_TESTING = 0, IETF_ATTR_ATTRIBUTE_REQUEST = 1, IETF_ATTR_PRODUCT_INFORMATION = 2, @@ -47,16 +47,16 @@ enum ietf_attr_t { IETF_ATTR_FORWARDING_ENABLED = 11, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12, - /* draft-ietf-sacm-nea-swid-patnc */ - IETF_ATTR_SWIMA_REQUEST = 17, - IETF_ATTR_SW_ID_INVENTORY = 18, - IETF_ATTR_SW_ID_EVENTS = 19, - IETF_ATTR_SW_INVENTORY = 20, - IETF_ATTR_SW_EVENTS = 21, - IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22, - IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23, - IETF_ATTR_SRC_METADATA_REQ = 24, - IETF_ATTR_SRC_METADATA_RESP = 25, + /* RFC 8412 SWIMA */ + IETF_ATTR_SWIMA_REQUEST = 13, + IETF_ATTR_SW_ID_INVENTORY = 14, + IETF_ATTR_SW_ID_EVENTS = 15, + IETF_ATTR_SW_INVENTORY = 16, + IETF_ATTR_SW_EVENTS = 17, + IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 18, + IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 19, + IETF_ATTR_SRC_METADATA_REQ = 20, + IETF_ATTR_SRC_METADATA_RESP = 21, IETF_ATTR_RESERVED = 0xffffffff, }; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c index 75f279298..e543c63ea 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,23 +20,18 @@ #include <bio/bio_reader.h> #include <utils/debug.h> -ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, +ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED, + PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE, "Reserved", "Invalid Parameter", "Version Not Supported", - "Attribute Type Not Supported" -); -ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SWIMA, - PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE, - PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, + "Attribute Type Not Supported", "SWIMA Error", "SWIMA Subscription Denied", "SWIMA Response Too Large", "SWIMA Subscription Fulfillment Error", "SWIMA Subscription ID Reuse" ); -ENUM_END(pa_tnc_error_code_names, PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE); typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t; diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h index dd0be72ff..d5cba97b6 100644 --- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h +++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2017 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,7 +28,7 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t; #include "pa_tnc/pa_tnc_attr.h" /** - * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792 + * IETF Standard PA-TNC Error Codes */ enum pa_tnc_error_code_t { @@ -39,12 +39,12 @@ enum pa_tnc_error_code_t { PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3, PA_ERROR_PA_TNC_MSG_ROOF = 3, - /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */ - PA_ERROR_SWIMA = 32, - PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 33, - PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 34, - PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 35, - PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 36 + /* RFC 8412 SWIMA */ + PA_ERROR_SWIMA = 4, + PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 5, + PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 6, + PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 7, + PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 8 }; /** diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c index d67497373..12212ec18 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_req.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c @@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t; /** * SW Request - * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC + * see section 5.7 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -191,7 +191,7 @@ METHOD(pa_tnc_attr_t, process, status_t, return FAILED; } *offset += 2 + sw_id.len; - + sw_record = swima_record_create(0, sw_id, chunk_empty); this->targets->add(this->targets, sw_record); } diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c index e315c3dbb..47f499518 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c @@ -27,7 +27,7 @@ typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t; /** * Software [Identifier] Events - * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC + * see sections 5.9/5.11 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -165,16 +165,40 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, this->noskip_flag = noskip; } +/** + * This function is shared with ietf_swima_attr_sw_inv.c + **/ +void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer, + uint8_t action, swima_record_t *sw_record, bool has_record) +{ + pen_type_t data_model; + chunk_t sw_locator; + + data_model = sw_record->get_data_model(sw_record); + + writer->write_uint32(writer, sw_record->get_record_id(sw_record)); + writer->write_uint24(writer, data_model.vendor_id); + writer->write_uint8 (writer, data_model.type); + writer->write_uint8 (writer, sw_record->get_source_id(sw_record)); + writer->write_uint8 (writer, action); + writer->write_data16(writer, sw_record->get_sw_id(sw_record, &sw_locator)); + writer->write_data16(writer, sw_locator); + + if (has_record) + { + writer->write_data32(writer, sw_record->get_record(sw_record)); + } +} + METHOD(pa_tnc_attr_t, build, void, private_ietf_swima_attr_sw_ev_t *this) { bio_writer_t *writer; swima_event_t *sw_event; swima_record_t *sw_record; - chunk_t timestamp, sw_id, sw_locator, record; - pen_type_t data_model; - uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch; - uint8_t action, source_id; + chunk_t timestamp; + uint32_t last_eid, last_consulted_eid, eid_epoch; + uint8_t action; enumerator_t *enumerator; if (this->value.ptr) @@ -195,29 +219,14 @@ METHOD(pa_tnc_attr_t, build, void, enumerator = this->events->create_enumerator(this->events); while (enumerator->enumerate(enumerator, &sw_event)) { - eid = sw_event->get_eid(sw_event, ×tamp); action = sw_event->get_action(sw_event); sw_record = sw_event->get_sw_record(sw_event); - record_id = sw_record->get_record_id(sw_record); - data_model = sw_record->get_data_model(sw_record); - source_id = sw_record->get_source_id(sw_record); - sw_id = sw_record->get_sw_id(sw_record, &sw_locator); - writer->write_uint32(writer, eid); + writer->write_uint32(writer, sw_event->get_eid(sw_event, ×tamp)); writer->write_data (writer, timestamp); - writer->write_uint32(writer, record_id); - writer->write_uint24(writer, data_model.vendor_id); - writer->write_uint8 (writer, data_model.type); - writer->write_uint8 (writer, source_id); - writer->write_uint8 (writer, action); - writer->write_data16(writer, sw_id); - writer->write_data16(writer, sw_locator); - - if (this->type.type == IETF_ATTR_SW_EVENTS) - { - record = sw_record->get_record(sw_record); - writer->write_data32(writer, record); - } + + ietf_swima_attr_sw_ev_build_sw_record(writer, action, sw_record, + this->type.type == IETF_ATTR_SW_EVENTS); } enumerator->destroy(enumerator); @@ -227,15 +236,56 @@ METHOD(pa_tnc_attr_t, build, void, writer->destroy(writer); } +/** + * This function is shared with ietf_swima_attr_sw_inv.c + **/ +bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader, + uint8_t *action, swima_record_t **sw_record, bool has_record) +{ + pen_type_t data_model; + swima_record_t *sw_rec; + uint32_t data_model_pen, record_id; + uint8_t data_model_type, source_id, reserved; + chunk_t sw_id, sw_locator, record = chunk_empty; + + if (!reader->read_uint32(reader, &record_id) || + !reader->read_uint24(reader, &data_model_pen) || + !reader->read_uint8 (reader, &data_model_type) || + !reader->read_uint8 (reader, &source_id) || + !reader->read_uint8 (reader, &reserved) || + !reader->read_data16(reader, &sw_id) || + !reader->read_data16(reader, &sw_locator)) + { + return FALSE; + } + + if (action) + { + *action = reserved; + } + + if (has_record && !reader->read_data32(reader, &record)) + { + return FALSE; + } + + data_model = pen_type_create(data_model_pen, data_model_type); + sw_rec = swima_record_create(record_id, sw_id, sw_locator); + sw_rec->set_data_model(sw_rec, data_model); + sw_rec->set_source_id(sw_rec, source_id); + sw_rec->set_record(sw_rec, record); + *sw_record = sw_rec; + + return TRUE; +} + METHOD(pa_tnc_attr_t, process, status_t, private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t data_model_pen, record_id; uint32_t eid, eid_epoch, last_eid, last_consulted_eid; - uint8_t data_model_type, source_id, action; - pen_type_t data_model; - chunk_t sw_id, sw_locator, record, timestamp; + uint8_t action; + chunk_t timestamp; swima_event_t *sw_event; swima_record_t *sw_record; status_t status = NEED_MORE; @@ -273,38 +323,24 @@ METHOD(pa_tnc_attr_t, process, status_t, { if (!reader->read_uint32(reader, &eid) || !reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, ×tamp) || - !reader->read_uint32(reader, &record_id) || - !reader->read_uint24(reader, &data_model_pen) || - !reader->read_uint8 (reader, &data_model_type) || - !reader->read_uint8 (reader, &source_id) || - !reader->read_uint8 (reader, &action) || - !reader->read_data16(reader, &sw_id) || - !reader->read_data16(reader, &sw_locator)) + !ietf_swima_attr_sw_ev_process_sw_record(reader, &action, &sw_record, + this->type.type == IETF_ATTR_SW_EVENTS)) { goto end; } - record = chunk_empty; - if (action == 0 || action > SWIMA_EVENT_ACTION_LAST) + if (action == SWIMA_EVENT_ACTION_NONE || + action > SWIMA_EVENT_ACTION_LAST) { DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names, PEN_IETF, ietf_attr_names, this->type.type); *offset = this->offset; + sw_record->destroy(sw_record); reader->destroy(reader); return FAILED; } - if (this->type.type == IETF_ATTR_SW_EVENTS && - !reader->read_data32(reader, &record)) - { - goto end; - } - data_model = pen_type_create(data_model_pen, data_model_type); - sw_record = swima_record_create(record_id, sw_id, sw_locator); - sw_record->set_data_model(sw_record, data_model); - sw_record->set_source_id(sw_record, source_id); - sw_record->set_record(sw_record, record); sw_event = swima_event_create(eid, timestamp, action, sw_record); this->events->add(this->events, sw_event); this->offset += this->value.len - reader->remaining(reader); diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c index ee5b16b92..8035dbb07 100644 --- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c +++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c @@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t /** * Software [Identifier] Inventory - * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC + * see sections 5.8/5.10 of RFC 8412 SWIMA * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -43,7 +43,9 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Data Model Type PEN |Data Model Type| * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Source ID Num | Software Identifier Length |Software Id (v)| + * | Source ID Num | Reserved | Software Identifier Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Software Identifier (Variable Length) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Software Locator Length | Software Locator (Var. Len) | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -148,15 +150,18 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, this->noskip_flag = noskip; } +/** + * This function is shared with ietf_swima_attr_sw_ev.c + **/ +extern void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer, + uint8_t action, swima_record_t *sw_record, bool has_record); + METHOD(pa_tnc_attr_t, build, void, private_ietf_swima_attr_sw_inv_t *this) { bio_writer_t *writer; swima_record_t *sw_record; - chunk_t sw_id, sw_locator, record; - pen_type_t data_model; - uint32_t record_id, last_eid, eid_epoch; - uint8_t source_id; + uint32_t last_eid, eid_epoch; enumerator_t *enumerator; if (this->value.ptr) @@ -175,23 +180,8 @@ METHOD(pa_tnc_attr_t, build, void, enumerator = this->inventory->create_enumerator(this->inventory); while (enumerator->enumerate(enumerator, &sw_record)) { - record_id = sw_record->get_record_id(sw_record); - data_model = sw_record->get_data_model(sw_record); - source_id = sw_record->get_source_id(sw_record); - sw_id = sw_record->get_sw_id(sw_record, &sw_locator); - - writer->write_uint32(writer, record_id); - writer->write_uint24(writer, data_model.vendor_id); - writer->write_uint8 (writer, data_model.type); - writer->write_uint8 (writer, source_id); - writer->write_data16(writer, sw_id); - writer->write_data16(writer, sw_locator); - - if (this->type.type == IETF_ATTR_SW_INVENTORY) - { - record = sw_record->get_record(sw_record); - writer->write_data32(writer, record); - } + ietf_swima_attr_sw_ev_build_sw_record(writer, 0x00, sw_record, + this->type.type == IETF_ATTR_SW_INVENTORY); } enumerator->destroy(enumerator); @@ -201,14 +191,17 @@ METHOD(pa_tnc_attr_t, build, void, writer->destroy(writer); } +/** + * This function is shared with ietf_swima_attr_sw_ev.c + **/ +extern bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader, + uint8_t *action, swima_record_t **sw_record, bool has_record); + METHOD(pa_tnc_attr_t, process, status_t, private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset) { bio_reader_t *reader; - uint32_t data_model_pen, record_id, last_eid, eid_epoch; - uint8_t data_model_type, source_id; - pen_type_t data_model; - chunk_t sw_id, sw_locator, record; + uint32_t last_eid, eid_epoch; swima_record_t *sw_record; status_t status = NEED_MORE; @@ -241,27 +234,12 @@ METHOD(pa_tnc_attr_t, process, status_t, while (this->record_count) { - if (!reader->read_uint32(reader, &record_id) || - !reader->read_uint24(reader, &data_model_pen) || - !reader->read_uint8 (reader, &data_model_type) || - !reader->read_uint8 (reader, &source_id) || - !reader->read_data16(reader, &sw_id) || - !reader->read_data16(reader, &sw_locator)) + if (!ietf_swima_attr_sw_ev_process_sw_record(reader, NULL, &sw_record, + this->type.type == IETF_ATTR_SW_INVENTORY)) { goto end; } - record = chunk_empty; - if (this->type.type == IETF_ATTR_SW_INVENTORY && - !reader->read_data32(reader, &record)) - { - goto end; - } - data_model = pen_type_create(data_model_pen, data_model_type); - sw_record = swima_record_create(record_id, sw_id, sw_locator); - sw_record->set_data_model(sw_record, data_model); - sw_record->set_source_id(sw_record, source_id); - sw_record->set_record(sw_record, record); this->inventory->add(this->inventory, sw_record); this->offset += this->value.len - reader->remaining(reader); this->value = reader->peek(reader); diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 3a7a16bc2..ec44d587f 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -74,6 +74,11 @@ struct private_imc_agent_t { rwlock_t *connection_lock; /** + * Is the transport protocol PT-TLS? + */ + bool has_pt_tls; + + /** * Inform a TNCC about the set of message types the IMC is able to receive * * @param imc_id IMC ID assigned by TNCC @@ -372,6 +377,8 @@ METHOD(imc_agent_t, create_state, TNC_Result, DBG2(DBG_IMC, " over %s %s with maximum PA-TNC message size of %u bytes", t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); + this->has_pt_tls = streq(t_p, "IF-T for TLS"); + free(tnccs_p); free(tnccs_v); free(t_p); @@ -403,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, imc_state_t **state_p) { imc_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -418,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -426,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMC, "state '%N' should be handled by create_state()", @@ -531,6 +546,12 @@ METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*, return this->non_fatal_attr_types; } +METHOD(imc_agent_t, has_pt_tls, bool, + private_imc_agent_t *this) +{ + return this->has_pt_tls; +} + METHOD(imc_agent_t, destroy, void, private_imc_agent_t *this) { @@ -575,6 +596,7 @@ imc_agent_t *imc_agent_create(const char *name, .create_id_enumerator = _create_id_enumerator, .add_non_fatal_attr_type = _add_non_fatal_attr_type, .get_non_fatal_attr_types = _get_non_fatal_attr_types, + .has_pt_tls = _has_pt_tls, .destroy = _destroy, }, .name = name, diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index bac1b4832..27c749954 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -182,6 +182,13 @@ struct imc_agent_t { linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this); /** + * Is the transport protocol PT-TLS? + * + * return TRUE if PT-TLS + */ + bool (*has_pt_tls)(imc_agent_t *this); + + /** * Destroys an imc_agent_t object */ void (*destroy)(imc_agent_t *this); diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index d8aeab996..bd55f7356 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -92,8 +92,10 @@ struct imc_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imc_state_t *this, + TNC_ConnectionState new_state); /** * Set the Assessment/Evaluation Result @@ -115,6 +117,11 @@ struct imc_state_t { TNC_IMV_Evaluation_Result *result); /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imc_state_t *this); + + /** * Destroys an imc_state_t object */ void (*destroy)(imc_state_t *this); diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 860573c31..5d5283620 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -556,6 +556,24 @@ INSERT INTO products ( /* 93 */ 'Debian 8.10 x86_64' ); +INSERT INTO products ( /* 94 */ + name +) VALUES ( + 'Debian 8.11 i686' +); + +INSERT INTO products ( /* 95 */ + name +) VALUES ( + 'Debian 8.11 x86_64' +); + +INSERT INTO products ( /* 96 */ + name +) VALUES ( + 'Ubuntu 18.04 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -968,19 +986,19 @@ INSERT INTO groups ( /* 10 */ 'Ref. Linux', 8 ); -INSERT INTO groups ( /* 11 */ +INSERT INTO groups ( /* 11 */ name ) VALUES ( 'TPM BIOS' ); -INSERT INTO groups ( /* 12 */ +INSERT INTO groups ( /* 12 */ name ) VALUES ( 'TPM IMA' ); -INSERT INTO groups ( /* 13 */ +INSERT INTO groups ( /* 13 */ name ) VALUES ( 'TPM BIOS/IMA' @@ -998,7 +1016,7 @@ INSERT INTO groups ( /* 15 */ 'Debian armv7l', 2 ); -INSERT INTO groups ( /* 16 */ +INSERT INTO groups ( /* 16 */ name ) VALUES ( 'TPM TBOOT' @@ -1123,6 +1141,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 4, 94 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 5, 2 ); @@ -1237,6 +1261,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 5, 95 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 6, 9 ); @@ -1387,6 +1417,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 7, 96 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 3, 21 ); diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index bb0b3b75b..14623ad8d 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, imv_state_t **state_p) { imv_state_t *state; + TNC_ConnectionState old_state; switch (new_state) { @@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result, this->id, this->name, connection_id); return TNC_RESULT_FATAL; } - state->change_state(state, new_state); + old_state = state->change_state(state, new_state); DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'", this->id, this->name, connection_id, TNC_Connection_State_names, new_state); @@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result, { *state_p = state; } + if (new_state == TNC_CONNECTION_STATE_HANDSHAKE && + old_state != TNC_CONNECTION_STATE_CREATE) + { + state->reset(state); + DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u", + this->id, this->name, connection_id); + } break; case TNC_CONNECTION_STATE_CREATE: DBG1(DBG_IMV, "state '%N' should be handled by create_state()", @@ -643,7 +651,7 @@ METHOD(enumerator_t, language_enumerator_enumerate, bool, if (pos) { len = pos - this->lang_pos; - this->lang_pos += len + 1, + this->lang_pos += len + 1; this->lang_len -= len + 1; } else diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c index b444abdbb..03f583204 100644 --- a/src/libimcv/imv/imv_database.c +++ b/src/libimcv/imv/imv_database.c @@ -143,7 +143,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) } /* create a new session entry */ - created = session->get_creation_time(session); + created = time(NULL); conn_id = session->get_connection_id(session); this->db->execute(this->db, &session_id, "INSERT INTO sessions (time, connection, product, device) " @@ -161,6 +161,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session) return FALSE; } session->set_session_id(session, session_id, pid, did); + session->set_creation_time(session, created); enumerator = session->create_ar_identities_enumerator(session); while (enumerator->enumerate(enumerator, &tnc_id)) diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c index bc6b5a8d1..830dd48d4 100644 --- a/src/libimcv/imv/imv_session.c +++ b/src/libimcv/imv/imv_session.c @@ -121,6 +121,12 @@ METHOD(imv_session_t, get_connection_id, TNC_ConnectionID, return this->conn_id; } +METHOD(imv_session_t, set_creation_time, void, + private_imv_session_t *this, time_t created) +{ + this->created = created; +} + METHOD(imv_session_t, get_creation_time, time_t, private_imv_session_t *this) { @@ -259,7 +265,7 @@ METHOD(imv_session_t, destroy, void, /** * See header */ -imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, +imv_session_t *imv_session_create(TNC_ConnectionID conn_id, linked_list_t *ar_identities) { private_imv_session_t *this; @@ -269,6 +275,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, .set_session_id = _set_session_id, .get_session_id = _get_session_id, .get_connection_id = _get_connection_id, + .set_creation_time = _set_creation_time, .get_creation_time = _get_creation_time, .create_ar_identities_enumerator = _create_ar_identities_enumerator, .get_os_info = _get_os_info, @@ -286,7 +293,6 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created, .destroy = _destroy, }, .conn_id = conn_id, - .created = created, .ar_identities = ar_identities, .os_info = imv_os_info_create(), .workitems = linked_list_create(), diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h index 107716f30..a2f6fc2a8 100644 --- a/src/libimcv/imv/imv_session.h +++ b/src/libimcv/imv/imv_session.h @@ -63,6 +63,13 @@ struct imv_session_t { TNC_ConnectionID (*get_connection_id)(imv_session_t *this); /** + * Set session creation time + * + * @param created Session creation time + */ + void (*set_creation_time)(imv_session_t *this, time_t created); + + /** * Get session creation time * * @return Session creation time @@ -170,10 +177,9 @@ struct imv_session_t { * Create an imv_session_t instance * * @param id Associated Connection ID - * @param created Session creation time * @param ar_identities List of Access Requestor identities */ -imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created, - linked_list_t *ar_identities); +imv_session_t* imv_session_create(TNC_ConnectionID id, + linked_list_t *ar_identities); #endif /** IMV_SESSION_H_ @}*/ diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c index c97602998..2e3cfa466 100644 --- a/src/libimcv/imv/imv_session_manager.c +++ b/src/libimcv/imv/imv_session_manager.c @@ -51,7 +51,6 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*, enumerator_t *enumerator; tncif_identity_t *tnc_id; imv_session_t *current, *session = NULL; - time_t created; this->mutex->lock(this->mutex); @@ -105,8 +104,7 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*, enumerator->destroy(enumerator); /* create a new session entry */ - created = time(NULL); - session = imv_session_create(conn_id, created, ar_identities); + session = imv_session_create(conn_id, ar_identities); this->sessions->insert_last(this->sessions, session); this->mutex->unlock(this->mutex); diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index 30ed612b3..4571da2fa 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -119,8 +119,10 @@ struct imv_state_t { * Change the connection state * * @param new_state new connection state + * @return old connection state */ - void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state); + TNC_ConnectionState (*change_state)(imv_state_t *this, + TNC_ConnectionState new_state); /** * Get IMV action recommendation and evaluation result @@ -182,6 +184,11 @@ struct imv_state_t { char **uri); /** + * Resets the state for a new measurement cycle triggered by a SRETRY batch + */ + void (*reset)(imv_state_t *this); + + /** * Destroys an imv_state_t object */ void (*destroy)(imv_state_t *this); diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index bc079ff12..4817d3fc5 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 0dd88b6a7..f592a5134 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_attestation_state_create(connection_id); return imc_attestation->create_state(imc_attestation, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_attestation->change_state(imc_attestation, connection_id, - new_state, &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_attestation->delete_state(imc_attestation, connection_id); - case TNC_CONNECTION_STATE_ACCESS_ISOLATED: - case TNC_CONNECTION_STATE_ACCESS_NONE: default: return imc_attestation->change_state(imc_attestation, connection_id, new_state, NULL); diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index b789a2104..f8e0b8d2c 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_attestation_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->components->destroy_offset(this->components, + offsetof(pts_component_t, destroy)); + this->components = linked_list_create(); + this->list->destroy_offset(this->list, + offsetof(pts_comp_evidence_t, destroy)); + this->list = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(TRUE); +} + METHOD(imc_state_t, destroy, void, private_imc_attestation_state_t *this) { @@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_pts = _get_pts, diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 1b71b26d0..e6074a35c 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd.c b/src/libimcv/plugins/imc_hcd/imc_hcd.c index b631683ce..09ba8bc0b 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c @@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_hcd_state_create(connection_id); return imc_hcd->create_state(imc_hcd, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_hcd->change_state(imc_hcd, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_hcd->delete_state(imc_hcd, connection_id); default: @@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg) if (hex_string) { blob = chunk_from_hex(chunk_from_str(hex_string), NULL); - + DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE, &blob); attr = generic_attr_chunk_create(blob, @@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad) "%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version", "", lib->ns, section, quad->section, app); hex_version = lib->settings->get_str(lib->settings, - "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", + "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version", hex_version_default, lib->ns, section, quad->section, app); /* convert hex string into binary chunk */ diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c index 60ccdce81..b2207f28a 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_hcd_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_hcd_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index e62c04bea..4821d43f7 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index d7b508ab9..a10492e04 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_os_state_create(connection_id); return imc_os->create_state(imc_os, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_os->change_state(imc_os, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_os->delete_state(imc_os, connection_id); default: diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index a38696a81..d26454719 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_os_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_os_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index a054a475b..c55ac867c 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index 93ed4271b..c4fc254cf 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_scanner_state_create(connection_id); return imc_scanner->create_state(imc_scanner, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_scanner->change_state(imc_scanner, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_scanner->delete_state(imc_scanner, connection_id); default: diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index c1b7a50e4..2a2214841 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_scanner_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_scanner_state_t *this) { @@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, }, diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am deleted file mode 100644 index 22f2e3762..000000000 --- a/src/libimcv/plugins/imc_swid/Makefile.am +++ /dev/null @@ -1,36 +0,0 @@ -regid = strongswan.org -unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)__$(unique_sw_id).swidtag - -swiddir = $(pkgdatadir)/swidtag -dist_swid_DATA = $(swid_tag) -EXTRA_DIST = $(regid)__strongSwan.swidtag.in -CLEANFILES = $(regid)__strongSwan*.swidtag - -$(swid_tag) : $(regid)__strongSwan.swidtag.in - $(AM_V_GEN) \ - sed \ - -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ - -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ - -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ - -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ - -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -DSWID_DIRECTORY=\"${prefix}/share\" - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) - -imcv_LTLIBRARIES = imc-swid.la - -imc_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la - -imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c - -imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in deleted file mode 100644 index f58935f2e..000000000 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ /dev/null @@ -1,831 +0,0 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2014 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/libimcv/plugins/imc_swid -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \ - $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)" -LTLIBRARIES = $(imcv_LTLIBRARIES) -imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la -am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo -imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(imc_swid_la_SOURCES) -DIST_SOURCES = $(imc_swid_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(dist_swid_DATA) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ATOMICLIB = @ATOMICLIB@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -EASY_INSTALL = @EASY_INSTALL@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ -GEM = @GEM@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -PY_TEST = @PY_TEST@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYGEMDIR = @RUBYGEMDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -json_CFLAGS = @json_CFLAGS@ -json_LIBS = @json_LIBS@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libfuzzer = @libfuzzer@ -libiptc_CFLAGS = @libiptc_CFLAGS@ -libiptc_LIBS = @libiptc_LIBS@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -p_plugins = @p_plugins@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ -runstatedir = @runstatedir@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemd_CFLAGS = @systemd_CFLAGS@ -systemd_LIBS = @systemd_LIBS@ -systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ -systemd_daemon_LIBS = @systemd_daemon_LIBS@ -systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ -systemd_journal_LIBS = @systemd_journal_LIBS@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -tss2_CFLAGS = @tss2_CFLAGS@ -tss2_LIBS = @tss2_LIBS@ -tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ -tss2_socket_LIBS = @tss2_socket_LIBS@ -tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ -tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -regid = strongswan.org -unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW) -swid_tag = $(regid)__$(unique_sw_id).swidtag -swiddir = $(pkgdatadir)/swidtag -dist_swid_DATA = $(swid_tag) -EXTRA_DIST = $(regid)__strongSwan.swidtag.in -CLEANFILES = $(regid)__strongSwan*.swidtag -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv \ - -DSWID_DIRECTORY=\"${prefix}/share\" - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) - -imcv_LTLIBRARIES = imc-swid.la -imc_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la - -imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c -imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ - } - -uninstall-imcvLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ - done - -clean-imcvLTLIBRARIES: - -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) - @list='$(imcv_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES) - $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid_state.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-dist_swidDATA: $(dist_swid_DATA) - @$(NORMAL_INSTALL) - @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \ - done - -uninstall-dist_swidDATA: - @$(NORMAL_UNINSTALL) - @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir) - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) -installdirs: - for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dist_swidDATA install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-imcvLTLIBRARIES install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \ - uninstall-imcvLTLIBRARIES - -.PRECIOUS: Makefile - - -$(swid_tag) : $(regid)__strongSwan.swidtag.in - $(AM_V_GEN) \ - sed \ - -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \ - -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \ - -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \ - -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \ - $(srcdir)/$(regid)__strongSwan.swidtag.in > $@ - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c deleted file mode 100644 index 1468a59cc..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imc_swid_state.h" - -#include <imc/imc_agent.h> -#include <imc/imc_msg.h> -#include "tcg/seg/tcg_seg_attr_max_size.h" -#include "tcg/seg/tcg_seg_attr_seg_env.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "swid/swid_inventory.h" -#include "swid/swid_error.h" - -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <utils/debug.h> - -/* IMC definitions */ - -static const char imc_name[] = "SWID"; - -static pen_type_t msg_types[] = { - { PEN_TCG, PA_SUBTYPE_TCG_SWID } -}; - -static imc_agent_t *imc_swid; - -/** - * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, - TNC_Version min_version, - TNC_Version max_version, - TNC_Version *actual_version) -{ - if (imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name); - return TNC_RESULT_ALREADY_INITIALIZED; - } - imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types), - imc_id, actual_version); - if (!imc_swid) - { - return TNC_RESULT_FATAL; - } - if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1) - { - DBG1(DBG_IMC, "no common IF-IMC version"); - return TNC_RESULT_NO_COMMON_VERSION; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_ConnectionState new_state) -{ - imc_state_t *state; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imc_swid_state_create(connection_id); - return imc_swid->create_state(imc_swid, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_swid->change_state(imc_swid, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) - { - return TNC_RESULT_FATAL; - } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - return TNC_RESULT_SUCCESS; - case TNC_CONNECTION_STATE_DELETE: - return imc_swid->delete_state(imc_swid, connection_id); - default: - return imc_swid->change_state(imc_swid, connection_id, - new_state, NULL); - } -} - -/** - * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - imc_state_t *state; - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - size_t max_attr_size = SWID_MAX_ATTR_SIZE; - size_t max_seg_size; - char buf[BUF_LEN]; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMV */ - contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, - TRUE, imc_id, TRUE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMC, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); - - /* send PA-TNC message with the excl flag not set */ - out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id, - TNC_IMVID_ANY, msg_types[0]); - out_msg->add_attribute(out_msg, attr); - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - - return result; -} - -/** - * Add one or multiple SWID Inventory attributes to the send queue - */ -static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, - uint32_t request_id, bool full_tags, - swid_inventory_t *targets) -{ - pa_tnc_attr_t *attr, *attr_error; - imc_swid_state_t *swid_state; - swid_inventory_t *swid_inventory; - char *swid_directory; - uint32_t eid_epoch; - bool swid_pretty, swid_full; - enumerator_t *enumerator; - - swid_directory = lib->settings->get_str(lib->settings, - "%s.plugins.imc-swid.swid_directory", - SWID_DIRECTORY, lib->ns); - swid_pretty = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-swid.swid_pretty", - FALSE, lib->ns); - swid_full = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-swid.swid_full", - FALSE, lib->ns); - - swid_inventory = swid_inventory_create(full_tags); - if (!swid_inventory->collect(swid_inventory, swid_directory, targets, - swid_pretty, swid_full)) - { - swid_inventory->destroy(swid_inventory); - attr_error = swid_error_create(TCG_SWID_ERROR, request_id, - 0, "error in SWID tag collection"); - msg->add_attribute(msg, attr_error); - return FALSE; - } - DBG1(DBG_IMC, "collected %d SWID tag%s%s", - swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID", - swid_inventory->get_count(swid_inventory) == 1 ? "" : "s"); - - swid_state = (imc_swid_state_t*)state; - eid_epoch = swid_state->get_eid_epoch(swid_state); - - if (full_tags) - { - tcg_swid_attr_tag_inv_t *swid_attr; - swid_tag_t *tag; - - /* Send a TCG SWID Tag Inventory attribute */ - attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1); - swid_attr = (tcg_swid_attr_tag_inv_t*)attr; - - enumerator = swid_inventory->create_enumerator(swid_inventory); - while (enumerator->enumerate(enumerator, &tag)) - { - swid_attr->add(swid_attr, tag->get_ref(tag)); - } - enumerator->destroy(enumerator); - } - else - { - tcg_swid_attr_tag_id_inv_t *swid_id_attr; - swid_tag_id_t *tag_id; - - /* Send a TCG SWID Tag ID Inventory attribute */ - attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1); - swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr; - - enumerator = swid_inventory->create_enumerator(swid_inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id)); - } - enumerator->destroy(enumerator); - } - - msg->add_attribute(msg, attr); - swid_inventory->destroy(swid_inventory); - - return TRUE; -} - -static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) -{ - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - enumerator_t *enumerator; - pen_type_t type; - TNC_Result result; - bool fatal_error = FALSE; - - /* generate an outgoing PA-TNC message - we might need it */ - out_msg = imc_msg_create_as_reply(in_msg); - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, out_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - out_msg->destroy(out_msg); - return result; - } - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - tcg_swid_attr_req_t *attr_req; - uint8_t flags; - uint32_t request_id; - bool full_tags; - swid_inventory_t *targets; - - type = attr->get_type(attr); - - if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST) - { - continue; - } - - attr_req = (tcg_swid_attr_req_t*)attr; - flags = attr_req->get_flags(attr_req); - request_id = attr_req->get_request_id(attr_req); - targets = attr_req->get_targets(attr_req); - - if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C)) - { - attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id, - 0, "no subscription available yet"); - out_msg->add_attribute(out_msg, attr); - break; - } - full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0; - - if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets)) - { - break; - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - result = TNC_RESULT_FATAL; - } - else - { - /* send PA-TNC message with the EXCL flag set */ - result = out_msg->send(out_msg, TRUE); - } - out_msg->destroy(out_msg); - - return result; -} - -/** - * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3 - - */ -TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type) -{ - imc_state_t *state; - imc_msg_t *in_msg; - TNC_Result result; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type, - chunk_create(msg, msg_len)); - result = receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3 - */ -TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) -{ - imc_state_t *state; - imc_msg_t *in_msg; - TNC_Result result; - - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swid->get_state(imc_swid, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id, - src_imv_id, dst_imc_id,msg_vid, msg_subtype, - chunk_create(msg, msg_len)); - result =receive_message(state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -/** - * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return TNC_RESULT_SUCCESS; -} - -/** - * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - imc_swid->destroy(imc_swid); - imc_swid = NULL; - - return TNC_RESULT_SUCCESS; -} - -/** - * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id, - TNC_TNCC_BindFunctionPointer bind_function) -{ - if (!imc_swid) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return imc_swid->bind_functions(imc_swid, bind_function); -} diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c deleted file mode 100644 index 8d5e8e089..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imc_swid_state.h" - -#include <tncif_names.h> - -#include <utils/debug.h> - -typedef struct private_imc_swid_state_t private_imc_swid_state_t; - -/** - * Private data of an imc_swid_state_t object. - */ -struct private_imc_swid_state_t { - - /** - * Public members of imc_swid_state_t - */ - imc_swid_state_t public; - - /** - * TNCCS connection ID - */ - TNC_ConnectionID connection_id; - - /** - * TNCCS connection state - */ - TNC_ConnectionState state; - - /** - * Assessment/Evaluation Result - */ - TNC_IMV_Evaluation_Result result; - - /** - * Does the TNCCS connection support long message types? - */ - bool has_long; - - /** - * Does the TNCCS connection support exclusive delivery? - */ - bool has_excl; - - /** - * Maximum PA-TNC message size for this TNCCS connection - */ - uint32_t max_msg_len; - - /** - * PA-TNC attribute segmentation contracts associated with TNCCS connection - */ - seg_contract_manager_t *contracts; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; -}; - -METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, - private_imc_swid_state_t *this) -{ - return this->connection_id; -} - -METHOD(imc_state_t, has_long, bool, - private_imc_swid_state_t *this) -{ - return this->has_long; -} - -METHOD(imc_state_t, has_excl, bool, - private_imc_swid_state_t *this) -{ - return this->has_excl; -} - -METHOD(imc_state_t, set_flags, void, - private_imc_swid_state_t *this, bool has_long, bool has_excl) -{ - this->has_long = has_long; - this->has_excl = has_excl; -} - -METHOD(imc_state_t, set_max_msg_len, void, - private_imc_swid_state_t *this, uint32_t max_msg_len) -{ - this->max_msg_len = max_msg_len; -} - -METHOD(imc_state_t, get_max_msg_len, uint32_t, - private_imc_swid_state_t *this) -{ - return this->max_msg_len; -} - -METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, - private_imc_swid_state_t *this) -{ - return this->contracts; -} - -METHOD(imc_state_t, change_state, void, - private_imc_swid_state_t *this, TNC_ConnectionState new_state) -{ - this->state = new_state; -} - -METHOD(imc_state_t, set_result, void, - private_imc_swid_state_t *this, TNC_IMCID id, - TNC_IMV_Evaluation_Result result) -{ - this->result = result; -} - -METHOD(imc_state_t, get_result, bool, - private_imc_swid_state_t *this, TNC_IMCID id, - TNC_IMV_Evaluation_Result *result) -{ - if (result) - { - *result = this->result; - } - return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; -} - -METHOD(imc_state_t, destroy, void, - private_imc_swid_state_t *this) -{ - this->contracts->destroy(this->contracts); - free(this); -} - -METHOD(imc_swid_state_t, get_eid_epoch, uint32_t, - private_imc_swid_state_t *this) -{ - return this->eid_epoch; -} - -/** - * Described in header. - */ -imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) -{ - private_imc_swid_state_t *this; - uint32_t eid_epoch; - nonce_gen_t *ng; - - ng = lib->crypto->create_nonce_gen(lib->crypto); - if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch)) - { - DBG1(DBG_TNC, "failed to generate random EID epoch value"); - DESTROY_IF(ng); - return NULL; - } - ng->destroy(ng); - - DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch); - - INIT(this, - .public = { - .interface = { - .get_connection_id = _get_connection_id, - .has_long = _has_long, - .has_excl = _has_excl, - .set_flags = _set_flags, - .set_max_msg_len = _set_max_msg_len, - .get_max_msg_len = _get_max_msg_len, - .get_contracts = _get_contracts, - .change_state = _change_state, - .set_result = _set_result, - .get_result = _get_result, - .destroy = _destroy, - }, - .get_eid_epoch = _get_eid_epoch, - }, - .state = TNC_CONNECTION_STATE_CREATE, - .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, - .connection_id = connection_id, - .contracts = seg_contract_manager_create(), - .eid_epoch = eid_epoch, - ); - - - return &this->public.interface; -} - - diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h deleted file mode 100644 index c658549c8..000000000 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imc_swid imc_swid - * @ingroup libimcv_plugins - * - * @defgroup imc_swid_state_t imc_swid_state - * @{ @ingroup imc_swid - */ - -#ifndef IMC_SWID_STATE_H_ -#define IMC_SWID_STATE_H_ - -#include <imc/imc_state.h> -#include <library.h> - -typedef struct imc_swid_state_t imc_swid_state_t; - -/** - * Internal state of an imc_swid_t connection instance - */ -struct imc_swid_state_t { - - /** - * imc_state_t interface - */ - imc_state_t interface; - - /** - * Get Event ID Epoch - * - * @return Event ID Epoch - */ - uint32_t (*get_eid_epoch)(imc_swid_state_t *this); - -}; - -/** - * Create an imc_swid_state_t instance - * - * @param id connection ID - */ -imc_state_t* imc_swid_state_create(TNC_ConnectionID id); - -#endif /** IMC_SWID_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in deleted file mode 100644 index 0e5aa8d4d..000000000 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<SoftwareIdentity - name="strongSwan" - tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@" - version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric" - xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> - <Entity - name="strongSwan Project" - regid="strongswan.org" - role="softwareCreator licensor tagCreator"/> -</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am index 4a29e7949..e31f98d33 100644 --- a/src/libimcv/plugins/imc_swima/Makefile.am +++ b/src/libimcv/plugins/imc_swima/Makefile.am @@ -19,11 +19,13 @@ $(swid_tag) : $(regid)__strongSwan.swidtag.in AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\" AM_CFLAGS = \ $(PLUGIN_CFLAGS) $(json_CFLAGS) + imcv_LTLIBRARIES = imc-swima.la imc_swima_la_LIBADD = \ diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in index ed2191921..62805151e 100644 --- a/src/libimcv/plugins/imc_swima/Makefile.in +++ b/src/libimcv/plugins/imc_swima/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -460,7 +461,8 @@ CLEANFILES = $(regid)__strongSwan*.swidtag AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\" AM_CFLAGS = \ $(PLUGIN_CFLAGS) $(json_CFLAGS) diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c index 67080e050..be258d335 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima.c +++ b/src/libimcv/plugins/imc_swima/imc_swima.c @@ -30,6 +30,17 @@ #include <pen/pen.h> #include <utils/debug.h> +#include <errno.h> +#include <poll.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/inotify.h> +#include <unistd.h> + +#ifndef SW_COLLECTOR +#define SW_COLLECTOR NULL +#endif + /* IMC definitions */ static const char imc_name[] = "SWIMA"; @@ -68,6 +79,75 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id, } /** + * Poll for IN_CLOSE_WRITE event on the apt history.log + */ +static bool poll_history_log(void) +{ + int fd, wd, res; + nfds_t nfds; + struct pollfd fds[1]; + char *history_path; + bool success = FALSE; + + history_path = lib->settings->get_str(lib->settings, "sw-collector.history", + NULL); + if (!history_path) + { + DBG1(DBG_IMC, "sw-collector.history path not set"); + return FALSE; + } + + /* Create the file descriptor for accessing the inotify API */ + fd = inotify_init1(IN_NONBLOCK); + if (fd == -1) + { + DBG1(DBG_IMC, "inotify file descriptor could not be created"); + return FALSE; + } + + /* Watch for CLOSE_WRITE events on history log */ + wd = inotify_add_watch(fd, history_path, IN_CLOSE_WRITE); + if (wd == -1) + { + DBG1(DBG_IMC, "cannot watch '%s'", history_path); + goto end; + } + + /* Prepare for polling */ + nfds = 1; + + /* Inotify input */ + fds[0].fd = fd; + fds[0].events = POLLIN; + + while (1) + { + DBG1(DBG_IMC, " waiting for write event on history.log ..."); + + res = poll(fds, nfds, -1); + if (res == -1) + { + DBG1(DBG_IMC, " poll failed: %s", strerror(errno)); + if (errno == EINTR) + { + continue; + } + goto end; + } + if (res > 0 && fds[0].revents & POLLIN) + { + DBG1(DBG_IMC, " poll successful"); + success = TRUE; + break; + } + } + +end: + close(fd); + return success; +} + +/** * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3 */ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, @@ -75,6 +155,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, TNC_ConnectionState new_state) { imc_state_t *state; + imc_swima_state_t *swima_state; + imc_swima_subscription_t *subscription; + TNC_IMV_Evaluation_Result res; + TNC_Result result; + uint32_t eid, eid_epoch; if (!imc_swima) { @@ -86,14 +171,42 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, case TNC_CONNECTION_STATE_CREATE: state = imc_swima_state_create(connection_id); return imc_swima->create_state(imc_swima, state); - case TNC_CONNECTION_STATE_HANDSHAKE: - if (imc_swima->change_state(imc_swima, connection_id, new_state, - &state) != TNC_RESULT_SUCCESS) + case TNC_CONNECTION_STATE_ACCESS_ALLOWED: + case TNC_CONNECTION_STATE_ACCESS_ISOLATED: + case TNC_CONNECTION_STATE_ACCESS_NONE: + /* get updated IMC state */ + result = imc_swima->change_state(imc_swima, connection_id, + new_state, &state); + if (result != TNC_RESULT_SUCCESS) { return TNC_RESULT_FATAL; } - state->set_result(state, imc_id, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); + swima_state = (imc_swima_state_t*)state; + + /* do a handshake retry? */ + if (swima_state->get_subscription(swima_state, &subscription)) + { + /* update earliest EID in subscription target */ + if (state->get_result(state, imc_id, &res) && + res == TNC_IMV_EVALUATION_RESULT_COMPLIANT) + { + eid = subscription->targets->get_eid(subscription->targets, + &eid_epoch); + if (eid > 0) + { + eid = swima_state->get_earliest_eid(swima_state); + subscription->targets->set_eid(subscription->targets, eid, + eid_epoch); + } + } + DBG1(DBG_IMC, "SWIMA subscription %u:", subscription->request_id); + if (!poll_history_log()) + { + return TNC_RESULT_FATAL; + } + return imc_swima->request_handshake_retry(imc_id, connection_id, + TNC_RETRY_REASON_IMC_PERIODIC); + } return TNC_RESULT_SUCCESS; case TNC_CONNECTION_STATE_DELETE: return imc_swima->delete_state(imc_swima, connection_id); @@ -104,61 +217,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, } /** - * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 - */ -TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, - TNC_ConnectionID connection_id) -{ - imc_state_t *state; - imc_msg_t *out_msg; - pa_tnc_attr_t *attr; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; - size_t max_seg_size; - char buf[BUF_LEN]; - TNC_Result result = TNC_RESULT_SUCCESS; - - if (!imc_swima) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - if (!imc_swima->get_state(imc_swima, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMV */ - contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, - TRUE, imc_id, TRUE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMC, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); - - /* send PA-TNC message with the excl flag not set */ - out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, - TNC_IMVID_ANY, msg_types[0]); - out_msg->add_attribute(out_msg, attr); - result = out_msg->send(out_msg, FALSE); - out_msg->destroy(out_msg); - - return result; -} - -/** * Add SWID Inventory or Event attribute to the send queue */ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, - uint32_t request_id, bool sw_id_only, - swima_inventory_t *targets) + uint32_t request_id, bool sw_id_only, + swima_inventory_t *targets) { pa_tnc_attr_t *attr; swima_collector_t *collector; @@ -174,6 +237,8 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, { swima_events_t *sw_ev; ietf_swima_attr_sw_ev_t *sw_ev_attr; + imc_swima_state_t *swima_state; + uint32_t eid_epoch, last_eid = 0; sw_ev = collector->collect_events(collector, sw_id_only, targets); if (!sw_ev) @@ -185,8 +250,14 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, } else { items = sw_ev->get_count(sw_ev); - DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str, - items == 1 ? "" : "s"); + last_eid = sw_ev->get_eid(sw_ev, &eid_epoch, NULL); + + DBG1(DBG_IMC, "collected %d SW%s event%s at last eid %d of epoch 0x%08x", + items, id_str, items == 1 ? "" : "s", last_eid, eid_epoch); + + /* Store the earliest EID for the next subscription round */ + swima_state = (imc_swima_state_t*)state; + swima_state->set_earliest_eid(swima_state, last_eid + 1); /* Send an IETF SW [Identity] Events attribute */ attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, @@ -226,9 +297,78 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg, collector->destroy(collector); } +/** + * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3 + */ +TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, + TNC_ConnectionID connection_id) +{ + imc_state_t *state; + imc_swima_state_t *swima_state; + imc_msg_t *out_msg; + pa_tnc_attr_t *attr; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + imc_swima_subscription_t *subscription; + size_t max_attr_size = SWIMA_MAX_ATTR_SIZE; + size_t max_seg_size; + char buf[BUF_LEN]; + TNC_Result result = TNC_RESULT_SUCCESS; + + if (!imc_swima) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_swima->get_state(imc_swima, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + swima_state = (imc_swima_state_t*)state; + + if (swima_state->get_subscription(swima_state, &subscription)) + { + if (system(SW_COLLECTOR) != 0) + { + DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR); + return TNC_RESULT_FATAL; + } + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + subscription->imv_id, msg_types[0]); + fulfill_request(state, out_msg, subscription->request_id, + subscription->sw_id_only, subscription->targets); + } + else + { + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMV */ + contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size, + TRUE, imc_id, TRUE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMC, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE); + + /* send PA-TNC message with the excl flag not set */ + out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + out_msg->add_attribute(out_msg, attr); + } + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; +} + static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { imc_msg_t *out_msg; + imc_swima_state_t *swima_state; pa_tnc_attr_t *attr; enumerator_t *enumerator; pen_type_t type; @@ -255,7 +395,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) uint32_t request_id; bool sw_id_only; swima_inventory_t *targets; - type = attr->get_type(attr); if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SWIMA_REQUEST) @@ -267,15 +406,55 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) flags = attr_req->get_flags(attr_req); request_id = attr_req->get_request_id(attr_req); targets = attr_req->get_targets(attr_req); + sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C)) { - attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED, - request_id, 0, "no subscription available yet"); - out_msg->add_attribute(out_msg, attr); - break; + if (imc_swima->has_pt_tls(imc_swima) && + lib->settings->get_bool(lib->settings, + "%s.plugins.imc-swima.subscriptions", FALSE, lib->ns)) + { + imc_swima_subscription_t *subscription; + + swima_state = (imc_swima_state_t*)state; + + if (flags & IETF_SWIMA_ATTR_REQ_FLAG_C) + { + if (swima_state->get_subscription(swima_state, &subscription)) + { + DBG1(DBG_IMC, "SWIMA subscription %u cleared", + subscription->request_id); + swima_state->set_subscription(swima_state, NULL, FALSE); + } + } + else + { + INIT(subscription, + .imv_id = in_msg->get_src_id(in_msg), + .request_id = request_id, + .targets = targets->get_ref(targets), + .sw_id_only = sw_id_only, + ); + + swima_state->set_subscription(swima_state, subscription, + TRUE); + DBG1(DBG_IMC, "SWIMA subscription %u established", + subscription->request_id); + if (system(SW_COLLECTOR) != 0) + { + DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR); + out_msg->destroy(out_msg); + return TNC_RESULT_FATAL; + } + } + } + else + { + attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED, + request_id, 0, "subscriptions not enabled"); + out_msg->add_attribute(out_msg, attr); + } } - sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R); fulfill_request(state, out_msg, request_id, sw_id_only, targets); break; diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c index 70b2434a4..55d887055 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima_state.c +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c @@ -65,8 +65,33 @@ struct private_imc_swima_state_t { * PA-TNC attribute segmentation contracts associated with TNCCS connection */ seg_contract_manager_t *contracts; + + /** + * Has a subscription been established? + */ + bool has_subscription; + + /** + * State information on subscriptions + */ + imc_swima_subscription_t *subscription; + + /** + * Earliest EID for the next subscription round + */ + uint32_t earliest_eid; + }; +static void free_subscription(imc_swima_subscription_t *this) +{ + if (this) + { + this->targets->destroy(this->targets); + free(this); + } +} + METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, private_imc_swima_state_t *this) { @@ -110,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -134,13 +163,59 @@ METHOD(imc_state_t, get_result, bool, return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_swima_state_t *this) +{ + this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; +} + METHOD(imc_state_t, destroy, void, private_imc_swima_state_t *this) { + free(this->subscription); this->contracts->destroy(this->contracts); free(this); } +METHOD(imc_swima_state_t, set_subscription, void, + private_imc_swima_state_t *this, imc_swima_subscription_t *subscription, + bool set) +{ + free_subscription(this->subscription); + this->has_subscription = set; + + if (set) + { + this->subscription = subscription; + } + else + { + this->subscription = NULL; + } +} + +METHOD(imc_swima_state_t, get_subscription, bool, + private_imc_swima_state_t *this, imc_swima_subscription_t **subscription) +{ + if (subscription) + { + *subscription = this->subscription; + } + return this->has_subscription; +} + +METHOD(imc_swima_state_t, set_earliest_eid, void, + private_imc_swima_state_t *this, uint32_t eid) +{ + this->earliest_eid = eid; +} + +METHOD(imc_swima_state_t, get_earliest_eid, uint32_t, + private_imc_swima_state_t *this) +{ + return this->earliest_eid; +} + /** * Described in header. */ @@ -161,15 +236,20 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id) .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, + .set_subscription = _set_subscription, + .get_subscription = _get_subscription, + .set_earliest_eid = _set_earliest_eid, + .get_earliest_eid = _get_earliest_eid, }, .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, .contracts = seg_contract_manager_create(), ); - + return &this->public.interface; } diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h index 4e4e3b1bf..92a674ff8 100644 --- a/src/libimcv/plugins/imc_swima/imc_swima_state.h +++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h @@ -25,9 +25,38 @@ #define IMC_SWIMA_STATE_H_ #include <imc/imc_state.h> +#include <swima/swima_inventory.h> #include <library.h> typedef struct imc_swima_state_t imc_swima_state_t; +typedef struct imc_swima_subscription_t imc_swima_subscription_t; + +/** + * State information on subscriptions + */ +struct imc_swima_subscription_t { + + /** + * IMV which sent the subscription request + */ + TNC_IMVID imv_id; + + /** + * SWIMA Request ID + */ + uint32_t request_id; + + /** + * SWIMA Request targets + */ + swima_inventory_t *targets; + + /** + * Retrieve SW Identifieres only + */ + bool sw_id_only; + +}; /** * Internal state of an imc_swima_t connection instance @@ -39,6 +68,37 @@ struct imc_swima_state_t { */ imc_state_t interface; + /** + * Set or clear a subscription + * + * @param subscription state information on subscription + * @param set TRUE sets and FALSE clears a subscripton + */ + void (*set_subscription)(imc_swima_state_t *this, + imc_swima_subscription_t *subscription, bool set); + + /** + * Get the subscription status + * + * @param subscription state information on subscription + * @return TRUE if subscription is set + */ + bool (*get_subscription)(imc_swima_state_t *this, + imc_swima_subscription_t**subscription); + + /** + * Set the earliest EID for the next subscription round + * + * @param eid Earliest EID for events or 0 for inventories + */ + void (*set_earliest_eid)(imc_swima_state_t *this, uint32_t eid); + + /** + * Get earliest EID for the next subscription round + * + * @return Earliest EID for events or 0 for inventories + */ + uint32_t (*get_earliest_eid)(imc_swima_state_t *this); }; /** diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag deleted file mode 100644 index 4ce168623..000000000 --- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<SoftwareIdentity - name="strongSwan" - tagId="strongSwan-5-6-3" - version="5.6.3" versionScheme="alphanumeric" - xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> - <Entity - name="strongSwan Project" - regid="strongswan.org" - role="softwareCreator licensor tagCreator"/> -</SoftwareIdentity> diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag index 4ce168623..fa6e121b5 100644 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> <SoftwareIdentity name="strongSwan" - tagId="strongSwan-5-6-3" - version="5.6.3" versionScheme="alphanumeric" + tagId="strongSwan-5-7-0" + version="5.7.0" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> <Entity name="strongSwan Project" diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index fc6d2f6fb..2231f93bc 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index 047c82502..86d59a76a 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imc_state_t, change_state, void, +METHOD(imc_state_t, change_state, TNC_ConnectionState, private_imc_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imc_state_t, set_result, void, @@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool, return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW; } +METHOD(imc_state_t, reset, void, + private_imc_test_state_t *this) +{ + /* nothing to reset */ +} + METHOD(imc_state_t, destroy, void, private_imc_test_state_t *this) { @@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, + .reset = _reset, .destroy = _destroy, }, .get_command = _get_command, diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index f9eb9d6ed..98930d3f3 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -322,7 +322,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -348,6 +347,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -368,8 +369,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -424,8 +423,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -454,8 +451,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index fb894f393..bc435df7f 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -187,7 +187,7 @@ char* print_cfn(pts_comp_func_name_t *cfn) int type, vid, name, qualifier, n; enum_name_t *names, *types; - vid = cfn->get_vendor_id(cfn), + vid = cfn->get_vendor_id(cfn); name = cfn->get_name(cfn); qualifier = cfn->get_qualifier(cfn); n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier); diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c index d63940797..3d9e0ab1f 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c @@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_attestation_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_ATTESTATION_STATE_INIT; + this->measurement_error = 0; + this->components->destroy_function(this->components, (void *)free_func_comp); + this->components = linked_list_create(); + this->pts->destroy(this->pts); + this->pts = pts_create(FALSE); +} + METHOD(imv_state_t, destroy, void, private_imv_attestation_state_t *this) { @@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .get_handshake_state = _get_handshake_state, diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index 99bf6d916..7bf503e0c 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c index bfe6dd619..e2b6eaed9 100644 --- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c +++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c @@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_hcd_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_hcd_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->handshake_state = IMV_HCD_STATE_INIT; + this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE; + this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY; + this->action_flags = &this->subtype_action_flags[0].action_flags; +} + METHOD(imv_state_t, destroy, void, private_imv_hcd_state_t *this) { @@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index d5a6f07f1..4e8f8ea19 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c index 3fa3d0965..bb1e8a806 100644 --- a/src/libimcv/plugins/imv_os/imv_os_agent.c +++ b/src/libimcv/plugins/imv_os/imv_os_agent.c @@ -539,7 +539,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, /* Determine maximum PA-TNC attribute segment size */ max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE + - PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE - TCG_SEG_ATTR_SEG_ENV_HEADER; @@ -614,7 +614,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (result != TNC_RESULT_SUCCESS) { return result; - } + } return this->agent->provide_recommendation(this->agent, state); } else @@ -686,7 +686,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { continue; } - eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; switch (workitem->get_type(workitem)) { @@ -721,7 +720,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, TNC_IMV_EVALUATION_RESULT_COMPLIANT; snprintf(result_str, BUF_LEN, "unknown sources%s enabled", fail ? "" : " not"); - break; + break; case IMV_WORKITEM_FORWARDING: if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED)) { @@ -749,14 +748,11 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, default: continue; } - if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW) - { - session->remove_workitem(session, enumerator); - rec = workitem->set_result(workitem, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - } + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); } enumerator->destroy(enumerator); @@ -772,7 +768,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, return result; } return this->agent->provide_recommendation(this->agent, state); - } + } } /* send non-empty PA-TNC message with excl flag not set */ diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index af5daf0fc..dd8fcf594 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_os_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_reason_string, bool, @@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_os_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_OS_STATE_INIT; + this->count = 0; + this->count_security = 0; + this->count_blacklist = 0; + this->count_ok = 0; + this->os_settings = 0; + this->missing = 0; + + this->update_packages->destroy_function(this->update_packages, free); + this->remove_packages->destroy_function(this->remove_packages, free); + this->update_packages = linked_list_create(); + this->remove_packages = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_os_state_t *this) { @@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 2649f499d..7c31a23fa 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 8f9593f17..64ab5c4eb 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return TRUE; } +METHOD(imv_state_t, reset, void, + private_imv_scanner_state_t *this) +{ + DESTROY_IF(this->reason_string); + DESTROY_IF(this->remediation_string); + this->reason_string = NULL; + this->remediation_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SCANNER_STATE_INIT; + + DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->port_filter_attr = NULL; + this->violating_ports->destroy_function(this->violating_ports, free); + this->violating_ports = linked_list_create(); +} + METHOD(imv_state_t, destroy, void, private_imv_scanner_state_t *this) { @@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, @@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) return &this->public.interface; } - - diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am deleted file mode 100644 index e573ea0d8..000000000 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtpmtss \ - -I$(top_srcdir)/src/libimcv - -AM_CFLAGS = \ - $(PLUGIN_CFLAGS) $(json_CFLAGS) - -imcv_LTLIBRARIES = imv-swid.la - -imv_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(json_LIBS) - -imv_swid_la_SOURCES = \ - imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c - -imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c deleted file mode 100644 index 2884a169c..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c +++ /dev/null @@ -1,727 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include <stdio.h> - -#include "imv_swid_agent.h" -#include "imv_swid_state.h" - -#include <imcv.h> -#include <imv/imv_agent.h> -#include <imv/imv_msg.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include "rest/rest.h" -#include "tcg/seg/tcg_seg_attr_max_size.h" -#include "tcg/seg/tcg_seg_attr_seg_env.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "swid/swid_error.h" -#include "swid/swid_inventory.h" - -#include <tncif_names.h> -#include <tncif_pa_subtypes.h> - -#include <pen/pen.h> -#include <utils/debug.h> -#include <bio/bio_reader.h> - -typedef struct private_imv_swid_agent_t private_imv_swid_agent_t; - -/* Subscribed PA-TNC message subtypes */ -static pen_type_t msg_types[] = { - { PEN_TCG, PA_SUBTYPE_TCG_SWID } -}; - -/** - * Flag set when corresponding attribute has been received - */ -enum imv_swid_attr_t { - IMV_SWID_ATTR_TAG_INV = (1<<0), - IMV_SWID_ATTR_TAG_ID_INV = (1<<1) -}; - -/** - * Private data of an imv_swid_agent_t object. - */ -struct private_imv_swid_agent_t { - - /** - * Public members of imv_swid_agent_t - */ - imv_agent_if_t public; - - /** - * IMV agent responsible for generic functions - */ - imv_agent_t *agent; - - /** - * REST API to strongTNC manager - */ - rest_t *rest_api; - -}; - -METHOD(imv_agent_if_t, bind_functions, TNC_Result, - private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function) -{ - return this->agent->bind_functions(this->agent, bind_function); -} - -METHOD(imv_agent_if_t, notify_connection_change, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_ConnectionState new_state) -{ - imv_state_t *state; - - switch (new_state) - { - case TNC_CONNECTION_STATE_CREATE: - state = imv_swid_state_create(id); - return this->agent->create_state(this->agent, state); - case TNC_CONNECTION_STATE_DELETE: - return this->agent->delete_state(this->agent, id); - default: - return this->agent->change_state(this->agent, id, new_state, NULL); - } -} - -/** - * Process a received message - */ -static TNC_Result receive_msg(private_imv_swid_agent_t *this, - imv_state_t *state, imv_msg_t *in_msg) -{ - imv_swid_state_t *swid_state; - imv_msg_t *out_msg; - enumerator_t *enumerator; - pa_tnc_attr_t *attr; - TNC_Result result; - bool fatal_error = FALSE; - - /* generate an outgoing PA-TNC message - we might need it */ - out_msg = imv_msg_create_as_reply(in_msg); - - /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, out_msg, &fatal_error); - if (result != TNC_RESULT_SUCCESS) - { - out_msg->destroy(out_msg); - return result; - } - - swid_state = (imv_swid_state_t*)state; - - /* analyze PA-TNC attributes */ - enumerator = in_msg->create_attribute_enumerator(in_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - uint32_t request_id = 0, last_eid, eid_epoch; - swid_inventory_t *inventory; - pen_type_t type; - - type = attr->get_type(attr); - - if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR) - { - ietf_attr_pa_tnc_error_t *error_attr; - pen_type_t error_code; - chunk_t msg_info, description; - bio_reader_t *reader; - uint32_t max_attr_size; - bool success; - - error_attr = (ietf_attr_pa_tnc_error_t*)attr; - error_code = error_attr->get_error_code(error_attr); - - if (error_code.vendor_id == PEN_TCG) - { - fatal_error = TRUE; - msg_info = error_attr->get_msg_info(error_attr); - reader = bio_reader_create(msg_info); - success = reader->read_uint32(reader, &request_id); - - DBG1(DBG_IMV, "received TCG error '%N' for request %d", - swid_error_code_names, error_code.type, request_id); - if (!success) - { - reader->destroy(reader); - continue; - } - if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE) - { - if (!reader->read_uint32(reader, &max_attr_size)) - { - reader->destroy(reader); - continue; - } - DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes", - max_attr_size); - } - description = reader->peek(reader); - if (description.len) - { - DBG1(DBG_IMV, " description: %.*s", description.len, - description.ptr); - } - reader->destroy(reader); - } - } - else if (type.vendor_id != PEN_TCG) - { - continue; - } - - switch (type.type) - { - case TCG_SWID_TAG_ID_INVENTORY: - { - tcg_swid_attr_tag_id_inv_t *attr_cast; - uint32_t missing; - int tag_id_count; - - state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV); - - attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr; - request_id = attr_cast->get_request_id(attr_cast); - last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); - inventory = attr_cast->get_inventory(attr_cast); - tag_id_count = inventory->get_count(inventory); - missing = attr_cast->get_tag_id_count(attr_cast); - swid_state->set_missing(swid_state, missing); - - DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s " - "for request %d at eid %d of epoch 0x%08x, %d item%s to " - "follow", tag_id_count, (tag_id_count == 1) ? "" : "s", - request_id, last_eid, eid_epoch, missing, - (missing == 1) ? "" : "s"); - - if (request_id == swid_state->get_request_id(swid_state)) - { - swid_state->set_swid_inventory(swid_state, inventory); - swid_state->set_count(swid_state, tag_id_count, 0, - in_msg->get_src_id(in_msg)); - } - else - { - DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory " - "with request ID %d", request_id); - } - attr_cast->clear_inventory(attr_cast); - break; - } - case TCG_SWID_TAG_INVENTORY: - { - tcg_swid_attr_tag_inv_t *attr_cast; - swid_tag_t *tag; - chunk_t tag_encoding; - json_object *jobj, *jarray, *jstring; - char *tag_str; - uint32_t missing; - int tag_count; - enumerator_t *e; - - state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV); - - attr_cast = (tcg_swid_attr_tag_inv_t*)attr; - request_id = attr_cast->get_request_id(attr_cast); - last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); - inventory = attr_cast->get_inventory(attr_cast); - tag_count = inventory->get_count(inventory); - missing = attr_cast->get_tag_count(attr_cast); - swid_state->set_missing(swid_state, missing); - - DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for " - "request %d at eid %d of epoch 0x%08x, %d item%s to follow", - tag_count, (tag_count == 1) ? "" : "s", request_id, - last_eid, eid_epoch, missing, (missing == 1) ? "" : "s"); - - if (request_id == swid_state->get_request_id(swid_state)) - { - swid_state->set_count(swid_state, 0, tag_count, - in_msg->get_src_id(in_msg)); - - if (this->rest_api) - { - jobj = json_object_new_object(); - jarray = json_object_new_array(); - json_object_object_add(jobj, "data", jarray); - - e = inventory->create_enumerator(inventory); - while (e->enumerate(e, &tag)) - { - tag_encoding = tag->get_encoding(tag); - tag_str = strndup(tag_encoding.ptr, tag_encoding.len); - DBG3(DBG_IMV, "%s", tag_str); - jstring = json_object_new_string(tag_str); - json_object_array_add(jarray, jstring); - free(tag_str); - } - e->destroy(e); - - if (this->rest_api->post(this->rest_api, - "swid/add-tags/", jobj, NULL) != SUCCESS) - { - DBG1(DBG_IMV, "error in REST API add-tags request"); - } - json_object_put(jobj); - } - } - else - { - DBG1(DBG_IMV, "no workitem found for SWID tag inventory " - "with request ID %d", request_id); - } - attr_cast->clear_inventory(attr_cast); - break; - } - default: - break; - } - } - enumerator->destroy(enumerator); - - if (fatal_error) - { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - result = out_msg->send_assessment(out_msg); - if (result == TNC_RESULT_SUCCESS) - { - result = this->agent->provide_recommendation(this->agent, state); - } - } - else - { - /* send PA-TNC message with the EXCL flag set */ - result = out_msg->send(out_msg, TRUE); - } - out_msg->destroy(out_msg); - - return result; -} - -METHOD(imv_agent_if_t, receive_message, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_MessageType msg_type, chunk_t msg) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg); - result = receive_msg(this, state, in_msg); - in_msg->destroy(in_msg); - - return result; -} - -METHOD(imv_agent_if_t, receive_message_long, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id, - TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, - TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg) -{ - imv_state_t *state; - imv_msg_t *in_msg; - TNC_Result result; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - in_msg = imv_msg_create_from_long_data(this->agent, state, id, - src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg); - result = receive_msg(this, state, in_msg); - in_msg->destroy(in_msg); - - return result; - -} - -METHOD(imv_agent_if_t, batch_ending, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id) -{ - imv_msg_t *out_msg; - imv_state_t *state; - imv_session_t *session; - imv_workitem_t *workitem; - imv_swid_state_t *swid_state; - imv_swid_handshake_state_t handshake_state; - pa_tnc_attr_t *attr; - TNC_IMVID imv_id; - TNC_Result result = TNC_RESULT_SUCCESS; - bool no_workitems = TRUE; - uint32_t request_id, received; - uint8_t flags; - enumerator_t *enumerator; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - swid_state = (imv_swid_state_t*)state; - handshake_state = swid_state->get_handshake_state(swid_state); - session = state->get_session(state); - imv_id = this->agent->get_id(this->agent); - - if (handshake_state == IMV_SWID_STATE_END) - { - return TNC_RESULT_SUCCESS; - } - - /* Create an empty out message - we might need it */ - out_msg = imv_msg_create(this->agent, state, id, imv_id, - swid_state->get_imc_id(swid_state), - msg_types[0]); - - if (!imcv_db) - { - DBG2(DBG_IMV, "no workitems available - no evaluation possible"); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END); - - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return this->agent->provide_recommendation(this->agent, state); - } - - /* Look for SWID tag workitem and create SWID tag request */ - if (handshake_state == IMV_SWID_STATE_INIT && - session->get_policy_started(session)) - { - size_t max_attr_size = SWID_MAX_ATTR_SIZE; - size_t max_seg_size; - seg_contract_t *contract; - seg_contract_manager_t *contracts; - char buf[BUF_LEN]; - - enumerator = session->create_workitem_enumerator(session); - if (enumerator) - { - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY || - workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS) - { - continue; - } - - flags = TCG_SWID_ATTR_REQ_FLAG_NONE; - if (strchr(workitem->get_arg_str(workitem), 'R')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_R; - } - if (strchr(workitem->get_arg_str(workitem), 'S')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_S; - } - if (strchr(workitem->get_arg_str(workitem), 'C')) - { - flags |= TCG_SWID_ATTR_REQ_FLAG_C; - } - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMC */ - contract = seg_contract_create(msg_types[0], max_attr_size, - max_seg_size, TRUE, imv_id, FALSE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMV, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, - max_seg_size, TRUE); - out_msg->add_attribute(out_msg, attr); - - /* Issue a SWID request */ - request_id = workitem->get_id(workitem); - swid_state->set_request_id(swid_state, request_id); - attr = tcg_swid_attr_req_create(flags, request_id, 0); - out_msg->add_attribute(out_msg, attr); - workitem->set_imv_id(workitem, imv_id); - no_workitems = FALSE; - DBG2(DBG_IMV, "IMV %d issues SWID request %d", - imv_id, request_id); - break; - } - enumerator->destroy(enumerator); - - if (no_workitems) - { - DBG2(DBG_IMV, "IMV %d has no workitems - " - "no evaluation requested", imv_id); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ALLOW, - TNC_IMV_EVALUATION_RESULT_DONT_KNOW); - } - handshake_state = IMV_SWID_STATE_WORKITEMS; - swid_state->set_handshake_state(swid_state, handshake_state); - } - } - - received = state->get_action_flags(state); - - if (handshake_state == IMV_SWID_STATE_WORKITEMS && - (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) && - swid_state->get_missing(swid_state) == 0) - { - TNC_IMV_Evaluation_Result eval; - TNC_IMV_Action_Recommendation rec; - char result_str[BUF_LEN], *error_str = "", *command; - char *target, *separator; - int tag_id_count, tag_count, i; - chunk_t tag_creator, unique_sw_id; - json_object *jrequest, *jresponse, *jvalue; - tcg_swid_attr_req_t *cast_attr; - swid_tag_id_t *tag_id; - status_t status = SUCCESS; - - if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV)) - { - if (asprintf(&command, "sessions/%d/swid-measurement/", - session->get_session_id(session, NULL, NULL)) < 0) - { - error_str = "allocation of command string failed"; - status = FAILED; - } - else - { - jrequest = swid_state->get_swid_inventory(swid_state); - status = this->rest_api->post(this->rest_api, command, - jrequest, &jresponse); - if (status == FAILED) - { - error_str = "error in REST API swid-measurement request"; - } - free(command); - } - } - - switch (status) - { - case SUCCESS: - enumerator = session->create_workitem_enumerator(session); - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) - { - swid_state->get_count(swid_state, &tag_id_count, - &tag_count); - snprintf(result_str, BUF_LEN, "received inventory of " - "%d SWID tag ID%s and %d SWID tag%s", - tag_id_count, (tag_id_count == 1) ? "" : "s", - tag_count, (tag_count == 1) ? "" : "s"); - session->remove_workitem(session, enumerator); - - eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; - rec = workitem->set_result(workitem, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - break; - } - } - enumerator->destroy(enumerator); - break; - case NEED_MORE: - if (received & IMV_SWID_ATTR_TAG_INV) - { - error_str = "not all requested SWID tags were received"; - status = FAILED; - json_object_put(jresponse); - break; - } - if (json_object_get_type(jresponse) != json_type_array) - { - error_str = "response was not a json_array"; - status = FAILED; - json_object_put(jresponse); - break; - } - - /* Create a TCG SWID Request attribute */ - attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE, - swid_state->get_request_id(swid_state), 0); - tag_id_count = json_object_array_length(jresponse); - DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count, - (tag_id_count == 1) ? "" : "s"); - swid_state->set_missing(swid_state, tag_id_count); - - for (i = 0; i < tag_id_count; i++) - { - jvalue = json_object_array_get_idx(jresponse, i); - if (json_object_get_type(jvalue) != json_type_string) - { - error_str = "json_string element expected in json_array"; - status = FAILED; - json_object_put(jresponse); - break; - } - target = (char*)json_object_get_string(jvalue); - DBG1(DBG_IMV, " %s", target); - - /* Separate target into tag_creator and unique_sw_id */ - separator = strstr(target, "__"); - if (!separator) - { - error_str = "separation of regid from " - "unique software ID failed"; - break; - } - tag_creator = chunk_create(target, separator - target); - separator += 2; - unique_sw_id = chunk_create(separator, strlen(target) - - tag_creator.len - 2); - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, - chunk_empty); - cast_attr = (tcg_swid_attr_req_t*)attr; - cast_attr->add_target(cast_attr, tag_id); - } - json_object_put(jresponse); - - out_msg->add_attribute(out_msg, attr); - break; - case FAILED: - default: - break; - } - - if (status == FAILED) - { - enumerator = session->create_workitem_enumerator(session); - while (enumerator->enumerate(enumerator, &workitem)) - { - if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) - { - session->remove_workitem(session, enumerator); - eval = TNC_IMV_EVALUATION_RESULT_ERROR; - rec = workitem->set_result(workitem, error_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); - break; - } - } - enumerator->destroy(enumerator); - } - } - - /* finalized all workitems ? */ - if (handshake_state == IMV_SWID_STATE_WORKITEMS && - session->get_workitem_count(session, imv_id) == 0) - { - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END); - - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - return this->agent->provide_recommendation(this->agent, state); - } - - /* send non-empty PA-TNC message with excl flag not set */ - if (out_msg->get_attribute_count(out_msg)) - { - result = out_msg->send(out_msg, FALSE); - } - out_msg->destroy(out_msg); - - return result; -} - -METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, - private_imv_swid_agent_t *this, TNC_ConnectionID id) -{ - imv_state_t *state; - - if (!this->agent->get_state(this->agent, id, &state)) - { - return TNC_RESULT_FATAL; - } - return this->agent->provide_recommendation(this->agent, state); -} - -METHOD(imv_agent_if_t, destroy, void, - private_imv_swid_agent_t *this) -{ - DESTROY_IF(this->rest_api); - this->agent->destroy(this->agent); - free(this); -} - -/** - * Described in header. - */ -imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, - TNC_Version *actual_version) -{ - private_imv_swid_agent_t *this; - imv_agent_t *agent; - char *rest_api_uri; - u_int rest_api_timeout; - - agent = imv_agent_create(name, msg_types, countof(msg_types), id, - actual_version); - if (!agent) - { - return NULL; - } - agent->add_non_fatal_attr_type(agent, - pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); - - INIT(this, - .public = { - .bind_functions = _bind_functions, - .notify_connection_change = _notify_connection_change, - .receive_message = _receive_message, - .receive_message_long = _receive_message_long, - .batch_ending = _batch_ending, - .solicit_recommendation = _solicit_recommendation, - .destroy = _destroy, - }, - .agent = agent, - ); - - rest_api_uri = lib->settings->get_str(lib->settings, - "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns); - rest_api_timeout = lib->settings->get_int(lib->settings, - "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns); - if (rest_api_uri) - { - this->rest_api = rest_create(rest_api_uri, rest_api_timeout); - } - - return &this->public; -} - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h deleted file mode 100644 index 4218040bc..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_agent.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imv_swid_agent_t imv_swid_agent - * @{ @ingroup imv_swid - */ - -#ifndef IMV_SWID_AGENT_H_ -#define IMV_SWID_AGENT_H_ - -#include <imv/imv_agent_if.h> - -/** - * Creates an SWID IMV agent - * - * @param name Name of the IMV - * @param id ID of the IMV - * @param actual_version TNC IF-IMV version - */ -imv_agent_if_t* imv_swid_agent_create(const char* name, TNC_IMVID id, - TNC_Version *actual_version); - -#endif /** IMV_SWID_AGENT_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c deleted file mode 100644 index 50e9f489a..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "imv_swid_state.h" - -#include <imv/imv_lang_string.h> -#include <imv/imv_reason_string.h> -#include <imv/imv_remediation_string.h> -#include <swid/swid_tag_id.h> - -#include <tncif_policy.h> - -#include <utils/lexparser.h> -#include <utils/debug.h> - -typedef struct private_imv_swid_state_t private_imv_swid_state_t; - -/** - * Private data of an imv_swid_state_t object. - */ -struct private_imv_swid_state_t { - - /** - * Public members of imv_swid_state_t - */ - imv_swid_state_t public; - - /** - * TNCCS connection ID - */ - TNC_ConnectionID connection_id; - - /** - * TNCCS connection state - */ - TNC_ConnectionState state; - - /** - * Does the TNCCS connection support long message types? - */ - bool has_long; - - /** - * Does the TNCCS connection support exclusive delivery? - */ - bool has_excl; - - /** - * Maximum PA-TNC message size for this TNCCS connection - */ - uint32_t max_msg_len; - - /** - * Flags set for completed actions - */ - uint32_t action_flags; - - /** - * IMV database session associated with TNCCS connection - */ - imv_session_t *session; - - /** - * PA-TNC attribute segmentation contracts associated with TNCCS connection - */ - seg_contract_manager_t *contracts; - - /** - * IMV action recommendation - */ - TNC_IMV_Action_Recommendation rec; - - /** - * IMV evaluation result - */ - TNC_IMV_Evaluation_Result eval; - - /** - * IMV Scanner handshake state - */ - imv_swid_handshake_state_t handshake_state; - - /** - * TNC Reason String - */ - imv_reason_string_t *reason_string; - - /** - * IETF Remediation Instructions String - */ - imv_remediation_string_t *remediation_string; - - /** - * SWID Tag Request ID - */ - uint32_t request_id; - - /** - * Number of processed SWID Tag IDs - */ - int tag_id_count; - - /** - * Number of processed SWID Tags - */ - int tag_count; - - /** - * Number of missing SWID Tags or Tag IDs - */ - uint32_t missing; - - /** - * SWID IMC ID - */ - TNC_UInt32 imc_id; - - /** - * Top level JSON object - */ - json_object *jobj; - - /** - * JSON array containing an inventory of SWID Tag IDs - */ - json_object *jarray; - -}; - -METHOD(imv_state_t, get_connection_id, TNC_ConnectionID, - private_imv_swid_state_t *this) -{ - return this->connection_id; -} - -METHOD(imv_state_t, has_long, bool, - private_imv_swid_state_t *this) -{ - return this->has_long; -} - -METHOD(imv_state_t, has_excl, bool, - private_imv_swid_state_t *this) -{ - return this->has_excl; -} - -METHOD(imv_state_t, set_flags, void, - private_imv_swid_state_t *this, bool has_long, bool has_excl) -{ - this->has_long = has_long; - this->has_excl = has_excl; -} - -METHOD(imv_state_t, set_max_msg_len, void, - private_imv_swid_state_t *this, uint32_t max_msg_len) -{ - this->max_msg_len = max_msg_len; -} - -METHOD(imv_state_t, get_max_msg_len, uint32_t, - private_imv_swid_state_t *this) -{ - return this->max_msg_len; -} - -METHOD(imv_state_t, set_action_flags, void, - private_imv_swid_state_t *this, uint32_t flags) -{ - this->action_flags |= flags; -} - -METHOD(imv_state_t, get_action_flags, uint32_t, - private_imv_swid_state_t *this) -{ - return this->action_flags; -} - -METHOD(imv_state_t, set_session, void, - private_imv_swid_state_t *this, imv_session_t *session) -{ - this->session = session; -} - -METHOD(imv_state_t, get_session, imv_session_t*, - private_imv_swid_state_t *this) -{ - return this->session; -} - -METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, - private_imv_swid_state_t *this) -{ - return this->contracts; -} - -METHOD(imv_state_t, change_state, void, - private_imv_swid_state_t *this, TNC_ConnectionState new_state) -{ - this->state = new_state; -} - -METHOD(imv_state_t, get_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec, - TNC_IMV_Evaluation_Result *eval) -{ - *rec = this->rec; - *eval = this->eval; -} - -METHOD(imv_state_t, set_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) -{ - this->rec = rec; - this->eval = eval; -} - -METHOD(imv_state_t, update_recommendation, void, - private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) -{ - this->rec = tncif_policy_update_recommendation(this->rec, rec); - this->eval = tncif_policy_update_evaluation(this->eval, eval); -} - -METHOD(imv_state_t, get_reason_string, bool, - private_imv_swid_state_t *this, enumerator_t *language_enumerator, - chunk_t *reason_string, char **reason_language) -{ - return FALSE; -} - -METHOD(imv_state_t, get_remediation_instructions, bool, - private_imv_swid_state_t *this, enumerator_t *language_enumerator, - chunk_t *string, char **lang_code, char **uri) -{ - return FALSE; -} - -METHOD(imv_state_t, destroy, void, - private_imv_swid_state_t *this) -{ - json_object_put(this->jobj); - DESTROY_IF(this->session); - DESTROY_IF(this->reason_string); - DESTROY_IF(this->remediation_string); - this->contracts->destroy(this->contracts); - free(this); -} - -METHOD(imv_swid_state_t, set_handshake_state, void, - private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state) -{ - this->handshake_state = new_state; -} - -METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t, - private_imv_swid_state_t *this) -{ - return this->handshake_state; -} - -METHOD(imv_swid_state_t, set_request_id, void, - private_imv_swid_state_t *this, uint32_t request_id) -{ - this->request_id = request_id; -} - -METHOD(imv_swid_state_t, get_request_id, uint32_t, - private_imv_swid_state_t *this) -{ - return this->request_id; -} - -METHOD(imv_swid_state_t, set_swid_inventory, void, - private_imv_swid_state_t *this, swid_inventory_t *inventory) -{ - chunk_t tag_creator, sw_id; - char software_id[BUF_LEN]; - json_object *jstring; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - - enumerator = inventory->create_enumerator(inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - /* Construct software ID from tag creator and unique software ID */ - tag_creator = tag_id->get_tag_creator(tag_id); - sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s__%.*s", - (int)tag_creator.len, tag_creator.ptr, - (int)sw_id.len, sw_id.ptr); - DBG3(DBG_IMV, " %s", software_id); - - /* Add software ID to JSON array */ - jstring = json_object_new_string(software_id); - json_object_array_add(this->jarray, jstring); - } - enumerator->destroy(enumerator); -} - -METHOD(imv_swid_state_t, get_swid_inventory, json_object*, - private_imv_swid_state_t *this) -{ - return this->jobj; -} - -METHOD(imv_swid_state_t, set_missing, void, - private_imv_swid_state_t *this, uint32_t count) -{ - this->missing = count; -} - -METHOD(imv_swid_state_t, get_missing, uint32_t, - private_imv_swid_state_t *this) -{ - return this->missing; -} - -METHOD(imv_swid_state_t, set_count, void, - private_imv_swid_state_t *this, int tag_id_count, int tag_count, - TNC_UInt32 imc_id) -{ - this->tag_id_count += tag_id_count; - this->tag_count += tag_count; - this->imc_id = imc_id; -} - -METHOD(imv_swid_state_t, get_count, void, - private_imv_swid_state_t *this, int *tag_id_count, int *tag_count) -{ - if (tag_id_count) - { - *tag_id_count = this->tag_id_count; - } - if (tag_count) - { - *tag_count = this->tag_count; - } -} - -METHOD(imv_swid_state_t, get_imc_id, TNC_UInt32, - private_imv_swid_state_t *this) -{ - return this->imc_id; -} - -/** - * Described in header. - */ -imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) -{ - private_imv_swid_state_t *this; - - INIT(this, - .public = { - .interface = { - .get_connection_id = _get_connection_id, - .has_long = _has_long, - .has_excl = _has_excl, - .set_flags = _set_flags, - .set_max_msg_len = _set_max_msg_len, - .get_max_msg_len = _get_max_msg_len, - .set_action_flags = _set_action_flags, - .get_action_flags = _get_action_flags, - .set_session = _set_session, - .get_session= _get_session, - .get_contracts = _get_contracts, - .change_state = _change_state, - .get_recommendation = _get_recommendation, - .set_recommendation = _set_recommendation, - .update_recommendation = _update_recommendation, - .get_reason_string = _get_reason_string, - .get_remediation_instructions = _get_remediation_instructions, - .destroy = _destroy, - }, - .set_handshake_state = _set_handshake_state, - .get_handshake_state = _get_handshake_state, - .set_request_id = _set_request_id, - .get_request_id = _get_request_id, - .set_swid_inventory = _set_swid_inventory, - .get_swid_inventory = _get_swid_inventory, - .set_missing = _set_missing, - .get_missing = _get_missing, - .set_count = _set_count, - .get_count = _get_count, - .get_imc_id = _get_imc_id, - }, - .state = TNC_CONNECTION_STATE_CREATE, - .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, - .connection_id = connection_id, - .contracts = seg_contract_manager_create(), - .imc_id = TNC_IMCID_ANY, - .jobj = json_object_new_object(), - .jarray = json_object_new_array(), - ); - - json_object_object_add(this->jobj, "data", this->jarray); - - return &this->public.interface; -} - - diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h deleted file mode 100644 index 5fe99ecdc..000000000 --- a/src/libimcv/plugins/imv_swid/imv_swid_state.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (C) 2013-2016 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup imv_swid imv_swid - * @ingroup libimcv_plugins - * - * @defgroup imv_swid_state_t imv_swid_state - * @{ @ingroup imv_swid - */ - -#ifndef IMV_SWID_STATE_H_ -#define IMV_SWID_STATE_H_ - -#include <imv/imv_state.h> -#include <swid/swid_inventory.h> -#include <library.h> - -#include <json.h> - -typedef struct imv_swid_state_t imv_swid_state_t; -typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t; - -/** - * IMV OS Handshake States (state machine) - */ -enum imv_swid_handshake_state_t { - IMV_SWID_STATE_INIT, - IMV_SWID_STATE_WORKITEMS, - IMV_SWID_STATE_END -}; - -/** - * Internal state of an imv_swid_t connection instance - */ -struct imv_swid_state_t { - - /** - * imv_state_t interface - */ - imv_state_t interface; - - /** - * Set state of the handshake - * - * @param new_state the handshake state of IMV - */ - void (*set_handshake_state)(imv_swid_state_t *this, - imv_swid_handshake_state_t new_state); - - /** - * Get state of the handshake - * - * @return the handshake state of IMV - */ - imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this); - - /** - * Set the SWID request ID - * - * @param request_id SWID request ID to be set - */ - void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id); - - /** - * Get the SWID request ID - * - * @return SWID request ID - */ - uint32_t (*get_request_id)(imv_swid_state_t *this); - - /** - * Set or extend the SWID Tag ID inventory in the state - * - * @param inventory SWID Tags ID inventory to be added - */ - void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory); - - /** - * Get the encoding of the complete SWID Tag ID inventory - * - * @return SWID Tags ID inventory as a JSON array - */ - json_object* (*get_swid_inventory)(imv_swid_state_t *this); - - /** - * Set the number of still missing SWID Tags or Tag IDs - * - * @param count Number of missing SWID Tags or Tag IDs - */ - void (*set_missing)(imv_swid_state_t *this, uint32_t count); - - /** - * Get the number of still missing SWID Tags or Tag IDs - * - * @result Number of missing SWID Tags or Tag IDs - */ - uint32_t (*get_missing)(imv_swid_state_t *this); - - /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters - * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags - * @param imc_id SWID IMC ID - */ - void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count, - TNC_UInt32 imc_id); - - /** - * Set [or with multiple attributes increment] SWID Tag [ID] counters - * - * @param tag_id_count Number of received SWID Tag IDs - * @param tag_count Number of received SWID Tags - */ - void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count); - - /** - * Get SWID IMC ID - * - * @return SWID IMC ID - */ - TNC_UInt32 (*get_imc_id)(imv_swid_state_t *this); -}; - -/** - * Create an imv_swid_state_t instance - * - * @param id connection ID - */ -imv_state_t* imv_swid_state_create(TNC_ConnectionID id); - -#endif /** IMV_SWID_STATE_H_ @}*/ diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in index e2132b576..a9c7715ec 100644 --- a/src/libimcv/plugins/imv_swima/Makefile.in +++ b/src/libimcv/plugins/imv_swima/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c index 1d9944200..52f1baf03 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c @@ -187,11 +187,17 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this, } description = reader->peek(reader); if (description.len) - { + { DBG1(DBG_IMV, " description: %.*s", description.len, description.ptr); } reader->destroy(reader); + if (error_code.type == PA_ERROR_SWIMA_SUBSCRIPTION_DENIED) + { + swima_state->set_subscription(swima_state, FALSE); + DBG1(DBG_IMV, "SWIMA subscription %u cleared", + swima_state->get_request_id(swima_state)); + } break; } case IETF_ATTR_SW_ID_INVENTORY: @@ -474,7 +480,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, seg_contract_t *contract; seg_contract_manager_t *contracts; swima_inventory_t *targets; - uint32_t earliest_eid = 0; + uint32_t old_request_id = 0, earliest_eid = 0; char buf[BUF_LEN]; enumerator = session->create_workitem_enumerator(session); @@ -487,7 +493,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { continue; } - + + earliest_eid = workitem->get_arg_int(workitem); + request_id = workitem->get_id(workitem); + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + old_request_id = swima_state->get_request_id(swima_state); + flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE; if (strchr(workitem->get_arg_str(workitem), 'R')) { @@ -496,47 +508,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (strchr(workitem->get_arg_str(workitem), 'S')) { flags |= IETF_SWIMA_ATTR_REQ_FLAG_S; + swima_state->set_subscription(swima_state, TRUE); + if (!old_request_id) + { + DBG1(DBG_IMV, "SWIMA subscription %u requested", + request_id); + } } if (strchr(workitem->get_arg_str(workitem), 'C')) { flags |= IETF_SWIMA_ATTR_REQ_FLAG_C; + swima_state->set_subscription(swima_state, FALSE); } - earliest_eid = workitem->get_arg_int(workitem); - - /* Determine maximum PA-TNC attribute segment size */ - max_seg_size = state->get_max_msg_len(state) - - PA_TNC_HEADER_SIZE - - PA_TNC_ATTR_HEADER_SIZE - - TCG_SEG_ATTR_SEG_ENV_HEADER; - - /* Announce support of PA-TNC segmentation to IMC */ - contract = seg_contract_create(msg_types[0], max_attr_size, - max_seg_size, TRUE, imv_id, FALSE); - contract->get_info_string(contract, buf, BUF_LEN, TRUE); - DBG2(DBG_IMV, "%s", buf); - contracts = state->get_contracts(state); - contracts->add_contract(contracts, contract); - attr = tcg_seg_attr_max_size_create(max_attr_size, - max_seg_size, TRUE); - out_msg->add_attribute(out_msg, attr); - - /* Issue a SWID request */ - request_id = workitem->get_id(workitem); - swima_state->set_request_id(swima_state, request_id); - attr = ietf_swima_attr_req_create(flags, request_id); - /* Request software identifier events */ - targets = swima_inventory_create(); - targets->set_eid(targets, earliest_eid, 0); - cast_attr = (ietf_swima_attr_req_t*)attr; - cast_attr->set_targets(cast_attr, targets); - targets->destroy(targets); + if (!old_request_id) + { + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN, TRUE); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + } - out_msg->add_attribute(out_msg, attr); - workitem->set_imv_id(workitem, imv_id); - no_workitems = FALSE; - DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d", - imv_id, request_id, earliest_eid); + if (!old_request_id || + !swima_state->get_subscription(swima_state)) + { + /* Issue a SWID request */ + swima_state->set_request_id(swima_state, request_id); + attr = ietf_swima_attr_req_create(flags, request_id); + + /* Request software identifier events */ + targets = swima_inventory_create(); + targets->set_eid(targets, earliest_eid, 0); + cast_attr = (ietf_swima_attr_req_t*)attr; + cast_attr->set_targets(cast_attr, targets); + targets->destroy(targets); + + out_msg->add_attribute(out_msg, attr); + DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest " + "eid %d", imv_id, request_id, earliest_eid); + } break; } enumerator->destroy(enumerator); @@ -565,7 +587,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, TNC_IMV_Action_Recommendation rec; char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command; char *target_str, *error_str = ""; - int sw_id_count, tag_count, i, res; + int sw_id_count, tag_count, i, res, written; json_object *jrequest, *jresponse, *jvalue; ietf_swima_attr_req_t *cast_attr; swima_inventory_t *targets; @@ -617,16 +639,24 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, &tag_count); if (format) { - snprintf(result_str, BUF_LEN, format, + written = snprintf(result_str, BUF_LEN, format, sw_id_count, (sw_id_count == 1) ? "" : "s", tag_count, (tag_count == 1) ? "" : "s"); } else { - snprintf(result_str, BUF_LEN, "received %d SWID tag" - "%s", tag_count, (tag_count == 1) ? "" : "s"); + written = snprintf(result_str, BUF_LEN, + "received %d SWID tag%s", + tag_count, (tag_count == 1) ? "" : "s"); } + if (swima_state->get_subscription(swima_state) && + written > 0 && written < BUF_LEN) + { + snprintf(result_str + written, BUF_LEN - written, + " from subscription %u", + swima_state->get_request_id(swima_state)); + } session->remove_workitem(session, enumerator); eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c index 03500bc2d..7d9631d3f 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_state.c +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c @@ -101,6 +101,11 @@ struct private_imv_swima_state_t { imv_remediation_string_t *remediation_string; /** + * Has a subscription been established? + */ + bool has_subscription; + + /** * SWID Tag Request ID */ uint32_t request_id; @@ -204,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_swima_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -248,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_swima_state_t *this) +{ + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->action_flags = 0; + + this->handshake_state = IMV_SWIMA_STATE_INIT; + this->sw_id_count = 0; + this->tag_count = 0; + this->missing = 0; + + json_object_put(this->jobj); + this->jobj = json_object_new_object(); +} + METHOD(imv_state_t, destroy, void, private_imv_swima_state_t *this) { json_object_put(this->jobj); DESTROY_IF(this->session); - DESTROY_IF(this->reason_string); - DESTROY_IF(this->remediation_string); this->contracts->destroy(this->contracts); free(this); } @@ -426,6 +450,18 @@ METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32, return this->imc_id; } +METHOD(imv_swima_state_t, set_subscription, void, + private_imv_swima_state_t *this, bool set) +{ + this->has_subscription = set; +} + +METHOD(imv_swima_state_t, get_subscription, bool, + private_imv_swima_state_t *this) +{ + return this->has_subscription; +} + /** * Described in header. */ @@ -453,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .set_handshake_state = _set_handshake_state, @@ -467,6 +504,8 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id) .set_count = _set_count, .get_count = _get_count, .get_imc_id = _get_imc_id, + .set_subscription = _set_subscription, + .get_subscription = _get_subscription, }, .state = TNC_CONNECTION_STATE_CREATE, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h index 4fa32daf4..e2f805189 100644 --- a/src/libimcv/plugins/imv_swima/imv_swima_state.h +++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h @@ -141,6 +141,20 @@ struct imv_swima_state_t { * @return SWID IMC ID */ TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this); + + /** + * Set or clear a subscription + * + * @param set TRUE sets and FALSE clears a subscripton + */ + void (*set_subscription)(imv_swima_state_t *this, bool set); + + /** + * Get the subscription status + * + * @return TRUE if subscription is set + */ + bool (*get_subscription)(imv_swima_state_t *this); }; /** diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index b583a32c2..d9b1725d2 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index c20d00bd1..fe6bf18b2 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, return this->contracts; } -METHOD(imv_state_t, change_state, void, +METHOD(imv_state_t, change_state, TNC_ConnectionState, private_imv_test_state_t *this, TNC_ConnectionState new_state) { + TNC_ConnectionState old_state; + + old_state = this->state; this->state = new_state; + return old_state; } METHOD(imv_state_t, get_recommendation, void, @@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool, return FALSE; } +METHOD(imv_state_t, reset, void, + private_imv_test_state_t *this) +{ + DESTROY_IF(this->reason_string); + this->reason_string = NULL; + this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION; + this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; + + this->imcs->destroy_function(this->imcs, free); + this->imcs = linked_list_create(); + +} + + METHOD(imv_state_t, destroy, void, private_imv_test_state_t *this) { @@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .update_recommendation = _update_recommendation, .get_reason_string = _get_reason_string, .get_remediation_instructions = _get_remediation_instructions, + .reset = _reset, .destroy = _destroy, }, .add_imc = _add_imc, diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 3cf439f35..56bb821cd 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -323,7 +323,6 @@ METHOD(pts_t, set_tpm_version_info, void, private_pts_t *this, chunk_t info) { this->tpm_version_info = chunk_clone(info); - /* print_tpm_version_info(this); */ } /** diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c index a579f7378..b3207fb93 100644 --- a/src/libimcv/suites/test_imcv_swima.c +++ b/src/libimcv/suites/test_imcv_swima.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Andreas Steffen + * Copyright (C) 2017-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -182,7 +182,7 @@ START_TEST(test_imcv_swima_sw_req) targets = c_attr->get_targets(c_attr); ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid); - + enumerator = targets->create_enumerator(targets); ck_assert(enumerator); n = 0; @@ -268,67 +268,69 @@ static sw_inv_data_t sw_inv_data[] = { chunk_from_chars( 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, - 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, - 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, - 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, - 0x74, 0x79, 0x3E) + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030, chunk_from_chars( 0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034, chunk_from_chars( 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, - 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, - 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61, - 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, - 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, - 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, - 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, - 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, - 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, - 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, - 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74, - 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22, - 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, - 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E) + 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, + 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, + 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, + 0x69, 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, + 0x2A, 0x19, 0x11, 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, + 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, + 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, + 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, + 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, + 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, + 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, + 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, + 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, + 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, + 0x79, 0x3E) }, { IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034, chunk_from_chars( 0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72, - 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, - 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, - 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00, - 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, - 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35, - 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D, - 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D, - 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66, - 0x31, 0x61, 0x00, 0x00) + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74, + 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, + 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, + 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, + 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, + 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, + 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, + 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, + 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, + 0x31, 0x66, 0x31, 0x61, 0x00, 0x00) } }; @@ -351,7 +353,7 @@ START_TEST(test_imcv_swima_inv) sw_id_only); sw_inv = swima_inventory_create(); - sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); + sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch); for (n = 0; n < _i/2; n++) { sw_id = chunk_from_str(sw_id_str[n]); @@ -445,15 +447,17 @@ END_TEST * 23 data_model_type * 24 segment 5 - 1 octet * 24 source_id - * 25 sw_id - * 26 segment 6 - 2 octets - * 58 sw_locator - * 59 segment 7 - 33 octets - * 60 record - * 62 segment 8 - 3 octets - * 113 sw record 2 - * 114 segment 9 - 52 octets - * 230 segment 10 - 116 octets + * 25 segment 6 - 1 octet + * 25 reserved + * 26 sw_id + * 27 segment 7 - 2 octets + * 59 sw_locator + * 60 segment 8 - 33 octets + * 61 record + * 63 segment 9 - 3 octets + * 114 sw record 2 + * 115 segment 10 - 52 octets + * 231 segment 11 - 117 octets */ START_TEST(test_imcv_swima_sw_inv_trunc) @@ -509,26 +513,32 @@ START_TEST(test_imcv_swima_sw_inv_trunc) attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 6 truncates sw_id */ + /* Segment 6 truncates reserved */ data = chunk_skip(sw_inv_data[4].value, 24); + data.len = 1; + attr->add_segment(attr, data); + ck_assert(attr->process(attr, &offset) == NEED_MORE); + + /* Segment 7 truncates sw_id */ + data = chunk_skip(sw_inv_data[4].value, 25); data.len = 2; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 7 truncates sw_locator */ - data = chunk_skip(sw_inv_data[4].value, 26); + /* Segment 8 truncates sw_locator */ + data = chunk_skip(sw_inv_data[4].value, 27); data.len = 33; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 8 truncates record */ - data = chunk_skip(sw_inv_data[4].value, 59); + /* Segment 9 truncates record */ + data = chunk_skip(sw_inv_data[4].value, 60); data.len = 3; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == NEED_MORE); - /* Segment 9 truncates second sw_record */ - data = chunk_skip(sw_inv_data[4].value, 62); + /* Segment 10 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 63); data.len = 52; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == SUCCESS); @@ -539,9 +549,9 @@ START_TEST(test_imcv_swima_sw_inv_trunc) ck_assert(sw_inv->get_count(sw_inv) == 1); c_attr->clear_inventory(c_attr); - /* Segment 10 truncates second sw_record */ - data = chunk_skip(sw_inv_data[4].value, 114); - data.len = 116; + /* Segment 11 truncates second sw_record */ + data = chunk_skip(sw_inv_data[4].value, 115); + data.len = 117; attr->add_segment(attr, data); ck_assert(attr->process(attr, &offset) == SUCCESS); @@ -626,7 +636,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -644,7 +654,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00) @@ -656,7 +666,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -688,7 +698,7 @@ static sw_ev_data_t sw_ev_data[] = { 0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0', '5', '-', '3', '0', 'T', '1', '8', ':', '0', '9', ':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00, @@ -827,8 +837,8 @@ END_TEST * * 0 constant header * 16 segment 1 - 16 octets - * 20 eid - * 22 segment 2 - 6 octets + * 20 eid + * 22 segment 2 - 6 octets * 24 timestamp * 26 segment 3 - 4 octets * 44 record_id diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c deleted file mode 100644 index 7c7427fb1..000000000 --- a/src/libimcv/swid/swid_error.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2011 Sansar Choinyambuu - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_error.h" - -#include <bio/bio_writer.h> -#include <ietf/ietf_attr_pa_tnc_error.h> - -ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE, - "SWID Error", - "SWID Subscription Denied", - "SWID Response Too Large" -); - -/** - * Described in header. - */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id, - uint32_t max_attr_size, char *description) -{ - bio_writer_t *writer; - chunk_t msg_info; - pa_tnc_attr_t *attr; - pen_type_t error_code; - - error_code = pen_type_create( PEN_TCG, code); - writer = bio_writer_create(4); - writer->write_uint32(writer, request_id); - if (code == TCG_SWID_RESPONSE_TOO_LARGE) - { - writer->write_uint32(writer, max_attr_size); - } - if (description) - { - writer->write_data(writer, chunk_from_str(description)); - } - msg_info = writer->get_buf(writer); - attr = ietf_attr_pa_tnc_error_create(error_code, msg_info); - writer->destroy(writer); - - return attr; -} - diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h deleted file mode 100644 index 2ed099186..000000000 --- a/src/libimcv/swid/swid_error.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_error swid_error - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_ERROR_H_ -#define SWID_ERROR_H_ - -typedef enum swid_error_code_t swid_error_code_t; - -#include "pa_tnc/pa_tnc_attr.h" - -#include <library.h> - - -/** - * SWID Error Codes - * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification - */ -enum swid_error_code_t { - TCG_SWID_ERROR = 0x20, - TCG_SWID_SUBSCRIPTION_DENIED = 0x21, - TCG_SWID_RESPONSE_TOO_LARGE = 0x22 -}; - -/** - * enum name for swid_error_code_t. - */ -extern enum_name_t *swid_error_code_names; - -/** - * Creates a SWID Error Attribute - * see section 4.12 of TNC SWID Message and Attributes for IF-M - * - * @param code SWID error code - * @param request SWID request ID - * @param max_attr_size Maximum IF-M attribute size (if applicable) - * @param description Optional description string or NULL - */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request, - uint32_t max_attr_size, char *description); - -#endif /** SWID_ERROR_H_ @}*/ diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c deleted file mode 100644 index 5f6e50cb7..000000000 --- a/src/libimcv/swid/swid_inventory.c +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_inventory.h" -#include "swid_tag.h" -#include "swid_tag_id.h" -#include "swid_gen/swid_gen.h" - -#include <collections/linked_list.h> -#include <utils/lexparser.h> -#include <utils/debug.h> - -#include <stdio.h> -#include <fcntl.h> -#include <unistd.h> -#include <sys/stat.h> -#include <libgen.h> -#include <errno.h> - -typedef struct private_swid_inventory_t private_swid_inventory_t; - -/** - * Private data of a swid_inventory_t object. - * - */ -struct private_swid_inventory_t { - - /** - * Public swid_inventory_t interface. - */ - swid_inventory_t public; - - /** - * Full SWID tags or just SWID tag IDs - */ - bool full_tags; - - /** - * List of SWID tags or tag IDs - */ - linked_list_t *list; -}; - -static status_t generate_tags(private_swid_inventory_t *this, - swid_inventory_t *targets, bool pretty, bool full) -{ - swid_gen_t *swid_gen; - swid_tag_t *tag; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - status_t status = SUCCESS; - chunk_t out; - - swid_gen = swid_gen_create(); - - if (targets->get_count(targets) == 0) - { - DBG2(DBG_IMC, "SWID tag%s generation by package manager", - this->full_tags ? "" : " ID"); - - enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags, - full, pretty); - if (enumerator) - { - while (enumerator->enumerate(enumerator, &out)) - { - if (this->full_tags) - { - chunk_t swid_tag = out; - - tag = swid_tag_create(swid_tag, chunk_empty); - this->list->insert_last(this->list, tag); - } - else - { - chunk_t tag_creator, sw_id = out; - - if (extract_token_str(&tag_creator, "__", &sw_id)) - { - tag_id = swid_tag_id_create(tag_creator, sw_id, - chunk_empty); - this->list->insert_last(this->list, tag_id); - } - else - { - DBG1(DBG_IMC, "separation of regid from unique " - "software ID failed"); - status = FAILED; - chunk_free(&out); - break; - } - } - chunk_free(&out); - } - enumerator->destroy(enumerator); - } - else - { - status = NOT_SUPPORTED; - } - } - else if (this->full_tags) - { - DBG2(DBG_IMC, "targeted SWID tag generation"); - - enumerator = targets->create_enumerator(targets); - while (enumerator->enumerate(enumerator, &tag_id)) - { - char software_id[BUF_LEN], *swid_tag; - chunk_t tag_creator, sw_id; - - /* Construct software ID from tag creator and unique software ID */ - tag_creator = tag_id->get_tag_creator(tag_id); - sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - snprintf(software_id, BUF_LEN, "%.*s__%.*s", - (int)tag_creator.len, tag_creator.ptr, - (int)sw_id.len, sw_id.ptr); - - swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL, - full, pretty); - if (swid_tag) - { - tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty); - this->list->insert_last(this->list, tag); - free(swid_tag); - } - } - enumerator->destroy(enumerator); - } - swid_gen->destroy(swid_gen); - - return status; -} - -static bool collect_tags(private_swid_inventory_t *this, char *pathname, - swid_inventory_t *targets, bool is_swidtag_dir) -{ - char *rel_name, *abs_name; - struct stat st; - bool success = FALSE; - enumerator_t *enumerator; - - enumerator = enumerator_create_directory(pathname); - if (!enumerator) - { - DBG1(DBG_IMC, "directory '%s' can not be opened, %s", - pathname, strerror(errno)); - return FALSE; - } - if (is_swidtag_dir) - { - DBG2(DBG_IMC, "entering %s", pathname); - } - - while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st)) - { - char *separator, *suffix; - chunk_t tag_creator; - chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty; - - if (S_ISDIR(st.st_mode)) - { - if (!collect_tags(this, abs_name, targets, is_swidtag_dir || - streq(rel_name, "swidtag"))) - { - goto end; - } - continue; - } - if (!is_swidtag_dir) - { - continue; - } - - /* found a swidtag file? */ - suffix = strstr(rel_name, ".swidtag"); - if (!suffix) - { - continue; - } - - /* parse the swidtag filename into its components */ - separator = strstr(rel_name, "__"); - if (!separator) - { - DBG1(DBG_IMC, " %s", rel_name); - DBG1(DBG_IMC, " '__' separator not found"); - goto end; - } - tag_creator = chunk_create(rel_name, separator-rel_name); - - unique_sw_id = chunk_create(separator+2, suffix-separator-2); - tag_file_path = chunk_from_str(abs_name); - - /* In case of a targeted request */ - if (targets->get_count(targets)) - { - chunk_t target_unique_sw_id, target_tag_creator; - enumerator_t *target_enumerator; - swid_tag_id_t *tag_id; - bool match = FALSE; - - target_enumerator = targets->create_enumerator(targets); - while (target_enumerator->enumerate(target_enumerator, &tag_id)) - { - target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - target_tag_creator = tag_id->get_tag_creator(tag_id); - - if (chunk_equals(target_unique_sw_id, unique_sw_id) && - chunk_equals(target_tag_creator, tag_creator)) - { - match = TRUE; - break; - } - } - target_enumerator->destroy(target_enumerator); - - if (!match) - { - continue; - } - } - DBG2(DBG_IMC, " %s", rel_name); - - if (this->full_tags) - { - swid_tag_t *tag; - chunk_t *xml_tag; - - xml_tag = chunk_map(abs_name, FALSE); - if (!xml_tag) - { - DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, - strerror(errno)); - goto end; - } - - tag = swid_tag_create(*xml_tag, tag_file_path); - this->list->insert_last(this->list, tag); - chunk_unmap(xml_tag); - } - else - { - swid_tag_id_t *tag_id; - - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path); - this->list->insert_last(this->list, tag_id); - } - } - success = TRUE; - -end: - enumerator->destroy(enumerator); - if (is_swidtag_dir) - { - DBG2(DBG_IMC, "leaving %s", pathname); - } - - return success; -} - -METHOD(swid_inventory_t, collect, bool, - private_swid_inventory_t *this, char *directory, swid_inventory_t *targets, - bool pretty, bool full) -{ - /** - * Tags are generated by a package manager - */ - generate_tags(this, targets, pretty, full); - - /** - * Collect swidtag files by iteratively entering all directories in - * the tree under the "directory" path. - */ - return collect_tags(this, directory, targets, FALSE); -} - -METHOD(swid_inventory_t, add, void, - private_swid_inventory_t *this, void *item) -{ - this->list->insert_last(this->list, item); -} - -METHOD(swid_inventory_t, get_count, int, - private_swid_inventory_t *this) -{ - return this->list->get_count(this->list); -} - -METHOD(swid_inventory_t, create_enumerator, enumerator_t*, - private_swid_inventory_t *this) -{ - return this->list->create_enumerator(this->list); -} - -METHOD(swid_inventory_t, destroy, void, - private_swid_inventory_t *this) -{ - if (this->full_tags) - { - this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy)); - } - else - { - this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy)); - } - free(this); -} - -/** - * See header - */ -swid_inventory_t *swid_inventory_create(bool full_tags) -{ - private_swid_inventory_t *this; - - INIT(this, - .public = { - .collect = _collect, - .add = _add, - .get_count = _get_count, - .create_enumerator = _create_enumerator, - .destroy = _destroy, - }, - .full_tags = full_tags, - .list = linked_list_create(), - ); - - return &this->public; -} diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h deleted file mode 100644 index ba2518e26..000000000 --- a/src/libimcv/swid/swid_inventory.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_inventory swid_inventory - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_INVENTORY_H_ -#define SWID_INVENTORY_H_ - -#include <library.h> - -/* Maximum size of a SWID Tag Inventory: 100 MB */ -#define SWID_MAX_ATTR_SIZE 100000000 - -typedef struct swid_inventory_t swid_inventory_t; - -/** - * Class managing SWID tag inventory - */ -struct swid_inventory_t { - - /** - * Collect the SWID tags stored on the endpoint - * - * @param directory SWID directory path - * @param targets List of target tag IDs - * @param pretty Generate indented XML SWID tags - * @param full Include file information in SWID tags - * @return TRUE if successful - */ - bool (*collect)(swid_inventory_t *this, char *directory, - swid_inventory_t *targets, bool pretty, bool full); - - /** - * Collect the SWID tags stored on the endpoint - * - * @param item SWID tag or tag ID to be added - */ - void (*add)(swid_inventory_t *this, void *item); - - /** - * Get the number of collected SWID tags - * - * @return Number of collected SWID tags - */ - int (*get_count)(swid_inventory_t *this); - - /** - * Create a SWID tag inventory enumerator - * - * @return Enumerator returning either tag ID or full tag - */ - enumerator_t* (*create_enumerator)(swid_inventory_t *this); - - /** - * Destroys a swid_inventory_t object. - */ - void (*destroy)(swid_inventory_t *this); - -}; - -/** - * Creates a swid_inventory_t object - * - * @param full_tags TRUE if full tags, FALSE if tag IDs only - */ -swid_inventory_t* swid_inventory_create(bool full_tags); - -#endif /** SWID_INVENTORY_H_ @}*/ diff --git a/src/libimcv/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c deleted file mode 100644 index c77c75700..000000000 --- a/src/libimcv/swid/swid_tag.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_tag.h" - -typedef struct private_swid_tag_t private_swid_tag_t; - -/** - * Private data of a swid_tag_t object. - * - */ -struct private_swid_tag_t { - - /** - * Public swid_tag_t interface. - */ - swid_tag_t public; - - /** - * UTF-8 XML encoding of SWID tag - */ - chunk_t encoding; - - /** - * Optional Tag Identifier Instance ID - */ - chunk_t instance_id; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(swid_tag_t, get_encoding, chunk_t, - private_swid_tag_t *this) -{ - return this->encoding; -} - -METHOD(swid_tag_t, get_instance_id, chunk_t, - private_swid_tag_t *this) -{ - return this->instance_id; -} - -METHOD(swid_tag_t, get_ref, swid_tag_t*, - private_swid_tag_t *this) -{ - ref_get(&this->ref); - return &this->public; -} - -METHOD(swid_tag_t, destroy, void, - private_swid_tag_t *this) -{ - if (ref_put(&this->ref)) - { - free(this->encoding.ptr); - free(this->instance_id.ptr); - free(this); - } -} - -/** - * See header - */ -swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id) -{ - private_swid_tag_t *this; - - INIT(this, - .public = { - .get_encoding = _get_encoding, - .get_instance_id = _get_instance_id, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .encoding = chunk_clone(encoding), - .ref = 1, - ); - - if (instance_id.len > 0) - { - this->instance_id = chunk_clone(instance_id); - } - - return &this->public; -} - diff --git a/src/libimcv/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h deleted file mode 100644 index 22c14b1aa..000000000 --- a/src/libimcv/swid/swid_tag.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_tag swid_tag - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_TAG_H_ -#define SWID_TAG_H_ - -#include <library.h> - -typedef struct swid_tag_t swid_tag_t; - - -/** - * Class storing a SWID Tag - */ -struct swid_tag_t { - - /** - * Get UTF-8 XML encoding of SWID tag - * - * @return XML encoding of SWID tag - */ - chunk_t (*get_encoding)(swid_tag_t *this); - - /** - * Get the optional Tag Identifier Instance ID - * - * @return Optional Tag Identifier Instance ID - */ - chunk_t (*get_instance_id)(swid_tag_t *this); - - /** - * Get a new reference to the swid_tag object - * - * @return this, with an increased refcount - */ - swid_tag_t* (*get_ref)(swid_tag_t *this); - - /** - * Destroys a swid_tag_t object. - */ - void (*destroy)(swid_tag_t *this); - -}; - -/** - * Creates a swid_tag_t object - * - * @param encoding XML encoding of SWID tag - * @param instance_id Tag Identifier Instance ID or empty chunk - */ -swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id); - -#endif /** SWID_TAG_H_ @}*/ diff --git a/src/libimcv/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c deleted file mode 100644 index 2dc6e3141..000000000 --- a/src/libimcv/swid/swid_tag_id.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "swid_tag_id.h" - -typedef struct private_swid_tag_id_t private_swid_tag_id_t; - -/** - * Private data of a swid_tag_id_t object. - * - */ -struct private_swid_tag_id_t { - - /** - * Public swid_tag_id_t interface. - */ - swid_tag_id_t public; - - /** - * Tag Creator - */ - chunk_t tag_creator; - - /** - * Unique Software ID - */ - chunk_t unique_sw_id; - - /** - * Optional Tag Identifier Instance ID - */ - chunk_t instance_id; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(swid_tag_id_t, get_tag_creator, chunk_t, - private_swid_tag_id_t *this) -{ - return this->tag_creator; -} - -METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t, - private_swid_tag_id_t *this, chunk_t *instance_id) -{ - if (instance_id) - { - *instance_id = this->instance_id; - } - return this->unique_sw_id; -} - -METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*, - private_swid_tag_id_t *this) -{ - ref_get(&this->ref); - return &this->public; -} - -METHOD(swid_tag_id_t, destroy, void, - private_swid_tag_id_t *this) -{ - if (ref_put(&this->ref)) - { - free(this->tag_creator.ptr); - free(this->unique_sw_id.ptr); - free(this->instance_id.ptr); - free(this); - } -} - -/** - * See header - */ -swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t instance_id) -{ - private_swid_tag_id_t *this; - - INIT(this, - .public = { - .get_tag_creator = _get_tag_creator, - .get_unique_sw_id = _get_unique_sw_id, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .tag_creator = chunk_clone(tag_creator), - .unique_sw_id = chunk_clone(unique_sw_id), - .ref = 1, - ); - - if (instance_id.len > 0) - { - this->instance_id = chunk_clone(instance_id); - } - - return &this->public; -} - diff --git a/src/libimcv/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h deleted file mode 100644 index a2be290ae..000000000 --- a/src/libimcv/swid/swid_tag_id.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup swid_tag_id swid_tag_id - * @{ @ingroup libimcv_swid - */ - -#ifndef SWID_TAG_ID_H_ -#define SWID_TAG_ID_H_ - -#include <library.h> - -typedef struct swid_tag_id_t swid_tag_id_t; - - -/** - * Class storing a SWID Tag ID - */ -struct swid_tag_id_t { - - /** - * Get the Tag Creator - * - * @return Tag Creator - */ - chunk_t (*get_tag_creator)(swid_tag_id_t *this); - - /** - * Get the Unique Software ID and optional Tag File Path - * - * @param instance_id Optional Tag Identifier Instance ID - * @return Unique Software ID - */ - chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id); - - /** - * Get a new reference to the swid_tag_id object - * - * @return this, with an increased refcount - */ - swid_tag_id_t* (*get_ref)(swid_tag_id_t *this); - - /** - * Destroys a swid_tag_id_t object. - */ - void (*destroy)(swid_tag_id_t *this); - -}; - -/** - * Creates a swid_tag_id_t object - * - * @param tag_creator Tag Creator - * @param unique_sw_id Unique Software ID - * @param instance_id Tag Identifier Instance ID or empty chunk - */ -swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id, - chunk_t instance_id); - -#endif /** SWID_TAG_ID_H_ @}*/ diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c index 096093b01..d2b50616f 100644 --- a/src/libimcv/swima/swima_collector.c +++ b/src/libimcv/swima/swima_collector.c @@ -13,6 +13,8 @@ * for more details. */ +#define _GNU_SOURCE /* for asprintf() */ + #include "swima_collector.h" #include <swid_gen/swid_gen.h> @@ -319,7 +321,7 @@ static status_t generate_tags(private_swima_collector_t *this, static bool collect_tags(private_swima_collector_t *this, char *pathname, swima_inventory_t *targets, bool is_swidtag_dir) { - char *rel_name, *abs_name, *suffix, *pos; + char *rel_name, *abs_name, *suffix, *pos, *uri; chunk_t *swid_tag, sw_id, sw_locator; swima_record_t *sw_record; struct stat st; @@ -433,8 +435,12 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname, } DBG2(DBG_IMC, " %s", rel_name); + sw_locator = chunk_empty; pos = strstr(pathname, "/swidtag"); - sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty; + if (pos && asprintf(&uri, "file://%.*s", pos - pathname, pathname) > 0) + { + sw_locator = chunk_from_str(uri); + } sw_record = swima_record_create(0, sw_id, sw_locator); sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR); if (!this->sw_id_only) @@ -442,8 +448,10 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname, sw_record->set_record(sw_record, *swid_tag); } this->inventory->add(this->inventory, sw_record); + chunk_unmap(swid_tag); chunk_free(&sw_id); + chunk_free(&sw_locator); } success = TRUE; diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c index f444724c1..f38d92145 100644 --- a/src/libimcv/swima/swima_data_model.c +++ b/src/libimcv/swima/swima_data_model.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Andreas Steffen + * Copyright (C) 2017-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -19,10 +19,10 @@ * ISO/IEC 19770-2-2015: Information Technology - Software Asset Management - * Part 2: Software Identification Tag */ -pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 }; +pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 0 }; /** * ISO/IEC 19770-2-2009: Information Technology - Software Asset Management - * Part 2: Software Identification Tag */ -pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 }; +pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 1 }; diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h index fe69d6aad..7391f3e9f 100644 --- a/src/libimcv/swima/swima_event.h +++ b/src/libimcv/swima/swima_event.h @@ -25,6 +25,7 @@ #include <library.h> +#define SWIMA_EVENT_ACTION_NONE 0 #define SWIMA_EVENT_ACTION_CREATION 1 #define SWIMA_EVENT_ACTION_DELETION 2 #define SWIMA_EVENT_ACTION_ALTERATION 3 diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c index d8acf0625..60e969a1c 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -165,6 +165,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (this->value.len < PTS_REQ_FILE_META_SIZE) { DBG1(DBG_TNC, "insufficient data for Request File Metadata"); + return FAILED; } reader = bio_reader_create(this->value); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index 9438fa062..c704e7d38 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -261,8 +261,9 @@ static const int tm_leap_1970 = 477; */ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) { - int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs; + int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec; int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; + time_t tm_days, tm_secs; char buf[BUF_LEN]; if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len)) @@ -278,12 +279,24 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) } /* representation of months as 0..11 */ + if (tm_mon < 1 || tm_mon > 12) + { + return FALSE; + } tm_mon--; /* representation of days as 0..30 */ + if (tm_day < 1 || tm_day > 31) + { + return FALSE; + } tm_day--; /* number of leap years between last year and 1970? */ + if (tm_year < 1970) + { + return FALSE; + } tm_leap_4 = (tm_year - 1) / 4; tm_leap_100 = tm_leap_4 / 25; tm_leap_400 = tm_leap_100 / 4; @@ -325,6 +338,7 @@ METHOD(pa_tnc_attr_t, process, status_t, if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE) { DBG1(DBG_TNC, "insufficient data for Simple Component Evidence"); + return FAILED; } reader = bio_reader_create(this->value); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c index 267c85776..ea175bdfe 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c @@ -71,7 +71,7 @@ enum pts_simple_evid_final_flag_t { /** TPM PCR Composite and TPM Quote Signature not included */ PTS_SIMPLE_EVID_FINAL_NO = 0x00, /** TPM Quote Info and TPM Quite Signature included - * using TPM 2.0 Quote Info format */ + * using TPM 2.0 Quote Info format */ PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10, /** Evidence Signature included */ PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, @@ -208,7 +208,7 @@ METHOD(pa_tnc_attr_t, build, void, return; } - quote_mode = this->quote_info->get_quote_mode(this->quote_info); + quote_mode = this->quote_info->get_quote_mode(this->quote_info); switch (quote_mode) { case TPM_QUOTE: @@ -258,7 +258,7 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_data16(writer, version_info); writer->write_data16(writer, pcr_select); } - + if (quote_mode != TPM_QUOTE_NONE) { writer->write_data32(writer, this->quote_sig); @@ -377,7 +377,7 @@ METHOD(pa_tnc_attr_t, process, status_t, this->quote_info->set_version_info(this->quote_info, version_info); } - + if (quote_mode != TPM_QUOTE_NONE) { if (!reader->read_data32(reader, "e_sig)) diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c deleted file mode 100644 index be35ee49d..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_req.h" - -#include "swid/swid_tag_id.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> -#include <collections/linked_list.h> - -typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t; - -/** - * SWID Request - * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * |C|S|R| Reserved| Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Earliest EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Creator Length | Tag Creator (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Unique Software ID Length |Unique Software ID (var length)| - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define SWID_REQ_RESERVED_MASK 0xE0 - -/** - * Private data of an tcg_swid_attr_req_t object. - */ -struct private_tcg_swid_attr_req_t { - - /** - * Public members of tcg_swid_attr_req_t - */ - tcg_swid_attr_req_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - - /** - * Attribute value or segment - */ - chunk_t value; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * SWID request flags - */ - uint8_t flags; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Earliest EID - */ - uint32_t earliest_eid; - - /** - * List of Target Tag Identifiers - */ - swid_inventory_t *targets; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_req_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_req_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_req_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_req_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_req_t *this) -{ - bio_writer_t *writer; - chunk_t tag_creator, unique_sw_id; - swid_tag_id_t *tag_id; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE); - writer->write_uint8 (writer, this->flags); - writer->write_uint24(writer, this->targets->get_count(this->targets)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->earliest_eid); - - enumerator = this->targets->create_enumerator(this->targets); - while (enumerator->enumerate(enumerator, &tag_id)) - { - tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL); - writer->write_data16(writer, tag_creator); - writer->write_data16(writer, unique_sw_id); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_req_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint32_t tag_id_count; - chunk_t tag_creator, unique_sw_id; - swid_tag_id_t *tag_id; - - *offset = 0; - - if (this->value.len < this->length) - { - return NEED_MORE; - } - if (this->value.len < TCG_SWID_REQ_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for SWID Request"); - return FAILED; - } - - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &this->flags); - reader->read_uint24(reader, &tag_id_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->earliest_eid); - - if (this->request_id == 0) - { - *offset = 4; - return FAILED; - } - *offset = TCG_SWID_REQ_MIN_SIZE; - - this->flags &= SWID_REQ_RESERVED_MASK; - - while (tag_id_count--) - { - if (!reader->read_data16(reader, &tag_creator)) - { - DBG1(DBG_TNC, "insufficient data for Tag Creator field"); - reader->destroy(reader); - return FAILED; - } - *offset += 2 + tag_creator.len; - - if (!reader->read_data16(reader, &unique_sw_id)) - { - DBG1(DBG_TNC, "insufficient data for Unique Software ID"); - reader->destroy(reader); - return FAILED; - } - *offset += 2 + unique_sw_id.len; - - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty); - this->targets->add(this->targets, tag_id); - } - reader->destroy(reader); - - return SUCCESS; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_req_t *this, chunk_t segment) -{ - this->value = chunk_cat("mc", this->value, segment); -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_req_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_req_t *this) -{ - if (ref_put(&this->ref)) - { - this->targets->destroy(this->targets); - free(this->value.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_req_t, get_flags, uint8_t, - private_tcg_swid_attr_req_t *this) -{ - return this->flags; -} - -METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t, - private_tcg_swid_attr_req_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t, - private_tcg_swid_attr_req_t *this) -{ - return this->earliest_eid; -} - -METHOD(tcg_swid_attr_req_t, add_target, void, - private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id) -{ - this->targets->add(this->targets, tag_id); -} - -METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*, - private_tcg_swid_attr_req_t *this) -{ - return this->targets; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, - uint32_t eid) -{ - private_tcg_swid_attr_req_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .get_flags = _get_flags, - .get_request_id = _get_request_id, - .get_earliest_eid = _get_earliest_eid, - .add_target = _add_target, - .get_targets = _get_targets, - }, - .type = { PEN_TCG, TCG_SWID_REQUEST }, - .flags = flags & SWID_REQ_RESERVED_MASK, - .request_id = request_id, - .earliest_eid = eid, - .targets = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data) -{ - private_tcg_swid_attr_req_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .get_flags = _get_flags, - .get_request_id = _get_request_id, - .get_earliest_eid = _get_earliest_eid, - .add_target = _add_target, - .get_targets = _get_targets, - }, - .type = { PEN_TCG, TCG_SWID_REQUEST }, - .length = length, - .value = chunk_clone(data), - .targets = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h deleted file mode 100644 index 2c85aaf6d..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (C) 2013-2017 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_req tcg_swid_attr_req - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_REQ_H_ -#define TCG_SWID_ATTR_REQ_H_ - -#define TCG_SWID_REQ_MIN_SIZE 12 - -typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t; -typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t; - -enum tcg_swid_attr_req_flag_t { - TCG_SWID_ATTR_REQ_FLAG_NONE = 0, - TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7), - TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6), - TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5) -}; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag_id.h" -#include "swid/swid_inventory.h" -#include "pa_tnc/pa_tnc_attr.h" - -/** - * Class implementing the TCG SWID Request attribute - */ -struct tcg_swid_attr_req_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Get SWID request flags - * - * @return Flags - */ - uint8_t (*get_flags)(tcg_swid_attr_req_t *this); - - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_req_t *this); - - /** - * Get Earliest EID - * - * @return Event ID - */ - uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); - - /** - * Add Tag ID - * - * @param tag_id SWID Tag ID (is not cloned by constructor!) - */ - void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id); - - /** - * Create Tag ID enumerator - * - * @return Get a list of target tag IDs - */ - swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this); - -}; - -/** - * Creates an tcg_swid_attr_req_t object - * - * @param flags Sets the C|S|R flags - * @param request_id Request ID - * @param eid Earliest Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_req_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value); - -#endif /** TCG_SWID_ATTR_REQ_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c deleted file mode 100644 index 560d5878f..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_tag_id_inv.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> - - -typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t; - -/** - * SWID Tag Identifier Inventory - * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Reserved | Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID Copy | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | EID Epoch | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Last EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Creator Length | Tag Creator (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Unique Software ID Length |Unique Software ID (var length)| - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Instance ID Length | Instance ID (variable length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define TCG_SWID_TAG_ID_INV_RESERVED 0x00 - -/** - * Private data of an tcg_swid_attr_tag_id_inv_t object. - */ -struct private_tcg_swid_attr_tag_id_inv_t { - - /** - * Public members of tcg_swid_attr_tag_id_inv_t - */ - tcg_swid_attr_tag_id_inv_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - /** - * Offset up to which attribute value has been processed - */ - size_t offset; - - /** - * Current position of attribute value pointer - */ - chunk_t value; - - /** - * Contains complete attribute or current segment - */ - chunk_t segment; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; - - /** - * Last Event ID - */ - uint32_t last_eid; - - /** - * Number of SWID Tag IDs in attribute - */ - uint32_t tag_id_count; - - /** - * SWID Tag ID Inventory - */ - swid_inventory_t *inventory; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_tag_id_inv_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - bio_writer_t *writer; - swid_tag_id_t *tag_id; - chunk_t tag_creator, unique_sw_id, instance_id; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE); - writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED); - writer->write_uint24(writer, this->inventory->get_count(this->inventory)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->eid_epoch); - writer->write_uint32(writer, this->last_eid); - - enumerator = this->inventory->create_enumerator(this->inventory); - while (enumerator->enumerate(enumerator, &tag_id)) - { - tag_creator = tag_id->get_tag_creator(tag_id); - unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id); - writer->write_data16(writer, tag_creator); - writer->write_data16(writer, unique_sw_id); - writer->write_data16(writer, instance_id); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->segment = this->value; - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint8_t reserved; - chunk_t tag_creator, unique_sw_id, instance_id; - swid_tag_id_t *tag_id; - status_t status = NEED_MORE; - - if (this->offset == 0) - { - if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - return FAILED; - } - if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE) - { - return NEED_MORE; - } - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &this->tag_id_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE; - this->value = reader->peek(reader); - reader->destroy(reader); - } - - reader = bio_reader_create(this->value); - - while (this->tag_id_count) - { - if (!reader->read_data16(reader, &tag_creator) || - !reader->read_data16(reader, &unique_sw_id) || - !reader->read_data16(reader, &instance_id)) - { - goto end; - } - tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id); - this->inventory->add(this->inventory, tag_id); - this->offset += this->value.len - reader->remaining(reader); - this->value = reader->peek(reader); - - /* at least one tag ID was processed */ - status = SUCCESS; - this->tag_id_count--; - } - - if (this->length != this->offset) - { - DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - status = FAILED; - } - -end: - reader->destroy(reader); - return status; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment) -{ - this->value = chunk_cat("cc", this->value, segment); - chunk_free(&this->segment); - this->segment = this->value; -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - if (ref_put(&this->ref)) - { - this->inventory->destroy(this->inventory); - free(this->segment.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_tag_id_inv_t, add, void, - private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id) -{ - this->inventory->add(this->inventory, tag_id); -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch) -{ - if (eid_epoch) - { - *eid_epoch = this->eid_epoch; - } - return this->last_eid; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->tag_id_count; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - return this->inventory; -} - -METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void, - private_tcg_swid_attr_tag_id_inv_t *this) -{ - this->inventory->destroy(this->inventory); - this->inventory = swid_inventory_create(FALSE); -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid) -{ - private_tcg_swid_attr_tag_id_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_id_count = _get_tag_id_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, - .request_id = request_id, - .eid_epoch = eid_epoch, - .last_eid = eid, - .inventory = swid_inventory_create(FALSE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length, - chunk_t data) -{ - private_tcg_swid_attr_tag_id_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_id_count = _get_tag_id_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY }, - .length = length, - .segment = chunk_clone(data), - .inventory = swid_inventory_create(FALSE), - .ref = 1, - ); - - /* received either complete attribute value or first segment */ - this->value = this->segment; - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h deleted file mode 100644 index e9db9b3c6..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_ -#define TCG_SWID_ATTR_TAG_ID_INV_H_ - -typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag_id.h" -#include "swid/swid_inventory.h" - -#include <pa_tnc/pa_tnc_attr.h> - -#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16 - -/** - * Class implementing the TCG SWID Tag Identifier Inventory attribute - * - */ -struct tcg_swid_attr_tag_id_inv_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Add a Tag ID to the attribute - * - * @param tag_id SWID Tag ID to be added - */ - void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id); - - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Get Last Event ID - * - * @param eid_epoch Event ID Epoch - * @return Last Event ID - */ - uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this, - uint32_t *eid_epoch); - - /** - * Get count of remaining SWID tag IDs - * - * @return SWID Tag ID count - */ - uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Get Inventory of SWID tag IDs - * - * @result SWID Tag ID Inventory - */ - swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this); - - /** - * Remove all SWID Tag IDs from the Inventory - */ - void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this); - -}; - -/** - * Creates an tcg_swid_attr_tag_id_inv_t object - * - * @param request_id Copy of the Request ID - * @param eid_epoch Event ID Epoch - * @param eid Last Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_tag_id_inv_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length, - chunk_t value); - -#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/ diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c deleted file mode 100644 index 013482441..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "tcg_swid_attr_tag_inv.h" - -#include <pa_tnc/pa_tnc_msg.h> -#include <bio/bio_writer.h> -#include <bio/bio_reader.h> -#include <utils/debug.h> - - -typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t; - -/** - * SWID Tag Inventory - * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M - * - * 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Reserved | Tag ID Count | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Request ID Copy | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | EID Epoch | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Last EID | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Instance ID Length | Instance ID (var. length) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag Length | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Tag (Variable) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ - -#define TCG_SWID_TAG_INV_RESERVED 0x00 - -/** - * Private data of an tcg_swid_attr_tag_inv_t object. - */ -struct private_tcg_swid_attr_tag_inv_t { - - /** - * Public members of tcg_swid_attr_tag_inv_t - */ - tcg_swid_attr_tag_inv_t public; - - /** - * Vendor-specific attribute type - */ - pen_type_t type; - - /** - * Length of attribute value - */ - size_t length; - - /** - * Offset up to which attribute value has been processed - */ - size_t offset; - - /** - * Current position of attribute value pointer - */ - chunk_t value; - - /** - * Contains complete attribute or current segment - */ - chunk_t segment; - - /** - * Noskip flag - */ - bool noskip_flag; - - /** - * Request ID - */ - uint32_t request_id; - - /** - * Event ID Epoch - */ - uint32_t eid_epoch; - - /** - * Last Event ID - */ - uint32_t last_eid; - - /** - * Number of SWID Tags in attribute - */ - uint32_t tag_count; - - /** - * SWID Tag Inventory - */ - swid_inventory_t *inventory; - - /** - * Reference count - */ - refcount_t ref; -}; - -METHOD(pa_tnc_attr_t, get_type, pen_type_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->type; -} - -METHOD(pa_tnc_attr_t, get_value, chunk_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->value; -} - -METHOD(pa_tnc_attr_t, get_noskip_flag, bool, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->noskip_flag; -} - -METHOD(pa_tnc_attr_t, set_noskip_flag,void, - private_tcg_swid_attr_tag_inv_t *this, bool noskip) -{ - this->noskip_flag = noskip; -} - -METHOD(pa_tnc_attr_t, build, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - bio_writer_t *writer; - swid_tag_t *tag; - enumerator_t *enumerator; - - if (this->value.ptr) - { - return; - } - - writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE); - writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED); - writer->write_uint24(writer, this->inventory->get_count(this->inventory)); - writer->write_uint32(writer, this->request_id); - writer->write_uint32(writer, this->eid_epoch); - writer->write_uint32(writer, this->last_eid); - - enumerator = this->inventory->create_enumerator(this->inventory); - while (enumerator->enumerate(enumerator, &tag)) - { - writer->write_data16(writer, tag->get_instance_id(tag)); - writer->write_data32(writer, tag->get_encoding(tag)); - } - enumerator->destroy(enumerator); - - this->value = writer->extract_buf(writer); - this->segment = this->value; - this->length = this->value.len; - writer->destroy(writer); -} - -METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset) -{ - bio_reader_t *reader; - uint8_t reserved; - chunk_t tag_encoding, instance_id; - swid_tag_t *tag; - status_t status = NEED_MORE; - - if (this->offset == 0) - { - if (this->length < TCG_SWID_TAG_INV_MIN_SIZE) - { - DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - return FAILED; - } - if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE) - { - return NEED_MORE; - } - reader = bio_reader_create(this->value); - reader->read_uint8 (reader, &reserved); - reader->read_uint24(reader, &this->tag_count); - reader->read_uint32(reader, &this->request_id); - reader->read_uint32(reader, &this->eid_epoch); - reader->read_uint32(reader, &this->last_eid); - this->offset = TCG_SWID_TAG_INV_MIN_SIZE; - this->value = reader->peek(reader); - reader->destroy(reader); - } - - reader = bio_reader_create(this->value); - - while (this->tag_count) - { - if (!reader->read_data16(reader, &instance_id) || - !reader->read_data32(reader, &tag_encoding)) - { - goto end; - } - tag = swid_tag_create(tag_encoding, instance_id); - this->inventory->add(this->inventory, tag); - this->offset += this->value.len - reader->remaining(reader); - this->value = reader->peek(reader); - - /* at least one tag was processed */ - status = SUCCESS; - this->tag_count--; - } - - if (this->length != this->offset) - { - DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG, - tcg_attr_names, this->type.type); - *offset = this->offset; - status = FAILED; - } - -end: - reader->destroy(reader); - return status; -} - -METHOD(pa_tnc_attr_t, add_segment, void, - private_tcg_swid_attr_tag_inv_t *this, chunk_t segment) -{ - this->value = chunk_cat("cc", this->value, segment); - chunk_free(&this->segment); - this->segment = this->value; -} - -METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, - private_tcg_swid_attr_tag_inv_t *this) -{ - ref_get(&this->ref); - return &this->public.pa_tnc_attribute; -} - -METHOD(pa_tnc_attr_t, destroy, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - if (ref_put(&this->ref)) - { - this->inventory->destroy(this->inventory); - free(this->segment.ptr); - free(this); - } -} - -METHOD(tcg_swid_attr_tag_inv_t, add, void, - private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag) -{ - this->inventory->add(this->inventory, tag); -} - -METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->request_id; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t, - private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch) -{ - if (eid_epoch) - { - *eid_epoch = this->eid_epoch; - } - return this->last_eid; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->tag_count; -} - -METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*, - private_tcg_swid_attr_tag_inv_t *this) -{ - return this->inventory; -} - -METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void, - private_tcg_swid_attr_tag_inv_t *this) -{ - this->inventory->destroy(this->inventory); - this->inventory = swid_inventory_create(TRUE); -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id, - uint32_t eid_epoch, uint32_t eid) -{ - private_tcg_swid_attr_tag_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_count = _get_tag_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, - .request_id = request_id, - .eid_epoch = eid_epoch, - .last_eid = eid, - .inventory = swid_inventory_create(TRUE), - .ref = 1, - ); - - return &this->public.pa_tnc_attribute; -} - -/** - * Described in header. - */ -pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length, - chunk_t data) -{ - private_tcg_swid_attr_tag_inv_t *this; - - INIT(this, - .public = { - .pa_tnc_attribute = { - .get_type = _get_type, - .get_value = _get_value, - .get_noskip_flag = _get_noskip_flag, - .set_noskip_flag = _set_noskip_flag, - .build = _build, - .process = _process, - .add_segment = _add_segment, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .add = _add, - .get_request_id = _get_request_id, - .get_last_eid = _get_last_eid, - .get_tag_count = _get_tag_count, - .get_inventory = _get_inventory, - .clear_inventory = _clear_inventory, - }, - .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY }, - .length = length, - .segment = chunk_clone(data), - .inventory = swid_inventory_create(TRUE), - .ref = 1, - ); - - /* received either complete attribute value or first segment */ - this->value = this->segment; - - return &this->public.pa_tnc_attribute; -} diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h deleted file mode 100644 index 43ebd9e2a..000000000 --- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv - * @{ @ingroup tcg_attr - */ - -#ifndef TCG_SWID_ATTR_TAG_INV_H_ -#define TCG_SWID_ATTR_TAG_INV_H_ - -typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t; - -#include "tcg/tcg_attr.h" -#include "swid/swid_tag.h" -#include "swid/swid_inventory.h" - -#include <pa_tnc/pa_tnc_attr.h> - -#define TCG_SWID_TAG_INV_MIN_SIZE 16 - -/** - * Class implementing the TCG SWID Tag Inventory attribute - * - */ -struct tcg_swid_attr_tag_inv_t { - - /** - * Public PA-TNC attribute interface - */ - pa_tnc_attr_t pa_tnc_attribute; - - /** - * Add a Tag ID to the attribute - * - * @param tag SWID Tag to be added - */ - void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag); - /** - * Get Request ID - * - * @return Request ID - */ - uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this); - - /** - * Get Last Event ID - * - * @param eid_epoch Event ID Epoch - * @return Last Event ID - */ - uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this, - uint32_t *eid_epoch); - - /** - * Get count of remaining SWID tags - * - * @return SWID Tag count - */ - uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this); - - /** - * Get Inventory of SWID tags - * - * @result SWID Tag Inventory - */ - swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this); - - /** - * Remove all SWID Tags from the Inventory - */ - void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this); - -}; - -/** - * Creates an tcg_swid_attr_tag_inv_t object - * - * @param request_id Copy of the Request ID - * @param eid_epoch Event ID Epoch - * @param eid Last Event ID - */ -pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id, - uint32_t eid_epoch, - uint32_t eid); - -/** - * Creates an tcg_swid_attr_tag_inv_t object from received data - * - * @param length Total length of attribute value - * @param value Unparsed attribute value (might be a segment) - */ -pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length, - chunk_t value); - -#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/ diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c index ab1fa43a5..f6b1df7ec 100644 --- a/src/libimcv/tcg/tcg_attr.c +++ b/src/libimcv/tcg/tcg_attr.c @@ -31,9 +31,6 @@ #include "tcg/pts/tcg_pts_attr_file_meas.h" #include "tcg/pts/tcg_pts_attr_req_file_meta.h" #include "tcg/pts/tcg_pts_attr_unix_file_meta.h" -#include "tcg/swid/tcg_swid_attr_req.h" -#include "tcg/swid/tcg_swid_attr_tag_id_inv.h" -#include "tcg/swid/tcg_swid_attr_tag_inv.h" #include "tcg/seg/tcg_seg_attr_max_size.h" #include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/seg/tcg_seg_attr_next_seg.h" @@ -189,12 +186,6 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v { switch (type) { - case TCG_SWID_REQUEST: - return tcg_swid_attr_req_create_from_data(length, value); - case TCG_SWID_TAG_ID_INVENTORY: - return tcg_swid_attr_tag_id_inv_create_from_data(length, value); - case TCG_SWID_TAG_INVENTORY: - return tcg_swid_attr_tag_inv_create_from_data(length, value); case TCG_SEG_MAX_ATTR_SIZE_REQ: return tcg_seg_attr_max_size_create_from_data(length, value, TRUE); case TCG_SEG_MAX_ATTR_SIZE_RESP: @@ -253,6 +244,9 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v case TCG_PTS_UNIX_FILE_META: return tcg_pts_attr_unix_file_meta_create_from_data(length, value); /* unsupported TCG/SWID attributes */ + case TCG_SWID_REQUEST: + case TCG_SWID_TAG_ID_INVENTORY: + case TCG_SWID_TAG_INVENTORY: case TCG_SWID_TAG_ID_EVENTS: case TCG_SWID_TAG_EVENTS: case TCG_SWID_SUBSCRIPTION_STATUS_REQ: diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 834be0eeb..63074a965 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -353,7 +353,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -379,6 +378,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -399,8 +400,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -455,8 +454,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -485,8 +482,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index ab5af4634..4f0b129f0 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -332,6 +331,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -352,8 +353,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -408,8 +407,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,8 +435,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index c0119f12b..344cddce1 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index 3a1feae53..6f5bd160f 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -69,7 +69,7 @@ enum pt_tls_message_type_t { extern enum_name_t *pt_tls_message_type_names; /** - * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT + * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT */ enum pt_tls_sasl_result_t { PT_TLS_SASL_RESULT_SUCCESS = 0, diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index 167918811..265a4a09a 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -225,7 +225,7 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl) reader->destroy(reader); return SUCCESS; case NEED_MORE: - /* inacceptable, it won't get more. FALL */ + /* unacceptable, it won't get more. FALL */ case FAILED: default: reader->destroy(reader); diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 4e5936ffc..73d1805a9 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -332,6 +331,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -352,8 +353,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -408,8 +407,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -438,8 +435,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index edd978d78..331e8e920 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -335,6 +334,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -355,8 +356,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -411,8 +410,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -441,8 +438,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 66539a879..e6d7ce74b 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -565,6 +565,13 @@ if MONOLITHIC endif endif +if USE_BOTAN + SUBDIRS += plugins/botan +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/botan/libstrongswan-botan.la +endif +endif + if USE_FIPS_PRF SUBDIRS += plugins/fips_prf if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index a0eb8b6b5..b6bb52740 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -220,35 +220,37 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_106 = plugins/openssl/libstrongswan-openssl.la @USE_GCRYPT_TRUE@am__append_107 = plugins/gcrypt @MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_108 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_109 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_110 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_111 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_112 = plugins/agent/libstrongswan-agent.la -@USE_KEYCHAIN_TRUE@am__append_113 = plugins/keychain -@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_114 = plugins/keychain/libstrongswan-keychain.la -@USE_PKCS11_TRUE@am__append_115 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_116 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CHAPOLY_TRUE@am__append_117 = plugins/chapoly -@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_118 = plugins/chapoly/libstrongswan-chapoly.la -@USE_CTR_TRUE@am__append_119 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_120 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_121 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_122 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_123 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_124 = plugins/gcm/libstrongswan-gcm.la -@USE_MGF1_TRUE@am__append_125 = plugins/mgf1 -@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_126 = plugins/mgf1/libstrongswan-mgf1.la -@USE_NTRU_TRUE@am__append_127 = plugins/ntru -@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_128 = plugins/ntru/libstrongswan-ntru.la -@USE_BLISS_TRUE@am__append_129 = plugins/bliss -@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_130 = plugins/bliss/libstrongswan-bliss.la -@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope -@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_132 = plugins/newhope/libstrongswan-newhope.la -@USE_TEST_VECTORS_TRUE@am__append_133 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_134 = plugins/test_vectors/libstrongswan-test-vectors.la -@USE_LIBNTTFFT_TRUE@am__append_135 = math/libnttfft/tests -@USE_BLISS_TRUE@am__append_136 = plugins/bliss/tests -@USE_NEWHOPE_TRUE@am__append_137 = plugins/newhope/tests +@USE_BOTAN_TRUE@am__append_109 = plugins/botan +@MONOLITHIC_TRUE@@USE_BOTAN_TRUE@am__append_110 = plugins/botan/libstrongswan-botan.la +@USE_FIPS_PRF_TRUE@am__append_111 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_112 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_113 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_114 = plugins/agent/libstrongswan-agent.la +@USE_KEYCHAIN_TRUE@am__append_115 = plugins/keychain +@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_116 = plugins/keychain/libstrongswan-keychain.la +@USE_PKCS11_TRUE@am__append_117 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_118 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CHAPOLY_TRUE@am__append_119 = plugins/chapoly +@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_120 = plugins/chapoly/libstrongswan-chapoly.la +@USE_CTR_TRUE@am__append_121 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_122 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_123 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_124 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_125 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_126 = plugins/gcm/libstrongswan-gcm.la +@USE_MGF1_TRUE@am__append_127 = plugins/mgf1 +@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_128 = plugins/mgf1/libstrongswan-mgf1.la +@USE_NTRU_TRUE@am__append_129 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_130 = plugins/ntru/libstrongswan-ntru.la +@USE_BLISS_TRUE@am__append_131 = plugins/bliss +@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_132 = plugins/bliss/libstrongswan-bliss.la +@USE_NEWHOPE_TRUE@am__append_133 = plugins/newhope +@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/libstrongswan-newhope.la +@USE_TEST_VECTORS_TRUE@am__append_135 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_136 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_LIBNTTFFT_TRUE@am__append_137 = math/libnttfft/tests +@USE_BLISS_TRUE@am__append_138 = plugins/bliss/tests +@USE_NEWHOPE_TRUE@am__append_139 = plugins/newhope/tests subdir = src/libstrongswan ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -328,7 +330,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_112) $(am__append_114) $(am__append_116) \ $(am__append_118) $(am__append_120) $(am__append_122) \ $(am__append_124) $(am__append_126) $(am__append_128) \ - $(am__append_130) $(am__append_132) $(am__append_134) + $(am__append_130) $(am__append_132) $(am__append_134) \ + $(am__append_136) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -665,10 +668,10 @@ DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \ plugins/sshkey plugins/pem plugins/curl plugins/files \ plugins/winhttp plugins/unbound plugins/soup plugins/ldap \ plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ - plugins/gcrypt plugins/fips_prf plugins/agent plugins/keychain \ - plugins/pkcs11 plugins/chapoly plugins/ctr plugins/ccm \ - plugins/gcm plugins/mgf1 plugins/ntru plugins/bliss \ - plugins/newhope plugins/test_vectors tests \ + plugins/gcrypt plugins/botan plugins/fips_prf plugins/agent \ + plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \ + plugins/ccm plugins/gcm plugins/mgf1 plugins/ntru \ + plugins/bliss plugins/newhope plugins/test_vectors tests \ math/libnttfft/tests plugins/bliss/tests plugins/newhope/tests am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ $(top_srcdir)/ylwrap settings/settings_lexer.c \ @@ -798,7 +801,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -824,6 +826,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -844,8 +848,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -900,8 +902,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -930,8 +930,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -1080,7 +1084,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_114) $(am__append_116) $(am__append_118) \ $(am__append_120) $(am__append_122) $(am__append_124) \ $(am__append_126) $(am__append_128) $(am__append_130) \ - $(am__append_132) $(am__append_134) + $(am__append_132) $(am__append_134) $(am__append_136) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1142,8 +1146,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \ @MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \ @MONOLITHIC_FALSE@ $(am__append_129) $(am__append_131) \ -@MONOLITHIC_FALSE@ $(am__append_133) tests $(am__append_135) \ -@MONOLITHIC_FALSE@ $(am__append_136) $(am__append_137) +@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_135) tests \ +@MONOLITHIC_FALSE@ $(am__append_137) $(am__append_138) \ +@MONOLITHIC_FALSE@ $(am__append_139) # build unit tests ################## @@ -1175,8 +1180,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \ @MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \ @MONOLITHIC_TRUE@ $(am__append_129) $(am__append_131) \ -@MONOLITHIC_TRUE@ $(am__append_133) . tests $(am__append_135) \ -@MONOLITHIC_TRUE@ $(am__append_136) $(am__append_137) +@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_135) . tests \ +@MONOLITHIC_TRUE@ $(am__append_137) $(am__append_138) \ +@MONOLITHIC_TRUE@ $(am__append_139) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 79cb17ed1..aa649e969 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -825,7 +825,6 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content) u_char *pos = asn1_build_object(&object, tag, content.len); memcpy(pos, content.ptr, content.len); - pos += content.len; return object; } diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c index 82e405002..e6b459bbf 100644 --- a/src/libstrongswan/bio/bio_reader.c +++ b/src/libstrongswan/bio/bio_reader.c @@ -122,13 +122,16 @@ static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res, static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { + uint32_t tmp; + if (this->buf.len < 3) { DBG1(DBG_LIB, "%d bytes insufficient to parse u_int24 data", this->buf.len); return FALSE; } - *res = untoh32(get_ptr_end(this, 3, from_end)) >> 8; + memcpy(&tmp, get_ptr_end(this, 3, from_end), 3); + *res = ntohl(tmp) >> 8; this->buf = chunk_skip_end(this->buf, 3, from_end); return TRUE; } diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h index fbca8bdf5..859fa8a73 100644 --- a/src/libstrongswan/bio/bio_reader.h +++ b/src/libstrongswan/bio/bio_reader.h @@ -142,7 +142,7 @@ struct bio_reader_t { * Read a chunk of len bytes from the end of the buffer, reduce remaining. * * @param len number of bytes to read - * @param res ponter to result, not cloned + * @param res pointer to result, not cloned * @return TRUE if data read successfully */ bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res); diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c index 5ad7360d6..c7342c6d6 100644 --- a/src/libstrongswan/collections/linked_list.c +++ b/src/libstrongswan/collections/linked_list.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -111,7 +111,7 @@ struct private_enumerator_t { /** * implements enumerator interface */ - enumerator_t enumerator; + enumerator_t public; /** * associated linked list @@ -122,35 +122,19 @@ struct private_enumerator_t { * current item */ element_t *current; - - /** - * enumerator has enumerated all items - */ - bool finished; }; -METHOD(enumerator_t, enumerate, bool, - private_enumerator_t *this, va_list args) +/** + * Enumerate the current item + */ +static bool do_enumerate(private_enumerator_t *this, va_list args) { void **item; VA_ARGS_VGET(args, item); - if (this->finished) - { - return FALSE; - } if (!this->current) { - this->current = this->list->first; - } - else - { - this->current = this->current->next; - } - if (!this->current) - { - this->finished = TRUE; return FALSE; } if (item) @@ -160,28 +144,46 @@ METHOD(enumerator_t, enumerate, bool, return TRUE; } +METHOD(enumerator_t, enumerate_next, bool, + private_enumerator_t *this, va_list args) +{ + if (this->current) + { + this->current = this->current->next; + } + return do_enumerate(this, args); +} + +METHOD(enumerator_t, enumerate_current, bool, + private_enumerator_t *this, va_list args) +{ + this->public.venumerate = _enumerate_next; + return do_enumerate(this, args); +} + METHOD(linked_list_t, create_enumerator, enumerator_t*, private_linked_list_t *this) { private_enumerator_t *enumerator; INIT(enumerator, - .enumerator = { + .public = { .enumerate = enumerator_enumerate_default, - .venumerate = _enumerate, + .venumerate = _enumerate_current, .destroy = (void*)free, }, .list = this, + .current = this->first, ); - return &enumerator->enumerator; + return &enumerator->public; } METHOD(linked_list_t, reset_enumerator, void, private_linked_list_t *this, private_enumerator_t *enumerator) { - enumerator->current = NULL; - enumerator->finished = FALSE; + enumerator->current = this->first; + enumerator->public.venumerate = _enumerate_current; } METHOD(linked_list_t, get_count, int, @@ -298,14 +300,7 @@ METHOD(linked_list_t, insert_before, void, current = enumerator->current; if (!current) { - if (enumerator->finished) - { - this->public.insert_last(&this->public, item); - } - else - { - this->public.insert_first(&this->public, item); - } + insert_last(this, item); return; } element = element_create(item); @@ -377,7 +372,9 @@ METHOD(linked_list_t, remove_at, void, if (enumerator->current) { current = enumerator->current; - enumerator->current = current->previous; + enumerator->current = current->next; + /* the enumerator already points to the next item */ + enumerator->public.venumerate = _enumerate_current; remove_element(this, current); } } diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h index a9cb7f0d4..315fb0520 100644 --- a/src/libstrongswan/collections/linked_list.h +++ b/src/libstrongswan/collections/linked_list.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2017 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -102,12 +102,17 @@ struct linked_list_t { /** * Inserts a new item before the item the enumerator currently points to. * - * If this method is called before starting the enumeration the item is - * inserted first. If it is called after all items have been enumerated - * the item is inserted last. This is helpful when inserting items into - * a sorted list. + * If this method is called after all items have been enumerated, the item + * is inserted last. This is helpful when inserting items into a sorted + * list. * - * @note The position of the enumerator is not changed. + * @note The position of the enumerator is not changed. So it is safe to + * call this before or after remove_at() to replace the item at the current + * position (the enumerator will continue with the next item in the list). + * And in particular, when inserting an item before calling enumerate(), + * the enumeration will continue (or start) at the item that was first in + * the list before any items were inserted (enumerate() will return FALSE + * if the list was empty before). * * @param enumerator enumerator with position * @param item item value to insert in list @@ -118,6 +123,10 @@ struct linked_list_t { /** * Remove an item from the list where the enumerator points to. * + * If this method is called before calling enumerate() of the enumerator, + * the first item in the list, if any, will be removed. No item is removed, + * if the method is called after enumerating all items. + * * @param enumerator enumerator with position */ void (*remove_at)(linked_list_t *this, enumerator_t *enumerator); diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index b473223e4..38c40c87d 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -141,7 +141,7 @@ extern enum_name_t *auth_rule_names; * RFC4739 defines multiple authentication rounds. This class defines such * a round from a configuration perspective, either for the local or the remote * peer. Local configs are called "rulesets". They define how we authenticate. - * Remote peer configs are called "constraits". They define what is needed to + * Remote peer configs are called "constraints". They define what is needed to * complete the authentication round successfully. * * @verbatim diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.h b/src/libstrongswan/credentials/certificates/certificate_printer.h index 7953eb060..747cc21ae 100644 --- a/src/libstrongswan/credentials/certificates/certificate_printer.h +++ b/src/libstrongswan/credentials/certificates/certificate_printer.h @@ -62,7 +62,7 @@ struct certificate_printer_t { * * @param f file where print output is directed to (usually stdout) * @param detailed print more detailed certificate information - * @param utc print time inforamtion in UTC + * @param utc print time information in UTC */ certificate_printer_t* certificate_printer_create(FILE *f, bool detailed, bool utc); diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 877ed20a2..a98a33d20 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -106,9 +106,9 @@ enum signature_scheme_t { SIGN_ECDSA_384, /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ SIGN_ECDSA_521, - /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */ + /** PureEdDSA on Curve25519 as in RFC 8410 */ SIGN_ED25519, - /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */ + /** PureEdDSA on Curve448 as in RFC 8410 */ SIGN_ED448, /** BLISS with SHA-2_256 */ SIGN_BLISS_WITH_SHA2_256, diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index 2294eaff7..97209953a 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -15,12 +15,14 @@ #include "shared_key.h" -ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN, +ENUM(shared_key_type_names, SHARED_ANY, SHARED_PPK, "ANY", "IKE", "EAP", "PRIVATE_KEY_PASS", "PIN", + "NTLM", + "PPK", ); typedef struct private_shared_key_t private_shared_key_t; @@ -93,7 +95,7 @@ shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) .get_key = _get_key, .get_ref = _get_ref, .destroy = _destroy, - }, + }, .type = type, .key = key, .ref = 1, diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index d97139de2..44e6f0460 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -43,6 +43,8 @@ enum shared_key_type_t { SHARED_PIN, /** Calculated NT Hash = MD4(UTF-16LE(password)) */ SHARED_NT_HASH, + /** Postquantum Preshared Key */ + SHARED_PPK, }; /** diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 4f61ba1fc..7f048c620 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -177,7 +177,7 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor - * @param key size key size to peform benchmarking for + * @param key size key size to perform benchmarking for * @param plugin_name plugin that registered this algorithm * @param create constructor function for that algorithm * @return TRUE if registered, FALSE if test vector failed @@ -204,7 +204,7 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor - * @param key size key size to peform benchmarking for + * @param key size key size to perform benchmarking for * @param plugin_name plugin that registered this algorithm * @param create constructor function for that algorithm * @return TRUE if registered, FALSE if test vector failed diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 41654553d..f4f57d917 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -40,7 +40,7 @@ enum hash_algorithm_t { HASH_SHA256 = 2, HASH_SHA384 = 3, HASH_SHA512 = 4, - /* draft-ietf-ipsecme-eddsa (RFC TBA) */ + /* RFC 8420 */ HASH_IDENTITY = 5, /* use private use range for algorithms not defined/permitted by RFC 7427 */ HASH_UNKNOWN = 1024, diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index d671879c0..952608997 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -335,22 +335,16 @@ METHOD(proposal_t, strip_dh, void, } /** - * Select a matching proposal from this and other, insert into selected. + * Select a matching proposal from this and other. */ static bool select_algo(private_proposal_t *this, proposal_t *other, - proposal_t *selected, transform_type_t type, bool priv) + transform_type_t type, bool priv, bool log, + uint16_t *alg, uint16_t *ks) { enumerator_t *e1, *e2; uint16_t alg1, alg2, ks1, ks2; bool found = FALSE, optional = FALSE; - if (type == INTEGRITY_ALGORITHM && - selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) && - encryption_algorithm_is_aead(alg1)) - { - /* no integrity algorithm required, we have an AEAD */ - return TRUE; - } if (type == DIFFIE_HELLMAN_GROUP) { optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH; @@ -398,26 +392,79 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, { if (!priv && alg1 >= 1024) { - /* accept private use algorithms only if requested */ - DBG1(DBG_CFG, "an algorithm from private space would match, " - "but peer implementation is unknown, skipped"); + if (log) + { + DBG1(DBG_CFG, "an algorithm from private space would " + "match, but peer implementation is unknown, " + "skipped"); + } continue; } - selected->add_algorithm(selected, type, alg1, ks1); + *alg = alg1; + *ks = ks1; found = TRUE; break; } } } - /* no match in all comparisons */ e1->destroy(e1); e2->destroy(e2); + return found; +} - if (!found) +/** + * Select algorithms from the given proposals, if selected is given, the result + * is stored there and errors are logged. + */ +static bool select_algos(private_proposal_t *this, proposal_t *other, + proposal_t *selected, bool private) +{ + transform_type_t type; + array_t *types; + bool skip_integrity = FALSE; + int i; + + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) { - DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type); + uint16_t alg = 0, ks = 0; + + array_get(types, i, &type); + if (type == INTEGRITY_ALGORITHM && skip_integrity) + { + continue; + } + if (select_algo(this, other, type, private, selected != NULL, &alg, &ks)) + { + if (alg == 0 && type != EXTENDED_SEQUENCE_NUMBERS) + { /* 0 is "valid" for extended sequence numbers, for other + * transforms it either means NONE or is reserved */ + continue; + } + if (selected) + { + selected->add_algorithm(selected, type, alg, ks); + } + if (type == ENCRYPTION_ALGORITHM && + encryption_algorithm_is_aead(alg)) + { + /* no integrity algorithm required, we have an AEAD */ + skip_integrity = TRUE; + } + } + else + { + if (selected) + { + DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, + type); + } + array_destroy(types); + return FALSE; + } } - return found; + array_destroy(types); + return TRUE; } METHOD(proposal_t, select_proposal, proposal_t*, @@ -425,9 +472,6 @@ METHOD(proposal_t, select_proposal, proposal_t*, bool private) { proposal_t *selected; - transform_type_t type; - array_t *types; - int i; DBG2(DBG_CFG, "selecting proposal:"); @@ -448,23 +492,25 @@ METHOD(proposal_t, select_proposal, proposal_t*, selected->set_spi(selected, this->spi); } - types = merge_types(this, (private_proposal_t*)other); - for (i = 0; i < array_count(types); i++) + if (!select_algos(this, other, selected, private)) { - array_get(types, i, &type); - if (!select_algo(this, other, selected, type, private)) - { - selected->destroy(selected); - array_destroy(types); - return NULL; - } + selected->destroy(selected); + return NULL; } - array_destroy(types); - DBG2(DBG_CFG, " proposal matches"); return selected; } +METHOD(proposal_t, matches, bool, + private_proposal_t *this, proposal_t *other, bool private) +{ + if (this->protocol != other->get_protocol(other)) + { + return FALSE; + } + return select_algos(this, other, NULL, private); +} + METHOD(proposal_t, get_protocol, protocol_id_t, private_proposal_t *this) { @@ -910,6 +956,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number) .promote_dh_group = _promote_dh_group, .strip_dh = _strip_dh, .select = _select_proposal, + .matches = _matches, .get_protocol = _get_protocol, .set_spi = _set_spi, .get_spi = _get_spi, diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h index 0052674b9..338324326 100644 --- a/src/libstrongswan/crypto/proposal/proposal.h +++ b/src/libstrongswan/crypto/proposal/proposal.h @@ -34,7 +34,6 @@ typedef struct proposal_t proposal_t; #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> #include <crypto/diffie_hellman.h> -#include <selectors/traffic_selector.h> /** * Protocol ID of a proposal. @@ -144,6 +143,17 @@ struct proposal_t { bool other_remote, bool private); /** + * Check if the given proposal matches this proposal. + * + * This is similar to select, but no resulting proposal is selected. + * + * @param other proposal to compare against + * @param private accepts algorithms allocated in a private range + * @return TRUE if the proposals match + */ + bool (*matches)(proposal_t *this, proposal_t *other, bool private); + + /** * Get the protocol ID of the proposal. * * @return protocol of the proposal diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index 16dbf8d41..6f19cc751 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -43,6 +43,13 @@ ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO, "auto", ); +ENUM(dscp_copy_names, DSCP_COPY_OUT_ONLY, DSCP_COPY_NO, + "out", + "in", + "yes", + "no", +); + /* * See header */ @@ -62,7 +69,7 @@ bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b) /* * See header */ -bool mark_from_string(const char *value, mark_t *mark) +bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark) { char *endptr; @@ -72,6 +79,11 @@ bool mark_from_string(const char *value, mark_t *mark) } if (strcasepfx(value, "%unique")) { + if (!(ops & MARK_OP_UNIQUE)) + { + DBG1(DBG_APP, "unexpected use of %%unique mark", value); + return FALSE; + } endptr = (char*)value + strlen("%unique"); if (strcasepfx(endptr, "-dir")) { @@ -88,6 +100,24 @@ bool mark_from_string(const char *value, mark_t *mark) return FALSE; } } + else if (strcasepfx(value, "%same")) + { + if (!(ops & MARK_OP_SAME)) + { + DBG1(DBG_APP, "unexpected use of %%same mark", value); + return FALSE; + } + endptr = (char*)value + strlen("%same"); + if (!*endptr || *endptr == '/') + { + mark->value = MARK_SAME; + } + else + { + DBG1(DBG_APP, "invalid mark value: %s", value); + return FALSE; + } + } else { mark->value = strtoul(value, &endptr, 0); diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index 4e6e2d9dc..7b7bd3743 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -27,6 +27,8 @@ typedef enum policy_type_t policy_type_t; typedef enum policy_priority_t policy_priority_t; typedef enum ipcomp_transform_t ipcomp_transform_t; typedef enum hw_offload_t hw_offload_t; +typedef enum dscp_copy_t dscp_copy_t; +typedef enum mark_op_t mark_op_t; typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t; typedef struct lifetime_cfg_t lifetime_cfg_t; typedef struct mark_t mark_t; @@ -132,6 +134,22 @@ enum hw_offload_t { extern enum_name_t *hw_offload_names; /** + * DSCP header field copy behavior (the default is not to copy from outer + * to inner header) + */ +enum dscp_copy_t { + DSCP_COPY_OUT_ONLY, + DSCP_COPY_IN_ONLY, + DSCP_COPY_YES, + DSCP_COPY_NO, +}; + +/** + * enum strings for dscp_copy_t. + */ +extern enum_name_t *dscp_copy_names; + +/** * This struct contains details about IPsec SA(s) tied to a policy. */ struct ipsec_sa_cfg_t { @@ -197,15 +215,29 @@ struct mark_t { */ #define MARK_UNIQUE (0xFFFFFFFF) #define MARK_UNIQUE_DIR (0xFFFFFFFE) +#define MARK_SAME (0xFFFFFFFF) #define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR) /** + * Special mark operations to accept when parsing marks. + */ +enum mark_op_t { + /** none of the following */ + MARK_OP_NONE = 0, + /** %unique and %unique-dir */ + MARK_OP_UNIQUE = (1<<0), + /** %same */ + MARK_OP_SAME = (1<<1), +}; + +/** * Try to parse a mark_t from the given string of the form mark[/mask]. * * @param value string to parse + * @param ops operations to accept * @param mark mark to fill * @return TRUE if parsing was successful */ -bool mark_from_string(const char *value, mark_t *mark); +bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark); #endif /** IPSEC_TYPES_H_ @}*/ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 86b275dad..ad5d9ab36 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2016 Tobias Brunner + * Copyright (C) 2009-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -54,7 +54,7 @@ struct private_library_t { /** * Integrity check failed? */ - bool integrity_failed; + bool init_failed; #ifdef LEAK_DETECTIVE /** @@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace) { /* already initialized, increase refcount */ this = (private_library_t*)lib; ref_get(&this->ref); - return !this->integrity_failed; + return !this->init_failed; } chunk_hash_seed(); @@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace) this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); - this->public.settings = settings_create(this->public.conf); + this->public.settings = settings_create(NULL); + if (!this->public.settings->load_files(this->public.settings, + this->public.conf, FALSE)) + { + DBG1(DBG_LIB, "abort initialization due to invalid configuration"); + this->init_failed = TRUE; + } + /* add registered aliases */ for (i = 0; i < ns_count; ++i) { @@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace) if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { DBG1(DBG_LIB, "integrity check of libstrongswan failed"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; } #else /* !INTEGRITY_TEST */ DBG1(DBG_LIB, "integrity test enabled, but not supported"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; #endif /* INTEGRITY_TEST */ } diffie_hellman_init(); - return !this->integrity_failed; + return !this->init_failed; } diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 53f371c51..6409d3cae 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2016 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -258,11 +258,12 @@ struct library_t { * * The settings and namespace arguments are only used on the first call. * - * @param settings file to read settings from, may be NULL for default + * @param settings file to read settings from, may be NULL for default or + * "" to not load any settings * @param namespace name of the binary that uses the library, determines * the first section name when reading config options. * Defaults to libstrongswan if NULL. - * @return FALSE if integrity check failed + * @return FALSE if integrity check failed or settings are invalid */ bool library_init(char *settings, const char *namespace); diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in index 02175a926..da58b25ae 100644 --- a/src/libstrongswan/math/libnttfft/Makefile.in +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -304,7 +304,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -330,6 +329,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -350,8 +351,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -406,8 +405,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,8 +433,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in index 8d0e02bb6..9888a8c89 100644 --- a/src/libstrongswan/math/libnttfft/tests/Makefile.in +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c index a9b71d6fd..ef967e817 100644 --- a/src/libstrongswan/networking/streams/stream_service_unix.c +++ b/src/libstrongswan/networking/streams/stream_service_unix.c @@ -59,13 +59,27 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog) return NULL; } umask(old); - /* only attempt to chown() socket if we have CAP_CHOWN */ - if (lib->caps->check(lib->caps, CAP_CHOWN) && - chown(addr.sun_path, lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps)) != 0) + /* Only attempt to change owner of socket if we have CAP_CHOWN. Otherwise, + * attempt to change group of socket to group under which charon runs after + * dropping caps. This requires the user that charon starts as to: + * a) Have write access to the socket dir. + * b) Belong to the group that charon will run under after dropping caps. */ + if (lib->caps->check(lib->caps, CAP_CHOWN)) { - DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", - uri, strerror(errno)); + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket owner/group for '%s' failed: %s", + uri, strerror(errno)); + } + } + else + { + if (chown(addr.sun_path, -1, lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket group for '%s' failed: %s", + uri, strerror(errno)); + } } if (listen(fd, backlog) < 0) { diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 36067a3ff..40282553f 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index d3817e12a..495b4598e 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index fdcfc099e..db0ed83b2 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 6b4a7fe5f..eb8a4132e 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 12a44870c..8f4122a0e 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index b98d367f1..ab7117a9b 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -335,7 +335,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -361,6 +360,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -381,8 +382,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -437,8 +436,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -467,8 +464,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 015f40a00..bda5fd160 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 2f122b5a8..31b1fd38d 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/botan/Makefile.am b/src/libstrongswan/plugins/botan/Makefile.am new file mode 100644 index 000000000..c1160145a --- /dev/null +++ b/src/libstrongswan/plugins/botan/Makefile.am @@ -0,0 +1,32 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + $(botan_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-botan.la +else +plugin_LTLIBRARIES = libstrongswan-botan.la +endif + +libstrongswan_botan_la_SOURCES = \ + botan_plugin.h botan_plugin.c \ + botan_rng.h botan_rng.c \ + botan_hasher.h botan_hasher.c \ + botan_hmac.h botan_hmac.c \ + botan_crypter.h botan_crypter.c \ + botan_rsa_public_key.h botan_rsa_public_key.c \ + botan_rsa_private_key.h botan_rsa_private_key.c \ + botan_diffie_hellman.h botan_diffie_hellman.c \ + botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \ + botan_ec_public_key.h botan_ec_public_key.c \ + botan_ec_private_key.h botan_ec_private_key.c \ + botan_util.h botan_util.c \ + botan_util_keys.h botan_util_keys.c \ + botan_gcm.h botan_gcm.c \ + botan_x25519.h botan_x25519.c + +libstrongswan_botan_la_LDFLAGS = -module -avoid-version +libstrongswan_botan_la_LIBADD = $(botan_LIBS) diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libstrongswan/plugins/botan/Makefile.in index faccb683e..533ba8340 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libstrongswan/plugins/botan/Makefile.in @@ -88,7 +88,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/libimcv/plugins/imv_swid +subdir = src/libstrongswan/plugins/botan ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -134,22 +134,28 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(imcvdir)" -LTLIBRARIES = $(imcv_LTLIBRARIES) +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = -imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) -am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \ - imv_swid_agent.lo -imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS) +libstrongswan_botan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_libstrongswan_botan_la_OBJECTS = botan_plugin.lo botan_rng.lo \ + botan_hasher.lo botan_hmac.lo botan_crypter.lo \ + botan_rsa_public_key.lo botan_rsa_private_key.lo \ + botan_diffie_hellman.lo botan_ec_diffie_hellman.lo \ + botan_ec_public_key.lo botan_ec_private_key.lo botan_util.lo \ + botan_util_keys.lo botan_gcm.lo botan_x25519.lo +libstrongswan_botan_la_OBJECTS = $(am_libstrongswan_botan_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@ +libstrongswan_botan_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_botan_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_botan_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_botan_la_rpath = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -184,8 +190,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(imv_swid_la_SOURCES) -DIST_SOURCES = $(imv_swid_la_SOURCES) +SOURCES = $(libstrongswan_botan_la_SOURCES) +DIST_SOURCES = $(libstrongswan_botan_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -311,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +342,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +364,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +418,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,33 +446,45 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libtpmtss \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - $(PLUGIN_CFLAGS) $(json_CFLAGS) - -imcv_LTLIBRARIES = imv-swid.la -imv_swid_la_LIBADD = \ - $(top_builddir)/src/libimcv/libimcv.la \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(json_LIBS) - -imv_swid_la_SOURCES = \ - imv_swid.c imv_swid_state.h imv_swid_state.c \ - imv_swid_agent.h imv_swid_agent.c - -imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined + $(PLUGIN_CFLAGS) \ + $(botan_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-botan.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-botan.la +libstrongswan_botan_la_SOURCES = \ + botan_plugin.h botan_plugin.c \ + botan_rng.h botan_rng.c \ + botan_hasher.h botan_hasher.c \ + botan_hmac.h botan_hmac.c \ + botan_crypter.h botan_crypter.c \ + botan_rsa_public_key.h botan_rsa_public_key.c \ + botan_rsa_private_key.h botan_rsa_private_key.c \ + botan_diffie_hellman.h botan_diffie_hellman.c \ + botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \ + botan_ec_public_key.h botan_ec_public_key.c \ + botan_ec_private_key.h botan_ec_private_key.c \ + botan_util.h botan_util.c \ + botan_util_keys.h botan_util_keys.c \ + botan_gcm.h botan_gcm.c \ + botan_x25519.h botan_x25519.c + +libstrongswan_botan_la_LDFLAGS = -module -avoid-version +libstrongswan_botan_la_LIBADD = $(botan_LIBS) all: all-am .SUFFIXES: @@ -483,9 +498,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile + $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -504,33 +519,44 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES) +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } -uninstall-imcvLTLIBRARIES: +uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done -clean-imcvLTLIBRARIES: - -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES) - @list='$(imcv_LTLIBRARIES)'; \ +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ @@ -539,8 +565,8 @@ clean-imcvLTLIBRARIES: rm -f $${locs}; \ } -imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES) - $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS) +libstrongswan-botan.la: $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_DEPENDENCIES) $(EXTRA_libstrongswan_botan_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_botan_la_LINK) $(am_libstrongswan_botan_la_rpath) $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -548,9 +574,21 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_crypter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_diffie_hellman.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_diffie_hellman.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_private_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_gcm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hasher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hmac.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rng.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_private_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util_keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_x25519.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -668,7 +706,7 @@ check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: - for dir in "$(DESTDIR)$(imcvdir)"; do \ + for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -703,8 +741,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -724,7 +762,7 @@ info: info-am info-am: -install-data-am: install-imcvLTLIBRARIES +install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am @@ -770,24 +808,24 @@ ps: ps-am ps-am: -uninstall-am: uninstall-imcvLTLIBRARIES +uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-imcvLTLIBRARIES install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-imcvLTLIBRARIES + uninstall-am uninstall-pluginLTLIBRARIES .PRECIOUS: Makefile diff --git a/src/libstrongswan/plugins/botan/botan_crypter.c b/src/libstrongswan/plugins/botan/botan_crypter.c new file mode 100644 index 000000000..002be6ea8 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_crypter.c @@ -0,0 +1,191 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Copyright (C) 2018 Tobias Hommel + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_crypter.h" + +#include <botan/ffi.h> + +typedef struct private_botan_crypter_t private_botan_crypter_t; + +/** + * Private data of botan_crypter_t + */ +struct private_botan_crypter_t { + + /** + * Public part of this class + */ + botan_crypter_t public; + + /** + * The key + */ + chunk_t key; + + /** + * The cipher name + */ + const char* cipher_name; +}; + +/** + * Do the actual en/decryption + */ +static bool crypt(private_botan_crypter_t *this, chunk_t data, chunk_t iv, + chunk_t *dst, uint32_t init_flag) +{ + botan_cipher_t cipher; + size_t output_written = 0; + size_t input_consumed = 0; + uint8_t *in, *out; + bool success = FALSE; + + in = data.ptr; + if (dst) + { + *dst = chunk_alloc(data.len); + out = dst->ptr; + } + else + { + out = data.ptr; + } + + if (botan_cipher_init(&cipher, this->cipher_name, init_flag)) + { + return FALSE; + } + + if (!botan_cipher_set_key(cipher, this->key.ptr, this->key.len) && + !botan_cipher_start(cipher, iv.ptr, iv.len) && + !botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, out, + data.len, &output_written, in, data.len, + &input_consumed) && + (output_written == input_consumed)) + { + success = TRUE; + } + + botan_cipher_destroy(cipher); + return success; +} + +METHOD(crypter_t, decrypt, bool, + private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) +{ + return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_DECRYPT); +} + + +METHOD(crypter_t, encrypt, bool, + private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) +{ + return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_ENCRYPT); +} + +METHOD(crypter_t, get_block_size, size_t, + private_botan_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_iv_size, size_t, + private_botan_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_key_size, size_t, + private_botan_crypter_t *this) +{ + return this->key.len; +} + +METHOD(crypter_t, set_key, bool, + private_botan_crypter_t *this, chunk_t key) +{ + memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len)); + return TRUE; +} + +METHOD(crypter_t, destroy, void, + private_botan_crypter_t *this) +{ + chunk_clear(&this->key); + free(this); +} + +/* + * Described in header + */ +botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo, + size_t key_size) +{ + private_botan_crypter_t *this; + + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + ); + + switch (algo) + { + case ENCR_AES_CBC: + switch (key_size) + { + case 16: + /* AES 128 */ + this->cipher_name = "AES-128/CBC/NoPadding"; + break; + case 24: + /* AES-192 */ + this->cipher_name = "AES-192/CBC/NoPadding"; + break; + case 32: + /* AES-256 */ + this->cipher_name = "AES-256/CBC/NoPadding"; + break; + default: + free(this); + return NULL; + } + break; + default: + free(this); + return NULL; + } + + this->key = chunk_alloc(key_size); + return &this->public; +} diff --git a/src/libstrongswan/plugins/botan/botan_crypter.h b/src/libstrongswan/plugins/botan/botan_crypter.h new file mode 100644 index 000000000..246904a5f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_crypter.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_crypter botan_crypter + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_CRYPTER_H_ +#define BOTAN_CRYPTER_H_ + +typedef struct botan_crypter_t botan_crypter_t; + +#include <crypto/crypters/crypter.h> + +/** + * Implementation of crypters using Botan. + */ +struct botan_crypter_t { + + /** + * Implements crypter_t interface. + */ + crypter_t crypter; +}; + +/** + * Constructor to create botan_crypter_t. + * + * @param algo algorithm to implement + * @param key_size key size in bytes + * @return botan_crypter_t, NULL if not supported + */ +botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo, + size_t key_size); + +#endif /** BOTAN_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c new file mode 100644 index 000000000..a55711d1b --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_diffie_hellman.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_DIFFIE_HELLMAN + +#include "botan_util.h" + +#include <botan/ffi.h> + +#include <utils/debug.h> + +typedef struct private_botan_diffie_hellman_t private_botan_diffie_hellman_t; + +/** + * Private data of an botan_diffie_hellman_t object. + */ +struct private_botan_diffie_hellman_t { + + /** + * Public botan_diffie_hellman_t interface + */ + botan_diffie_hellman_t public; + + /** + * Diffie Hellman group number + */ + diffie_hellman_group_t group; + + /** + * Private key + */ + botan_privkey_t dh_key; + + /** + * Diffie hellman shared secret + */ + chunk_t shared_secret; + + /** + * Generator value + */ + botan_mp_t g; + + /** + * Modulus + */ + botan_mp_t p; +}; + +/** + * Load a DH private key + */ +bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value) +{ + botan_mp_t xa; + + if (!chunk_to_botan_mp(value, &xa)) + { + return FALSE; + } + + if (botan_privkey_destroy(this->dh_key) || + botan_privkey_load_dh(&this->dh_key, this->p, this->g, xa)) + { + botan_mp_destroy(xa); + return FALSE; + } + botan_mp_destroy(xa); + return TRUE; +} + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_botan_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(this->group, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_botan_diffie_hellman_t *this, chunk_t *value) +{ + *value = chunk_empty; + + /* get key size of public key first */ + if (botan_pk_op_key_agreement_export_public(this->dh_key, NULL, &value->len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *value = chunk_alloc(value->len); + if (botan_pk_op_key_agreement_export_public(this->dh_key, value->ptr, + &value->len)) + { + chunk_clear(value); + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_botan_diffie_hellman_t *this, chunk_t value) +{ + chunk_clear(&this->shared_secret); + return load_private_key(this, value); +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_botan_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_botan_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_botan_diffie_hellman_t *this) +{ + botan_mp_destroy(this->p); + botan_mp_destroy(this->g); + botan_privkey_destroy(this->dh_key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Generic internal constructor + */ +static botan_diffie_hellman_t *create_generic(diffie_hellman_group_t group, + chunk_t g, chunk_t p, size_t exp_len) +{ + private_botan_diffie_hellman_t *this; + chunk_t random; + rng_t *rng; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + ); + + if (!chunk_to_botan_mp(p, &this->p)) + { + destroy(this); + return NULL; + } + + if (!chunk_to_botan_mp(g, &this->g)) + { + destroy(this); + return NULL; + } + + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng || !rng->allocate_bytes(rng, exp_len, &random)) + { + DESTROY_IF(rng); + destroy(this); + return NULL; + } + rng->destroy(rng); + + if (!load_private_key(this, random)) + { + chunk_clear(&random); + destroy(this); + return NULL; + } + chunk_clear(&random); + return &this->public; +} + +/* + * Described in header. + */ +botan_diffie_hellman_t *botan_diffie_hellman_create( + diffie_hellman_group_t group, ...) +{ + diffie_hellman_params_t *params; + chunk_t g, p; + + if (group == MODP_CUSTOM) + { + VA_ARGS_GET(group, g, p); + return create_generic(group, g, p, p.len); + } + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + return create_generic(group, params->generator, params->prime, + params->exp_len); +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h new file mode 100644 index 000000000..84408229f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_diffie_hellman botan_diffie_hellman + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_DIFFIE_HELLMAN_H_ +#define BOTAN_DIFFIE_HELLMAN_H_ + +typedef struct botan_diffie_hellman_t botan_diffie_hellman_t; + +#include <crypto/diffie_hellman.h> + +/** + * Implementation of the Diffie-Hellman algorithm using Botan. + */ +struct botan_diffie_hellman_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new botan_diffie_hellman_t object. + * + * @param group Diffie Hellman group number to use + * @param ... expects generator and prime as chunk_t if MODP_CUSTOM + * @return botan_diffie_hellman_t object, + * NULL if not supported + */ +botan_diffie_hellman_t *botan_diffie_hellman_create( + diffie_hellman_group_t group, ...); + +#endif /** BOTAN_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c new file mode 100644 index 000000000..ed28b4639 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_ec_diffie_hellman.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDH + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_diffie_hellman_t private_botan_ec_diffie_hellman_t; + +/** + * Private data of a botan_ec_diffie_hellman_t object. + */ +struct private_botan_ec_diffie_hellman_t { + + /** + * Public interface + */ + botan_ec_diffie_hellman_t public; + + /** + * Diffie Hellman group + */ + diffie_hellman_group_t group; + + /** + * EC curve name + */ + const char* curve_name; + + /** + * EC private key + */ + botan_privkey_t key; + + /** + * Shared secret + */ + chunk_t shared_secret; +}; + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(this->group, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + /* prepend 0x04 to indicate uncompressed point format */ + value = chunk_cata("cc", chunk_from_chars(0x04), value); + + return botan_dh_key_derivation(this->key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t *value) +{ + chunk_t pkey = chunk_empty; + + if (botan_pk_op_key_agreement_export_public(this->key, NULL, &pkey.len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + pkey = chunk_alloca(pkey.len); + if (botan_pk_op_key_agreement_export_public(this->key, pkey.ptr, &pkey.len)) + { + return FALSE; + } + + /* skip 0x04 byte prepended by botan */ + *value = chunk_clone(chunk_skip(pkey, 1)); + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t value) +{ + botan_mp_t scalar; + + chunk_clear(&this->shared_secret); + + if (!chunk_to_botan_mp(value, &scalar)) + { + return FALSE; + } + + if (botan_privkey_destroy(this->key)) + { + botan_mp_destroy(scalar); + return FALSE; + } + + if (botan_privkey_load_ecdh(&this->key, scalar, this->curve_name)) + { + botan_mp_destroy(scalar); + return FALSE; + } + + botan_mp_destroy(scalar); + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_botan_ec_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_botan_ec_diffie_hellman_t *this) +{ + botan_privkey_destroy(this->key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Described in header. + */ +botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create( + diffie_hellman_group_t group) +{ + private_botan_ec_diffie_hellman_t *this; + botan_rng_t rng; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + ); + + switch (group) + { + case ECP_256_BIT: + this->curve_name = "secp256r1"; + break; + case ECP_384_BIT: + this->curve_name = "secp384r1"; + break; + case ECP_521_BIT: + this->curve_name = "secp521r1"; + break; + case ECP_256_BP: + this->curve_name = "brainpool256r1"; + break; + case ECP_384_BP: + this->curve_name = "brainpool384r1"; + break; + case ECP_512_BP: + this->curve_name = "brainpool512r1"; + break; + default: + free(this); + return NULL; + } + + if (botan_rng_init(&rng, "user")) + { + free(this); + return NULL; + } + + if (botan_privkey_create_ecdh(&this->key, rng, this->curve_name)) + { + DBG1(DBG_LIB, "ECDH private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h new file mode 100644 index 000000000..0ba832ed3 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_ec_diffie_hellman botan_ec_diffie_hellman + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_EC_DIFFIE_HELLMAN_H_ +#define BOTAN_EC_DIFFIE_HELLMAN_H_ + +typedef struct botan_ec_diffie_hellman_t botan_ec_diffie_hellman_t; + +#include <library.h> + +/** + * Implementation of the EC Diffie-Hellman algorithm using Botan. + */ +struct botan_ec_diffie_hellman_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new botan_ec_diffie_hellman_t object. + * + * @param group EC Diffie Hellman group number to use + * @return botan_ec_diffie_hellman_t object, NULL if not supported + */ +botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create( + diffie_hellman_group_t group); + +#endif /** BOTAN_EC_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.c b/src/libstrongswan/plugins/botan/botan_ec_private_key.c new file mode 100644 index 000000000..f8dbb66d7 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.c @@ -0,0 +1,452 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + + +#include "botan_ec_private_key.h" +#include "botan_ec_public_key.h" +#include "botan_util.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDSA + +#include <asn1/asn1.h> +#include <asn1/oid.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_private_key_t private_botan_ec_private_key_t; + +/** + * Private data of a botan_ec_private_key_t object. + */ +struct private_botan_ec_private_key_t { + + /** + * Public interface + */ + botan_ec_private_key_t public; + + /** + * Botan ec private key + */ + botan_privkey_t key; + + /** + * OID of the curve + */ + int oid; + + /** + * Reference count + */ + refcount_t ref; +}; + +#define SIG_FORMAT_IEEE_1363 0 +#define SIG_FORMAT_DER_SEQUENCE 1 + +/** + * Build a DER encoded signature as in RFC 3279 or as in RFC 4754 + */ +static bool build_signature(botan_privkey_t key, const char *hash_and_padding, + int signature_format, chunk_t data, + chunk_t *signature) +{ + if (!botan_get_signature(key, hash_and_padding, data, signature)) + { + return FALSE; + } + + if (signature_format == SIG_FORMAT_DER_SEQUENCE) + { + /* format as ASN.1 sequence of two integers r,s */ + chunk_t r = chunk_empty, s = chunk_empty; + + chunk_split(*signature, "aa", signature->len / 2, &r, + signature->len / 2, &s); + + chunk_free(signature); + *signature = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", r), + asn1_integer("m", s)); + } + return TRUE; +} + +METHOD(private_key_t, sign, bool, + private_botan_ec_private_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t *signature) +{ + switch (scheme) + { + /* r||s -> Botan::IEEE_1363, data is the hash already */ + case SIGN_ECDSA_WITH_NULL: + return build_signature(this->key, "Raw", + SIG_FORMAT_IEEE_1363, data, signature); + /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */ + case SIGN_ECDSA_WITH_SHA1_DER: + return build_signature(this->key, "EMSA1(SHA-1)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return build_signature(this->key, "EMSA1(SHA-256)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return build_signature(this->key, "EMSA1(SHA-384)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return build_signature(this->key, "EMSA1(SHA-512)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + /* r||s -> Botan::IEEE_1363 */ + case SIGN_ECDSA_256: + return build_signature(this->key, "EMSA1(SHA-256)", + SIG_FORMAT_IEEE_1363, data, signature); + case SIGN_ECDSA_384: + return build_signature(this->key, "EMSA1(SHA-384)", + SIG_FORMAT_IEEE_1363, data, signature); + case SIGN_ECDSA_521: + return build_signature(this->key, "EMSA1(SHA-512)", + SIG_FORMAT_IEEE_1363, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(private_key_t, decrypt, bool, + private_botan_ec_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + DBG1(DBG_LIB, "EC private key decryption not implemented"); + return FALSE; +} + +METHOD(private_key_t, get_keysize, int, + private_botan_ec_private_key_t *this) +{ + botan_mp_t p; + size_t bits = 0; + + if (botan_mp_init(&p)) + { + return 0; + } + + if (botan_privkey_get_field(p, this->key, "p") || + botan_mp_num_bits(p, &bits)) + { + botan_mp_destroy(p); + return 0; + } + + botan_mp_destroy(p); + return bits; +} + +METHOD(private_key_t, get_type, key_type_t, + private_botan_ec_private_key_t *this) +{ + return KEY_ECDSA; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_botan_ec_private_key_t *this) +{ + botan_pubkey_t pubkey; + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return NULL; + } + return (public_key_t*)botan_ec_public_key_adopt(pubkey); +} + +METHOD(private_key_t, get_fingerprint, bool, + private_botan_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + botan_pubkey_t pubkey; + bool success = FALSE; + + /* check the cache before doing the export */ + if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint)) + { + return TRUE; + } + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return FALSE; + } + success = botan_get_fingerprint(pubkey, this, type, fingerprint); + botan_pubkey_destroy(pubkey); + return success; +} + +METHOD(private_key_t, get_encoding, bool, + private_botan_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_privkey_encoding(this->key, type, encoding); +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_botan_ec_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_botan_ec_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_privkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_ec_private_key_t *create_empty(int oid) +{ + private_botan_ec_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .oid = oid, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, int oid) +{ + private_botan_ec_private_key_t *this; + + this = create_empty(oid); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args) +{ + private_botan_ec_private_key_t *this; + botan_rng_t rng; + u_int key_size = 0; + int oid; + const char *curve; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (!key_size) + { + return NULL; + } + + switch (key_size) + { + case 256: + curve = "secp256r1"; + oid = OID_PRIME256V1; + break; + case 384: + curve = "secp384r1"; + oid = OID_SECT384R1; + break; + case 521: + curve = "secp521r1"; + oid = OID_SECT521R1; + break; + default: + DBG1(DBG_LIB, "EC private key size %d not supported via botan", + key_size); + return NULL; + } + + if (botan_rng_init(&rng, "system")) + { + return NULL; + } + + this = create_empty(oid); + + if (botan_privkey_create_ecdsa(&this->key, rng, curve)) + { + DBG1(DBG_LIB, "EC private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args) +{ + private_botan_ec_private_key_t *this; + chunk_t params = chunk_empty, key = chunk_empty; + chunk_t alg_id = chunk_empty, pkcs8 = chunk_empty; + botan_rng_t rng; + int oid = OID_UNKNOWN; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ALGID_PARAMS: + params = va_arg(args, chunk_t); + continue; + case BUILD_BLOB_ASN1_DER: + key = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + /* + * Botan expects a PKCS#8 private key, so we build one, if necessary. + * RFC 5480 mandates ECParameters as part of the algorithmIdentifier, which + * we should get from e.g. the pkcs8 plugin. + */ + if (params.len != 0 && type == KEY_ECDSA) + { + /* if ECParameters is passed, just use it */ + alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY, + chunk_clone(params)); + if (asn1_unwrap(¶ms, ¶ms) == ASN1_OID) + { + oid = asn1_known_oid(params); + } + } + else + { + /* + * no explicit ECParameters passed, try to extract them from the + * ECPrivateKey structure and create an algorithmIdentifier + */ + chunk_t unwrap = key, inner; + + if (asn1_unwrap(&unwrap, &unwrap) == ASN1_SEQUENCE && + asn1_unwrap(&unwrap, &inner) == ASN1_INTEGER && + asn1_parse_integer_uint64(inner) == 1 && + asn1_unwrap(&unwrap, &inner) == ASN1_OCTET_STRING && + asn1_unwrap(&unwrap, &inner) == ASN1_CONTEXT_C_0 && + asn1_unwrap(&inner, &inner) == ASN1_OID) + { + oid = asn1_known_oid(inner); + if (oid != OID_UNKNOWN) + { + alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY, + asn1_simple_object(ASN1_OID, inner)); + } + } + } + + if (oid == OID_UNKNOWN) + { + chunk_free(&alg_id); + return NULL; + } + + pkcs8 = asn1_wrap(ASN1_SEQUENCE, "mms", + asn1_integer("c", chunk_from_chars(0x00)), + alg_id, + asn1_wrap(ASN1_OCTET_STRING, "c", key)); + + this = create_empty(oid); + + if (botan_rng_init(&rng, "user")) + { + chunk_clear(&pkcs8); + free(this); + return NULL; + } + + if (botan_privkey_load(&this->key, rng, pkcs8.ptr, pkcs8.len, NULL)) + { + chunk_clear(&pkcs8); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + chunk_clear(&pkcs8); + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.h b/src/libstrongswan/plugins/botan/botan_ec_private_key.h new file mode 100644 index 000000000..2b9686ceb --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_ec_private_key botan_ec_private_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_EC_PRIVATE_KEY_H_ +#define BOTAN_EC_PRIVATE_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +typedef struct botan_ec_private_key_t botan_ec_private_key_t; + +/** + * private_key_t implementation of ECDSA using Botan. + */ +struct botan_ec_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t key; +}; + +/** + * Generate a ECDSA private key using Botan. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args); + +/** + * Load a ECDSA private key using Botan. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, + va_list args); + +/** + * Load a ECDSA private key by adopting a botan_privkey_t object. + * + * @param key private key object (adopted) + * @param oid EC curve OID + * @return loaded key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, + int oid); + +#endif /** BOTAN_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c new file mode 100644 index 000000000..4c85dbcec --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c @@ -0,0 +1,277 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_ec_public_key.h" +#include "botan_util.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDSA + +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_public_key_t private_botan_ec_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_botan_ec_public_key_t { + + /** + * Public interface for this signer + */ + botan_ec_public_key_t public; + + /** + * Botan ec public key + */ + botan_pubkey_t key; + + /** + * Reference counter + */ + refcount_t ref; +}; + +#define SIG_FORMAT_IEEE_1363 0 +#define SIG_FORMAT_DER_SEQUENCE 1 + +/** + * Verification of a DER encoded signature as in RFC 3279 or as in RFC 4754 + */ +static bool verify_signature(private_botan_ec_public_key_t *this, + const char* hash_and_padding, int signature_format, size_t keylen, + chunk_t data, chunk_t signature) +{ + botan_pk_op_verify_t verify_op; + chunk_t sig = signature; + bool valid = FALSE; + + if (signature_format == SIG_FORMAT_DER_SEQUENCE) + { + /* + * botan requires a signature in IEEE 1363 format (r||s) + * re-encode from ASN.1 sequence of two integers r,s + */ + chunk_t parse = signature, r, s; + + if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE || + asn1_unwrap(&parse, &r) != ASN1_INTEGER || + asn1_unwrap(&parse, &s) != ASN1_INTEGER) + { + return FALSE; + } + + r = chunk_skip_zero(r); + s = chunk_skip_zero(s); + + /* + * r and s must be of size m_order.bytes()/2 each + */ + if (r.len > keylen || s.len > keylen) + { + return FALSE; + } + + sig = chunk_alloca(2 * keylen); + memset(sig.ptr, 0, sig.len); + memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len); + memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len); + } + + if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) + { + return FALSE; + } + + if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) + { + botan_pk_op_verify_destroy(verify_op); + return FALSE; + } + + valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len)); + + botan_pk_op_verify_destroy(verify_op); + return valid; +} + +METHOD(public_key_t, get_type, key_type_t, + private_botan_ec_public_key_t *this) +{ + return KEY_ECDSA; +} + +METHOD(public_key_t, get_keysize, int, + private_botan_ec_public_key_t *this) +{ + botan_mp_t p; + size_t bits = 0; + + if (botan_mp_init(&p)) + { + return 0; + } + + if (botan_pubkey_get_field(p, this->key, "p") || + botan_mp_num_bits(p, &bits)) + { + botan_mp_destroy(p); + return 0; + } + + botan_mp_destroy(p); + return bits; +} + +METHOD(public_key_t, verify, bool, + private_botan_ec_public_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t signature) +{ + size_t keylen = (get_keysize(this) + 7) / 8; + const char *hash_and_padding; + int sig_format; + + switch (scheme) + { + /* r||s -> Botan::IEEE_1363, data is the hash already */ + case SIGN_ECDSA_WITH_NULL: + hash_and_padding = "Raw"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */ + case SIGN_ECDSA_WITH_SHA1_DER: + hash_and_padding = "EMSA1(SHA-1)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA256_DER: + hash_and_padding = "EMSA1(SHA-256)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA384_DER: + hash_and_padding = "EMSA1(SHA-384)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA512_DER: + hash_and_padding = "EMSA1(SHA-512)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + /* r||s -> Botan::IEEE_1363 */ + case SIGN_ECDSA_256: + hash_and_padding = "EMSA1(SHA-256)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + case SIGN_ECDSA_384: + hash_and_padding = "EMSA1(SHA-384)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + case SIGN_ECDSA_521: + hash_and_padding = "EMSA1(SHA-512)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } + + return verify_signature(this, hash_and_padding, + sig_format, keylen, data, signature); +} + +METHOD(public_key_t, encrypt, bool, + private_botan_ec_public_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + DBG1(DBG_LIB, "EC public key encryption not implemented"); + return FALSE; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_botan_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + return botan_get_fingerprint(this->key, this, type, fingerprint); +} + +METHOD(public_key_t, get_encoding, bool, + private_botan_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_encoding(this->key, type, encoding); +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_botan_ec_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_botan_ec_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_pubkey_destroy(this->key); + free(this); + } +} + +/* + * Described in header + */ +botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key) +{ + private_botan_ec_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .get_keysize = _get_keysize, + .equals = public_key_equals, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .key = key, + .ref = 1, + ); + + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.h b/src/libstrongswan/plugins/botan/botan_ec_public_key.h new file mode 100644 index 000000000..ddb3d5b04 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef BOTAN_EC_PUBLIC_KEY_H_ +#define BOTAN_EC_PUBLIC_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/public_key.h> + +typedef struct botan_ec_public_key_t botan_ec_public_key_t; + +/** + * public_key_t implementation of ECDSA using botan. + */ +struct botan_ec_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a ECDSA public key by adopting a botan_pubkey_t object. + * + * @param key public key object (adopted) + * @return loaded key, NULL on failure + */ +botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key); + +#endif /** BOTAN_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_gcm.c b/src/libstrongswan/plugins/botan/botan_gcm.c new file mode 100644 index 000000000..7e0fc1468 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_gcm.c @@ -0,0 +1,333 @@ +/* + * Copyright (C) 2018 Atanas Filyanov + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_gcm.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_AES +#ifdef BOTAN_HAS_AEAD_GCM + +#include <crypto/iv/iv_gen_seq.h> + +#include <botan/ffi.h> + +/** + * as defined in RFC 4106 + */ +#define IV_LEN 8 +#define SALT_LEN 4 +#define NONCE_LEN (IV_LEN + SALT_LEN) + +typedef struct private_aead_t private_aead_t; + +struct private_aead_t { + + /** + * Public interface + */ + aead_t public; + + /** + * The encryption key + */ + chunk_t key; + + /** + * Salt value + */ + char salt[SALT_LEN]; + + /** + * Size of the integrity check value + */ + size_t icv_size; + + /** + * IV generator + */ + iv_gen_t *iv_gen; + + /** + * The cipher to use + */ + const char* cipher_name; +}; + +/** + * Do the actual en/decryption + */ +static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, + u_char *out, uint32_t init_flag) +{ + botan_cipher_t cipher; + uint8_t nonce[NONCE_LEN]; + size_t output_written = 0, input_consumed = 0; + + memcpy(nonce, this->salt, SALT_LEN); + memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN); + + if (botan_cipher_init(&cipher, this->cipher_name, init_flag)) + { + return FALSE; + } + + if (botan_cipher_set_key(cipher, this->key.ptr, this->key.len)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (assoc.len && + botan_cipher_set_associated_data(cipher, assoc.ptr, assoc.len)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (botan_cipher_start(cipher, nonce, NONCE_LEN)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (init_flag == BOTAN_CIPHER_INIT_FLAG_ENCRYPT) + { + if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + out, data.len + this->icv_size, &output_written, + data.ptr, data.len, &input_consumed)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + } + else if (init_flag == BOTAN_CIPHER_INIT_FLAG_DECRYPT) + { + if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + out, data.len, &output_written, data.ptr, + data.len + this->icv_size, &input_consumed)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + } + + botan_cipher_destroy(cipher); + + return TRUE; +} + +METHOD(aead_t, encrypt, bool, + private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted) +{ + u_char *out; + + out = plain.ptr; + if (encrypted) + { + *encrypted = chunk_alloc(plain.len + this->icv_size); + out = encrypted->ptr; + } + return crypt(this, plain, assoc, iv, out, BOTAN_CIPHER_INIT_FLAG_ENCRYPT); +} + +METHOD(aead_t, decrypt, bool, + private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain) +{ + u_char *out; + + if (encrypted.len < this->icv_size) + { + return FALSE; + } + encrypted.len -= this->icv_size; + + out = encrypted.ptr; + if (plain) + { + *plain = chunk_alloc(encrypted.len); + out = plain->ptr; + } + return crypt(this, encrypted, assoc, iv, out, + BOTAN_CIPHER_INIT_FLAG_DECRYPT); +} + +METHOD(aead_t, get_block_size, size_t, + private_aead_t *this) +{ + return 1; +} + +METHOD(aead_t, get_icv_size, size_t, + private_aead_t *this) +{ + return this->icv_size; +} + +METHOD(aead_t, get_iv_size, size_t, + private_aead_t *this) +{ + return IV_LEN; +} + +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + return this->iv_gen; +} + +METHOD(aead_t, get_key_size, size_t, + private_aead_t *this) +{ + return this->key.len + SALT_LEN; +} + +METHOD(aead_t, set_key, bool, + private_aead_t *this, chunk_t key) +{ + if (key.len != get_key_size(this)) + { + return FALSE; + } + memcpy(this->salt, key.ptr + key.len - SALT_LEN, SALT_LEN); + memcpy(this->key.ptr, key.ptr, this->key.len); + return TRUE; +} + +METHOD(aead_t, destroy, void, + private_aead_t *this) +{ + chunk_clear(&this->key); + this->iv_gen->destroy(this->iv_gen); + free(this); +} + +/* + * Described in header + */ +aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size) +{ + private_aead_t *this; + + INIT(this, + .public = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_icv_size = _get_icv_size, + .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + ); + + if (salt_size && salt_size != SALT_LEN) + { + /* currently not supported */ + free(this); + return NULL; + } + + switch (algo) + { + case ENCR_AES_GCM_ICV8: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM(8)"; + break; + case 24: + this->cipher_name = "AES-192/GCM(8)"; + break; + case 32: + this->cipher_name = "AES-256/GCM(8)"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 8; + break; + case ENCR_AES_GCM_ICV12: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM(12)"; + break; + case 24: + this->cipher_name = "AES-192/GCM(12)"; + break; + case 32: + this->cipher_name = "AES-256/GCM(12)"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 12; + break; + case ENCR_AES_GCM_ICV16: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM"; + break; + case 24: + this->cipher_name = "AES-192/GCM"; + break; + case 32: + this->cipher_name = "AES-256/GCM"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 16; + break; + default: + free(this); + return NULL; + } + + this->key = chunk_alloc(key_size); + this->iv_gen = iv_gen_seq_create(); + + return &this->public; +} + +#endif +#endif diff --git a/src/libstrongswan/plugins/botan/botan_gcm.h b/src/libstrongswan/plugins/botan/botan_gcm.h new file mode 100644 index 000000000..b2053cb4d --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_gcm.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2018 Atanas Filyanov + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Implements the aead_t interface using Botan in GCM mode. + * + * @defgroup botan_gcm botan_gcm + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_GCM_H_ +#define BOTAN_GCM_H_ + +#include <crypto/aead.h> + +/** + * Constructor to create aead_t implementation. + * + * @param algo algorithm to implement + * @param key_size key size in bytes + * @param salt_size size of implicit salt length + * @return aead_t object, NULL if not supported + */ +aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size); + +#endif /** BOTAN_GCM_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_hasher.c b/src/libstrongswan/plugins/botan/botan_hasher.c new file mode 100644 index 000000000..d574db0dc --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hasher.c @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_hasher.h" +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_hasher_t private_botan_hasher_t; + +/** + * Private data of botan_hasher_t + */ +struct private_botan_hasher_t { + + /** + * Public part of this class. + */ + botan_hasher_t public; + + /** + * botan hash instance + */ + botan_hash_t hash; +}; + +METHOD(hasher_t, get_hash_size, size_t, + private_botan_hasher_t *this) +{ + size_t len = 0; + + if (botan_hash_output_length(this->hash, &len)) + { + return 0; + } + return len; +} + +METHOD(hasher_t, reset, bool, + private_botan_hasher_t *this) +{ + if (botan_hash_clear(this->hash)) + { + return FALSE; + } + return TRUE; +} + +METHOD(hasher_t, get_hash, bool, + private_botan_hasher_t *this, chunk_t chunk, uint8_t *hash) +{ + if (botan_hash_update(this->hash, chunk.ptr, chunk.len)) + { + return FALSE; + } + + if (hash && botan_hash_final(this->hash, hash)) + { + return FALSE; + } + return TRUE; +} + +METHOD(hasher_t, allocate_hash, bool, + private_botan_hasher_t *this, chunk_t chunk, chunk_t *hash) +{ + if (hash) + { + *hash = chunk_alloc(get_hash_size(this)); + return get_hash(this, chunk, hash->ptr); + } + return get_hash(this, chunk, NULL); +} + +METHOD(hasher_t, destroy, void, + private_botan_hasher_t *this) +{ + botan_hash_destroy(this->hash); + free(this); +} + +/* + * Described in header + */ +botan_hasher_t *botan_hasher_create(hash_algorithm_t algo) +{ + private_botan_hasher_t *this; + const char* hash_name; + + hash_name = botan_get_hash(algo); + if (!hash_name) + { + return FALSE; + } + + INIT(this, + .public = { + .hasher = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); + + if (botan_hash_init(&this->hash, hash_name, 0)) + { + free(this); + return NULL; + } + return &this->public; +} diff --git a/src/libstrongswan/plugins/botan/botan_hasher.h b/src/libstrongswan/plugins/botan/botan_hasher.h new file mode 100644 index 000000000..164f63711 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hasher.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_hasher botan_hasher + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_HASHER_H_ +#define BOTAN_HASHER_H_ + +typedef struct botan_hasher_t botan_hasher_t; + +#include <crypto/hashers/hasher.h> + +/** + * Implementation of hashers using botan. + */ +struct botan_hasher_t { + + /** + * The hasher_t interface. + */ + hasher_t hasher; +}; + +/** + * Constructor to create botan_hasher_t. + * + * @param algo algorithm + * @return botan_hasher_t, NULL if not supported + */ +botan_hasher_t *botan_hasher_create(hash_algorithm_t algo); + +#endif /** BOTAN_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_hmac.c b/src/libstrongswan/plugins/botan/botan_hmac.c new file mode 100644 index 000000000..367d27f24 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hmac.c @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_hmac.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_HMAC + +#include <crypto/mac.h> +#include <crypto/prfs/mac_prf.h> +#include <crypto/signers/mac_signer.h> + +#include <botan/ffi.h> + +typedef struct private_botan_mac_t private_botan_mac_t; + +/** + * Private data of a mac_t object. + */ +struct private_botan_mac_t { + + /** + * Public interface + */ + mac_t public; + + /** + * HMAC + */ + botan_mac_t hmac; +}; + +METHOD(mac_t, set_key, bool, + private_botan_mac_t *this, chunk_t key) +{ + if (botan_mac_set_key(this->hmac, key.ptr, key.len)) + { + return FALSE; + } + return TRUE; +} + +METHOD(mac_t, get_mac, bool, + private_botan_mac_t *this, chunk_t data, uint8_t *out) +{ + if (botan_mac_update(this->hmac, data.ptr, data.len)) + { + return FALSE; + } + + if (out && botan_mac_final(this->hmac, out)) + { + return FALSE; + } + return TRUE; +} + +METHOD(mac_t, get_mac_size, size_t, + private_botan_mac_t *this) +{ + size_t len = 0; + + if (botan_mac_output_length(this->hmac, &len)) + { + return 0; + } + return len; +} + +METHOD(mac_t, destroy, void, + private_botan_mac_t *this) +{ + botan_mac_destroy(this->hmac); + free(this); +} + +/* + * Create a Botan-backed implementation of the mac_t interface + */ +static mac_t *hmac_create(hash_algorithm_t algo) +{ + private_botan_mac_t *this; + const char* hmac_name; + + switch (algo) + { + case HASH_SHA1: + hmac_name = "HMAC(SHA-1)"; + break; + case HASH_SHA256: + hmac_name = "HMAC(SHA-256)"; + break; + case HASH_SHA384: + hmac_name = "HMAC(SHA-384)"; + break; + case HASH_SHA512: + hmac_name = "HMAC(SHA-512)"; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .get_mac = _get_mac, + .get_mac_size = _get_mac_size, + .set_key = _set_key, + .destroy = _destroy, + } + ); + + if (botan_mac_init(&this->hmac, hmac_name, 0)) + { + free(this); + return NULL; + } + return &this->public; +} + +/* + * Described in header + */ +prf_t *botan_hmac_prf_create(pseudo_random_function_t algo) +{ + mac_t *hmac; + + hmac = hmac_create(hasher_algorithm_from_prf(algo)); + if (hmac) + { + return mac_prf_create(hmac); + } + return NULL; +} + +/* + * Described in header + */ +signer_t *botan_hmac_signer_create(integrity_algorithm_t algo) +{ + mac_t *hmac; + size_t trunc; + + hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc)); + if (hmac) + { + return mac_signer_create(hmac, trunc); + } + return NULL; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_hmac.h b/src/libstrongswan/plugins/botan/botan_hmac.h new file mode 100644 index 000000000..1deeea961 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hmac.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Implements HMAC based PRF and signer using Botan's HMAC functions. + * + * @defgroup botan_hmac botan_hmac + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_HMAC_H_ +#define BOTAN_HMAC_H_ + +#include <crypto/prfs/prf.h> +#include <crypto/signers/signer.h> + +/** + * Creates a new prf_t object based on an HMAC. + * + * @param algo algorithm to implement + * @return prf_t object, NULL if not supported + */ +prf_t *botan_hmac_prf_create(pseudo_random_function_t algo); + +/** + * Creates a new signer_t object based on an HMAC. + * + * @param algo algorithm to implement + * @return signer_t, NULL if not supported + */ +signer_t *botan_hmac_signer_create(integrity_algorithm_t algo); + +#endif /** BOTAN_HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_plugin.c b/src/libstrongswan/plugins/botan/botan_plugin.c new file mode 100644 index 000000000..fd8e5f5a6 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_plugin.c @@ -0,0 +1,313 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_plugin.h" +#include "botan_rng.h" +#include "botan_hasher.h" +#include "botan_crypter.h" +#include "botan_diffie_hellman.h" +#include "botan_hmac.h" +#include "botan_rsa_public_key.h" +#include "botan_rsa_private_key.h" +#include "botan_ec_diffie_hellman.h" +#include "botan_ec_public_key.h" +#include "botan_ec_private_key.h" +#include "botan_gcm.h" +#include "botan_util_keys.h" +#include "botan_x25519.h" + +#include <library.h> + +#include <botan/build.h> +#include <botan/ffi.h> + +typedef struct private_botan_plugin_t private_botan_plugin_t; + +/** + * private data of botan_plugin + */ +struct private_botan_plugin_t { + + /** + * public functions + */ + botan_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_botan_plugin_t *this) +{ + return "botan"; +} + +METHOD(plugin_t, get_features, int, + private_botan_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + +#ifdef BOTAN_HAS_DIFFIE_HELLMAN + /* MODP DH groups */ + PLUGIN_REGISTER(DH, botan_diffie_hellman_create), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), +#endif +#ifdef BOTAN_HAS_ECDH + /* EC DH groups */ + PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_PROVIDE(DH, ECP_384_BIT), + PLUGIN_PROVIDE(DH, ECP_521_BIT), + PLUGIN_PROVIDE(DH, ECP_256_BP), + PLUGIN_PROVIDE(DH, ECP_384_BP), + PLUGIN_PROVIDE(DH, ECP_512_BP), +#endif +#ifdef BOTAN_HAS_X25519 + PLUGIN_REGISTER(DH, botan_x25519_create), + PLUGIN_PROVIDE(DH, CURVE_25519), +#endif + + /* crypters */ + PLUGIN_REGISTER(CRYPTER, botan_crypter_create), +#ifdef BOTAN_HAS_AES + #ifdef BOTAN_HAS_MODE_CBC + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), + #endif + #ifdef BOTAN_HAS_AEAD_GCM + /* AES GCM */ + PLUGIN_REGISTER(AEAD, botan_gcm_create), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), + #endif +#endif + /* hashers */ + PLUGIN_REGISTER(HASHER, botan_hasher_create), +#ifdef BOTAN_HAS_MD5 + PLUGIN_PROVIDE(HASHER, HASH_MD5), +#endif +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(HASHER, HASH_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), +#endif + /* prfs */ +#ifdef BOTAN_HAS_HMAC + PLUGIN_REGISTER(PRF, botan_hmac_prf_create), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), +#endif + /* signer */ + PLUGIN_REGISTER(SIGNER, botan_hmac_signer_create), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), +#endif +#endif /* BOTAN_HAS_HMAC */ + + /* generic key loaders */ +#if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) + PLUGIN_REGISTER(PUBKEY, botan_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), +#ifdef BOTAN_HAS_RSA + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), +#endif +#ifdef BOTAN_HAS_ECDSA + PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), +#endif + PLUGIN_REGISTER(PRIVKEY, botan_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), +#ifdef BOTAN_HAS_RSA + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), +#endif +#ifdef BOTAN_HAS_ECDSA + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), +#endif +#endif + /* RSA */ +#ifdef BOTAN_HAS_RSA + /* public/private key loading/generation */ + PLUGIN_REGISTER(PUBKEY, botan_rsa_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY, botan_rsa_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY_GEN, botan_rsa_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + /* encryption/signature schemes */ +#ifdef BOTAN_HAS_EMSA_PKCS1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), +#endif +#endif +#ifdef BOTAN_HAS_EMSA_PSSR + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), +#endif + PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), +#ifdef BOTAN_HAS_EME_OAEP +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), +#endif +#endif +#endif /* BOTAN_HAS_RSA */ + +#ifdef BOTAN_HAS_ECDSA + /* EC private/public key loading */ + PLUGIN_REGISTER(PRIVKEY, botan_ec_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY_GEN, botan_ec_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), +#ifdef BOTAN_HAS_EMSA_RAW + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), +#endif +#ifdef BOTAN_HAS_EMSA1 +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), +#endif +#ifndef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), +#endif +#endif /* BOTAN_HAS_EMSA1 */ +#endif /* BOTAN_HAS_ECDSA */ + + /* random numbers */ +#if BOTAN_HAS_SYSTEM_RNG +#if BOTAN_HAS_HMAC_DRBG + PLUGIN_REGISTER(RNG, botan_rng_create), + PLUGIN_PROVIDE(RNG, RNG_WEAK), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE) +#endif +#endif + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_botan_plugin_t *this) +{ + free(this); +} + +/* + * Described in header + */ +plugin_t *botan_plugin_create() +{ + private_botan_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/botan/botan_plugin.h b/src/libstrongswan/plugins/botan/botan_plugin.h new file mode 100644 index 000000000..fdb08a90e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_plugin.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_p botan + * @ingroup plugins + * + * @defgroup botan_plugin botan_plugin + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_PLUGIN_H_ +#define BOTAN_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct botan_plugin_t botan_plugin_t; + +/** + * Plugin implementing crypto functions using Botan. + */ +struct botan_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** BOTAN_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_rng.c b/src/libstrongswan/plugins/botan/botan_rng.c new file mode 100644 index 000000000..c49225c3c --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rng.c @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rng.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_HMAC_DRBG + +#include <botan/ffi.h> + +typedef struct private_botan_random_t private_botan_random_t; + +/** + * Private data of an botan_rng_t object. + */ +struct private_botan_random_t { + + /** + * Public botan_rnd_t interface. + */ + botan_random_t public; + + /** + * RNG quality of this instance + */ + rng_quality_t quality; + + /** + * RNG instance + */ + botan_rng_t rng; +}; + +METHOD(rng_t, get_bytes, bool, + private_botan_random_t *this, size_t bytes, uint8_t *buffer) +{ + return botan_rng_get(this->rng, buffer, bytes) == 0; +} + +METHOD(rng_t, allocate_bytes, bool, + private_botan_random_t *this, size_t bytes, chunk_t *chunk) +{ + *chunk = chunk_alloc(bytes); + if (!get_bytes(this, chunk->len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + return TRUE; +} + +METHOD(rng_t, destroy, void, + private_botan_random_t *this) +{ + botan_rng_destroy(this->rng); + free(this); +} + +/* + * Described in header + */ +botan_random_t *botan_rng_create(rng_quality_t quality) +{ + private_botan_random_t *this; + const char* rng_name; + + switch (quality) + { + case RNG_WEAK: + case RNG_STRONG: + /* some rng_t instances of this class (e.g. in the ike-sa-manager) + * may be called concurrently by different threads. the Botan RNGs + * are not reentrant, by default, so use the threadsafe version. + * because we build without threading support when running tests + * with leak-detective (lots of reports of frees of unknown memory) + * there is a fallback to the default */ +#ifdef BOTAN_TARGET_OS_HAS_THREADS + rng_name = "user-threadsafe"; +#else + rng_name = "user"; +#endif + break; + case RNG_TRUE: + rng_name = "system"; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .rng = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + }, + .quality = quality, + ); + + if (botan_rng_init(&this->rng, rng_name)) + { + free(this); + return NULL; + } + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rng.h b/src/libstrongswan/plugins/botan/botan_rng.h new file mode 100644 index 000000000..087288863 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rng.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rng botan_rng + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RNG_H_ +#define BOTAN_RNG_H_ + +typedef struct botan_random_t botan_random_t; + +#include <library.h> + +/** + * rng_t implementation using botan. + * + * @note botan_rng_t is a botan reserved type. + */ +struct botan_random_t { + + /** + * Implements rng_t. + */ + rng_t rng; +}; + +/** + * Creates a botan_random_t instance. + * + * @param quality required quality of randomness + * @return botan_random_t instance + */ +botan_random_t *botan_rng_create(rng_quality_t quality); + +#endif /** BOTAN_RNG_H_ @} */ diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c new file mode 100644 index 000000000..bb723ff95 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c @@ -0,0 +1,694 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rsa_private_key.h" +#include "botan_rsa_public_key.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_RSA + +#include "botan_util.h" + +#include <botan/ffi.h> + +#include <utils/debug.h> + +typedef struct private_botan_rsa_private_key_t private_botan_rsa_private_key_t; + +/** + * Private data of a botan_rsa_private_key_t object. + */ +struct private_botan_rsa_private_key_t { + + /** + * Public interface for this signer. + */ + botan_rsa_private_key_t public; + + /** + * Botan private key + */ + botan_privkey_t key; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Get the Botan string identifier for an EMSA PSS signature + */ +bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len) +{ + const char *hash; + + if (!params) + { + return FALSE; + } + + /* botan currently does not support passing the mgf1 hash */ + if (params->hash != params->mgf1_hash) + { + DBG1(DBG_LIB, "passing mgf1 hash not supported via botan"); + return FALSE; + } + + hash = botan_get_hash(params->hash); + if (!hash) + { + return FALSE; + } + + if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + return snprintf(id, len, "EMSA-PSS(%s,MGF1,%zd)", hash, + params->salt_len) < len; + } + return snprintf(id, len, "EMSA-PSS(%s,MGF1)", hash) < len; +} + +/** + * Build an EMSA PSS signature described in PKCS#1 + */ +static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t *sig) +{ + char hash_and_padding[BUF_LEN]; + + if (!botan_emsa_pss_identifier(params, hash_and_padding, + sizeof(hash_and_padding))) + { + return FALSE; + } + return botan_get_signature(this->key, hash_and_padding, data, sig); +} + +METHOD(private_key_t, get_type, key_type_t, + private_botan_rsa_private_key_t *this) +{ + return KEY_RSA; +} + +METHOD(private_key_t, sign, bool, + private_botan_rsa_private_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t *signature) +{ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_NULL: + return botan_get_signature(this->key, "EMSA_PKCS1(Raw)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-1)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-224)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-256)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-384)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-512)", data, + signature); + case SIGN_RSA_EMSA_PSS: + return build_emsa_pss_signature(this, params, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(private_key_t, decrypt, bool, + private_botan_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + botan_pk_op_decrypt_t decrypt_op; + const char *padding; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = "PKCS1v15"; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = "OAEP(SHA-1)"; + break; + case ENCRYPT_RSA_OAEP_SHA224: + padding = "OAEP(SHA-224)"; + break; + case ENCRYPT_RSA_OAEP_SHA256: + padding = "OAEP(SHA-256)"; + break; + case ENCRYPT_RSA_OAEP_SHA384: + padding = "OAEP(SHA-384)"; + break; + case ENCRYPT_RSA_OAEP_SHA512: + padding = "OAEP(SHA-512)"; + break; + default: + DBG1(DBG_LIB, "encryption scheme %N not supported via botan", + encryption_scheme_names, scheme); + return FALSE; + } + + if (botan_pk_op_decrypt_create(&decrypt_op, this->key, padding, 0)) + { + return FALSE; + } + + plain->len = 0; + if (botan_pk_op_decrypt_output_length(decrypt_op, crypto.len, &plain->len)) + { + botan_pk_op_decrypt_destroy(decrypt_op); + return FALSE; + } + + *plain = chunk_alloc(plain->len); + if (botan_pk_op_decrypt(decrypt_op, plain->ptr, &plain->len, crypto.ptr, + crypto.len)) + { + chunk_free(plain); + botan_pk_op_decrypt_destroy(decrypt_op); + return FALSE; + } + botan_pk_op_decrypt_destroy(decrypt_op); + return TRUE; +} + +METHOD(private_key_t, get_keysize, int, + private_botan_rsa_private_key_t *this) +{ + botan_mp_t n; + size_t bits = 0; + + if (botan_mp_init(&n)) + { + return 0; + } + + if (botan_privkey_rsa_get_n(n, this->key) || + botan_mp_num_bits(n, &bits)) + { + botan_mp_destroy(n); + return 0; + } + + botan_mp_destroy(n); + return bits; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_botan_rsa_private_key_t *this) +{ + botan_pubkey_t pubkey; + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return NULL; + } + return (public_key_t*)botan_rsa_public_key_adopt(pubkey); +} + +METHOD(private_key_t, get_fingerprint, bool, + private_botan_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + botan_pubkey_t pubkey; + bool success = FALSE; + + /* check the cache before doing the export */ + if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint)) + { + return TRUE; + } + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return FALSE; + } + success = botan_get_fingerprint(pubkey, this, type, fingerprint); + botan_pubkey_destroy(pubkey); + return success; +} + +METHOD(private_key_t, get_encoding, bool, + private_botan_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_privkey_encoding(this->key, type, encoding); +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_botan_rsa_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_botan_rsa_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_privkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_rsa_private_key_t *create_empty() +{ + private_botan_rsa_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key) +{ + private_botan_rsa_private_key_t *this; + + this = create_empty(); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type, + va_list args) +{ + private_botan_rsa_private_key_t *this; + botan_rng_t rng; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (!key_size) + { + return NULL; + } + + if (botan_rng_init(&rng, "system")) + { + return NULL; + } + + this = create_empty(); + + if (botan_privkey_create_rsa(&this->key, rng, key_size)) + { + botan_rng_destroy(rng); + free(this); + return NULL; + } + botan_rng_destroy(rng); + return &this->public; +} + +/** + * Recover the primes from n, e and d using the algorithm described in + * Appendix C of NIST SP 800-56B. + */ +static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d, + botan_mp_t *p, botan_mp_t *q) +{ + botan_mp_t k = NULL, one = NULL, r = NULL, zero = NULL, two = NULL; + botan_mp_t n1 = NULL, x = NULL, y = NULL, g = NULL, rem = NULL; + botan_rng_t rng = NULL; + int i, t, j; + bool success = FALSE; + + if (botan_mp_init(&k) || + botan_mp_init(&one) || + botan_mp_set_from_int(one, 1)) + { + goto error; + } + + /* 1. k = d * e - 1 */ + if (botan_mp_mul(k, *d, *e) || botan_mp_sub(k, k, one)) + { + goto error; + } + + /* k must be even */ + if (!botan_mp_is_even(k)) + { + goto error; + } + + /* 2. k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ + if (botan_mp_init(&r) || + botan_mp_set_from_mp(r, k)) + { + goto error; + } + + for (t = 0; !botan_mp_is_odd(r); t++) + { + if (botan_mp_rshift(r, r, 1)) + { + goto error; + } + } + + /* need 0 and n-1 below */ + if (botan_mp_init(&zero) || + botan_mp_init(&n1) || + botan_mp_sub(n1, *n, one)) + { + goto error; + } + + if (botan_mp_init(&g)) + { + goto error; + } + + if (botan_rng_init(&rng, "user")) + { + goto error; + } + + if (botan_mp_init(&two)) + { + goto error; + } + + if (botan_mp_set_from_int(two, 2)) + { + goto error; + } + + if (botan_mp_init(&y) || + botan_mp_init(&x)) + { + goto error; + } + + for (i = 0; i < 100; i++) + { + /* 3a. generate a random integer g in the range [0, n-1] */ + if (botan_mp_rand_range(g, rng, zero, n1)) + { + goto error; + } + /* 3b. y = g^r mod n */ + if (botan_mp_powmod(y, g, r, *n)) + { + goto error; + } + + /* 3c. If y = 1 or y = n – 1, try again */ + if (botan_mp_equal(y, one) || botan_mp_equal(y, n1)) + { + continue; + } + + for (j = 0; j < t; j++) + { + /* x = y^2 mod n */ + if (botan_mp_powmod(x, y, two, *n)) + { + goto error; + } + + /* stop if x == 1 */ + if (botan_mp_equal(x, one)) + { + goto done; + } + + /* retry with new g if x = n-1 */ + if (botan_mp_equal(x, n1)) + { + break; + } + + /* let y = x */ + if (botan_mp_set_from_mp(y, x)) + { + goto error; + } + } + } + +done: + /* 5. p = GCD(y – 1, n) and q = n/p */ + if (botan_mp_sub(y, y, one)) + { + goto error; + } + + if (botan_mp_init(p) || + botan_mp_gcd(*p, y, *n)) + { + goto error; + } + + if (botan_mp_init(q) || + botan_mp_init(&rem) || + botan_mp_div(*q, rem, *n, *p)) + { + goto error; + } + + if (!botan_mp_is_zero(rem)) + { + goto error; + } + + success = TRUE; + +error: + if (!success) + { + botan_mp_destroy(*p); + botan_mp_destroy(*q); + } + botan_rng_destroy(rng); + botan_mp_destroy(k); + botan_mp_destroy(one); + botan_mp_destroy(r); + botan_mp_destroy(zero); + botan_mp_destroy(two); + botan_mp_destroy(n1); + botan_mp_destroy(x); + botan_mp_destroy(y); + botan_mp_destroy(g); + botan_mp_destroy(rem); + return success; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type, + va_list args) +{ + private_botan_rsa_private_key_t *this; + chunk_t n, e, d, p, q, blob; + + n = e = d = p = q = blob = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + case BUILD_RSA_EXP2: + case BUILD_RSA_COEFF: + /* not required for botan */ + va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (type == KEY_ANY && !blob.ptr) + { + return NULL; + } + + if (blob.ptr) + { + this = create_empty(); + + if (botan_privkey_load_rsa_pkcs1(&this->key, blob.ptr, blob.len)) + { + free(this); + return NULL; + } + return &this->public; + } + + if (n.ptr && e.ptr && d.ptr) + { + botan_mp_t n_mp, e_mp, d_mp, p_mp, q_mp; + + if (!chunk_to_botan_mp(n, &n_mp)) + { + return NULL; + } + + if (!chunk_to_botan_mp(e, &e_mp)) + { + botan_mp_destroy(n_mp); + return NULL; + } + + if (!chunk_to_botan_mp(d, &d_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + return NULL; + } + + if (p.ptr && q.ptr) + { + if (!chunk_to_botan_mp(p, &p_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + return NULL; + } + + if (!chunk_to_botan_mp(q, &q_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + botan_mp_destroy(p_mp); + return NULL; + } + } + else + { + /* calculate p,q from n, e, d */ + if (!calculate_pq(&n_mp, &e_mp, &d_mp, &p_mp, &q_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + return NULL; + } + } + botan_mp_destroy(n_mp); + botan_mp_destroy(d_mp); + + this = create_empty(); + + if (botan_privkey_load_rsa(&this->key, p_mp, q_mp, e_mp)) + { + botan_mp_destroy(e_mp); + botan_mp_destroy(p_mp); + botan_mp_destroy(q_mp); + free(this); + return NULL; + } + + botan_mp_destroy(e_mp); + botan_mp_destroy(p_mp); + botan_mp_destroy(q_mp); + + return &this->public; + } + + return NULL; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.h b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h new file mode 100644 index 000000000..f0f419c7f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rsa_private_key botan_rsa_private_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RSA_PRIVATE_KEY_H_ +#define BOTAN_RSA_PRIVATE_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +typedef struct botan_rsa_private_key_t botan_rsa_private_key_t; + +/** + * private_key_t implementation of RSA algorithm using Botan. + */ +struct botan_rsa_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t key; +}; + +/** + * Generate a RSA private key using Botan. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a RSA private key using Botan. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type, + va_list args); + +/** + * Load a RSA private key by adopting a botan_privkey_t object. + * + * @param key private key object (adopted) + * @return loaded key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key); + +#endif /** BOTAN_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c new file mode 100644 index 000000000..c6e2e8861 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c @@ -0,0 +1,376 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rsa_public_key.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_RSA + +#include "botan_util.h" + +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_rsa_public_key_t private_botan_rsa_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_botan_rsa_public_key_t { + + /** + * Public interface for this signer + */ + botan_rsa_public_key_t public; + + /** + * Botan public key + */ + botan_pubkey_t key; + + /** + * Reference counter + */ + refcount_t ref; +}; + +/** + * Defined in botan_rsa_private_key.c + */ +bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len); + +/** + * Verify RSA signature + */ +static bool verify_rsa_signature(private_botan_rsa_public_key_t *this, + const char* hash_and_padding, chunk_t data, + chunk_t signature) +{ + botan_pk_op_verify_t verify_op; + bool valid = FALSE; + + if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) + { + return FALSE; + } + + if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) + { + botan_pk_op_verify_destroy(verify_op); + return FALSE; + } + + valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len); + + botan_pk_op_verify_destroy(verify_op); + return valid; +} + +/** + * Verification of an EMSA PSS signature described in PKCS#1 + */ +static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t signature) +{ + char hash_and_padding[BUF_LEN]; + + if (!botan_emsa_pss_identifier(params, hash_and_padding, + sizeof(hash_and_padding))) + { + return FALSE; + } + return verify_rsa_signature(this, hash_and_padding, data, signature); +} + +METHOD(public_key_t, get_type, key_type_t, + private_botan_rsa_public_key_t *this) +{ + return KEY_RSA; +} + +METHOD(public_key_t, verify, bool, + private_botan_rsa_public_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t signature) +{ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_NULL: + return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)", + data, signature); + case SIGN_RSA_EMSA_PSS: + return verify_emsa_pss_signature(this, params, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(public_key_t, encrypt, bool, + private_botan_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) +{ + botan_pk_op_encrypt_t encrypt_op; + botan_rng_t rng; + const char* padding; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = "PKCS1v15"; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = "OAEP(SHA-1)"; + break; + case ENCRYPT_RSA_OAEP_SHA224: + padding = "OAEP(SHA-224)"; + break; + case ENCRYPT_RSA_OAEP_SHA256: + padding = "OAEP(SHA-256)"; + break; + case ENCRYPT_RSA_OAEP_SHA384: + padding = "OAEP(SHA-384)"; + break; + case ENCRYPT_RSA_OAEP_SHA512: + padding = "OAEP(SHA-512)"; + break; + default: + DBG1(DBG_LIB, "encryption scheme %N not supported via botan", + encryption_scheme_names, scheme); + return FALSE; + } + + if (botan_rng_init(&rng, "user")) + { + return FALSE; + } + + if (botan_pk_op_encrypt_create(&encrypt_op, this->key, padding, 0)) + { + botan_rng_destroy(rng); + return FALSE; + } + + crypto->len = 0; + if (botan_pk_op_encrypt_output_length(encrypt_op, plain.len, &crypto->len)) + { + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return FALSE; + } + + *crypto = chunk_alloc(crypto->len); + if (botan_pk_op_encrypt(encrypt_op, rng, crypto->ptr, &crypto->len, + plain.ptr, plain.len)) + { + chunk_free(crypto); + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return FALSE; + } + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return TRUE; +} + +METHOD(public_key_t, get_keysize, int, + private_botan_rsa_public_key_t *this) +{ + botan_mp_t n; + size_t bits = 0; + + if (botan_mp_init(&n)) + { + return 0; + } + + if (botan_pubkey_rsa_get_n(n, this->key) || + botan_mp_num_bits(n, &bits)) + { + botan_mp_destroy(n); + return 0; + } + + botan_mp_destroy(n); + return bits; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_botan_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *fp) +{ + return botan_get_fingerprint(this->key, this, type, fp); +} + +METHOD(public_key_t, get_encoding, bool, + private_botan_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_encoding(this->key, type, encoding); +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_botan_rsa_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_botan_rsa_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_pubkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_rsa_public_key_t *create_empty() +{ + private_botan_rsa_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key) +{ + private_botan_rsa_public_key_t *this; + + this = create_empty(); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type, + va_list args) +{ + private_botan_rsa_public_key_t *this = NULL; + chunk_t n, e; + + n = e = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (n.ptr && e.ptr && type == KEY_RSA) + { + botan_mp_t mp_n, mp_e; + + if (!chunk_to_botan_mp(n, &mp_n)) + { + return NULL; + } + + if (!chunk_to_botan_mp(e, &mp_e)) + { + botan_mp_destroy(mp_n); + return NULL; + } + + this = create_empty(); + + if (botan_pubkey_load_rsa(&this->key, mp_n, mp_e)) + { + botan_mp_destroy(mp_n); + botan_mp_destroy(mp_e); + free(this); + return NULL; + } + + botan_mp_destroy(mp_n); + botan_mp_destroy(mp_e); + } + + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.h b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h new file mode 100644 index 000000000..1d80df9ff --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rsa_public_key botan_rsa_public_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RSA_PUBLIC_KEY_H_ +#define BOTAN_RSA_PUBLIC_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/keys/public_key.h> + +typedef struct botan_rsa_public_key_t botan_rsa_public_key_t; + +/** + * public_key_t implementation of RSA algorithm using Botan. + */ +struct botan_rsa_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a RSA public key using Botan. + * + * Accepts a BUILD_RSA_MODULUS/BUILD_RSA_PUB_EXP arguments. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type, + va_list args); + +/** + * Load a RSA public key by adopting a botan_pubkey_t object. + * + * @param key public key object (adopted) + * @return loaded key, NULL on failure + */ +botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key); + +#endif /** BOTAN_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c new file mode 100644 index 000000000..5e18405d7 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util.c @@ -0,0 +1,280 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +/* + * Described in header + */ +bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp) +{ + if (botan_mp_init(mp)) + { + return FALSE; + } + + if (botan_mp_from_bin(*mp, value.ptr, value.len)) + { + botan_mp_destroy(*mp); + return FALSE; + } + return TRUE; +} + +/* + * Described in header + */ +const char *botan_get_hash(hash_algorithm_t hash) +{ + switch (hash) + { + case HASH_MD5: + return "MD5"; + case HASH_SHA1: + return "SHA-1"; + case HASH_SHA224: + return "SHA-224"; + case HASH_SHA256: + return "SHA-256"; + case HASH_SHA384: + return "SHA-384"; + case HASH_SHA512: + return "SHA-512"; + default: + return NULL; + } +} + +/* + * Described in header + */ +bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type, + chunk_t *encoding) +{ + bool success = TRUE; + + encoding->len = 0; + if (botan_pubkey_export(pubkey, NULL, &encoding->len, + BOTAN_PRIVKEY_EXPORT_FLAG_DER) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *encoding = chunk_alloc(encoding->len); + if (botan_pubkey_export(pubkey, encoding->ptr, &encoding->len, + BOTAN_PRIVKEY_EXPORT_FLAG_DER)) + { + chunk_free(encoding); + return FALSE; + } + + if (type != PUBKEY_SPKI_ASN1_DER) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + CRED_PART_ECDSA_PUB_ASN1_DER, + asn1_encoding, CRED_PART_END); + chunk_free(&asn1_encoding); + } + return success; +} + +/* + * Described in header + */ +bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type, + chunk_t *encoding) +{ + uint32_t format = BOTAN_PRIVKEY_EXPORT_FLAG_DER; + + switch (type) + { + case PRIVKEY_PEM: + format = BOTAN_PRIVKEY_EXPORT_FLAG_PEM; + /* fall-through */ + case PRIVKEY_ASN1_DER: + encoding->len = 0; + if (botan_privkey_export(key, NULL, &encoding->len, format) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + *encoding = chunk_alloc(encoding->len); + if (botan_privkey_export(key, encoding->ptr, &encoding->len, + format)) + { + chunk_free(encoding); + return FALSE; + } + return TRUE; + default: + return FALSE; + } +} + +/* + * Described in header + */ +bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, + cred_encoding_type_t type, chunk_t *fp) +{ + hasher_t *hasher; + chunk_t key; + + if (cache && + lib->encoding->get_cache(lib->encoding, type, cache, fp)) + { + return TRUE; + } + + switch (type) + { + case KEYID_PUBKEY_SHA1: + /* subjectPublicKey -> use botan_pubkey_fingerprint() */ + *fp = chunk_alloc(HASH_SIZE_SHA1); + if (botan_pubkey_fingerprint(pubkey, "SHA-1", fp->ptr, &fp->len)) + { + chunk_free(fp); + return FALSE; + } + break; + case KEYID_PUBKEY_INFO_SHA1: + /* subjectPublicKeyInfo -> use botan_pubkey_export(), then hash */ + if (!botan_get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &key)) + { + return FALSE; + } + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher || !hasher->allocate_hash(hasher, key, fp)) + { + DBG1(DBG_LIB, "SHA1 hash algorithm not supported, " + "fingerprinting failed"); + DESTROY_IF(hasher); + chunk_free(&key); + return FALSE; + } + hasher->destroy(hasher); + chunk_free(&key); + break; + default: + return FALSE; + } + + if (cache) + { + lib->encoding->cache(lib->encoding, type, cache, *fp); + } + return TRUE; +} + +/* + * Described in header + */ +bool botan_get_signature(botan_privkey_t key, const char *scheme, + chunk_t data, chunk_t *signature) +{ + botan_pk_op_sign_t sign_op; + botan_rng_t rng; + + if (!scheme || !signature) + { + return FALSE; + } + + if (botan_pk_op_sign_create(&sign_op, key, scheme, 0)) + { + return FALSE; + } + + if (botan_pk_op_sign_update(sign_op, data.ptr, data.len)) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + signature->len = 0; + if (botan_pk_op_sign_output_length(sign_op, &signature->len)) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + if (botan_rng_init(&rng, "user")) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + *signature = chunk_alloc(signature->len); + if (botan_pk_op_sign_finish(sign_op, rng, signature->ptr, &signature->len)) + { + chunk_free(signature); + botan_rng_destroy(rng); + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + botan_rng_destroy(rng); + botan_pk_op_sign_destroy(sign_op); + return TRUE; +} + +/* + * Described in header + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret) +{ + botan_pk_op_ka_t ka; + + if (botan_pk_op_key_agreement_create(&ka, key, "Raw", 0)) + { + return FALSE; + } + + if (botan_pk_op_key_agreement_size(ka, &secret->len)) + { + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + + *secret = chunk_alloc(secret->len); + if (botan_pk_op_key_agreement(ka, secret->ptr, &secret->len, pub.ptr, + pub.len, NULL, 0)) + { + chunk_clear(secret); + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + botan_pk_op_key_agreement_destroy(ka); + return TRUE; +} diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h new file mode 100644 index 000000000..08830356e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util.h @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_util botan_util + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_UTIL_H_ +#define BOTAN_UTIL_H_ + +#include <library.h> + +#include <botan/ffi.h> + +/** + * Converts chunk_t to botan_mp_t. + * + * @param value chunk to convert + * @param mp allocated botan_mp_t + * @return TRUE if conversion successful + */ +bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp); + +/** + * Get the Botan string identifier for the given hash algorithm. + * + * @param hash hash algorithm + * @return Botan string identifier, NULL if not found + */ +const char *botan_get_hash(hash_algorithm_t hash); + +/** + * Get the encoding of a botan_pubkey_t. + * + * @param pubkey public key object + * @param type encoding type + * @param encoding allocated encoding + * @return TRUE if encoding successful + */ +bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type, + chunk_t *encoding); + +/** + * Get the encoding of a botan_privkey_t. + * + * @param key private key object + * @param type encoding type + * @param encoding allocated encoding + * @return TRUE if encoding successful + */ +bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type, + chunk_t *encoding); + +/** + * Get the fingerprint of a botan_pubkey_t. + * + * @param pubkey public key object + * @param cache key to use for caching, NULL to not cache + * @param type fingerprint type + * @param fp allocated fingerprint + * @return TRUE if fingerprinting successful + */ +bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, + cred_encoding_type_t type, chunk_t *fp); + +/** + * Sign the given data using the provided key with the specified signature + * scheme (hash/padding). + * + * @param key private key object + * @param scheme hash/padding algorithm + * @param data data to sign + * @param signature allocated signature + * @return TRUE if signature successfully created + */ +bool botan_get_signature(botan_privkey_t key, const char *scheme, + chunk_t data, chunk_t *signature); + +/** + * Do the Diffie-Hellman key derivation using the given private key and public + * value. + * + * Note that the public value is not verified in this function. + * + * @param key DH private key + * @param pub other's public value + * @param secret the derived secret (allocated on success) + * @return TRUE if derivation was successful + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret); + +#endif /** BOTAN_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.c b/src/libstrongswan/plugins/botan/botan_util_keys.c new file mode 100644 index 000000000..176c2caf9 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util_keys.c @@ -0,0 +1,211 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_util_keys.h" +#include "botan_ec_public_key.h" +#include "botan_ec_private_key.h" +#include "botan_rsa_public_key.h" +#include "botan_rsa_private_key.h" + +#include <asn1/asn1.h> +#include <asn1/oid.h> + +/** + * Get the algorithm name of a public key + */ +static char *get_algo_name(botan_pubkey_t pubkey) +{ + char *name; + size_t len = 0; + + if (botan_pubkey_algo_name(pubkey, NULL, &len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return NULL; + } + + name = malloc(len); + if (botan_pubkey_algo_name(pubkey, name, &len)) + { + free(name); + return NULL; + } + return name; +} + +/* + * Described in header + */ +public_key_t *botan_public_key_load(key_type_t type, va_list args) +{ + public_key_t *this = NULL; + botan_pubkey_t pubkey; + chunk_t blob = chunk_empty; + botan_rng_t rng; + char *name; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (botan_rng_init(&rng, "user")) + { + return NULL; + } + if (botan_pubkey_load(&pubkey, blob.ptr, blob.len)) + { + botan_rng_destroy(rng); + return NULL; + } + if (botan_pubkey_check_key(pubkey, rng, BOTAN_CHECK_KEY_EXPENSIVE_TESTS)) + { + DBG1(DBG_LIB, "public key failed key checks"); + botan_pubkey_destroy(pubkey); + botan_rng_destroy(rng); + return NULL; + } + botan_rng_destroy(rng); + + name = get_algo_name(pubkey); + if (!name) + { + botan_pubkey_destroy(pubkey); + return NULL; + } + + if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA)) + { + this = (public_key_t*)botan_rsa_public_key_adopt(pubkey); + } + else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA)) + { + this = (public_key_t*)botan_ec_public_key_adopt(pubkey); + } + else + { + botan_pubkey_destroy(pubkey); + } + free(name); + return this; +} + +/** + * Determine the curve OID from a PKCS#8 structure + */ +static int determine_ec_oid(chunk_t pkcs8) +{ + int oid = OID_UNKNOWN; + chunk_t inner, params = chunk_empty; + + if (asn1_unwrap(&pkcs8, &pkcs8) == ASN1_SEQUENCE && + asn1_unwrap(&pkcs8, &inner) == ASN1_INTEGER && + asn1_parse_integer_uint64(inner) == 0 && + asn1_parse_algorithmIdentifier(pkcs8, 0, ¶ms) == OID_EC_PUBLICKEY && + params.len && + asn1_unwrap(¶ms, ¶ms) == ASN1_OID) + { + oid = asn1_known_oid(params); + } + return oid; +} + +/* + * Described in header + */ +private_key_t *botan_private_key_load(key_type_t type, va_list args) +{ + private_key_t *this = NULL; + botan_privkey_t key; + botan_pubkey_t pubkey; + chunk_t blob = chunk_empty; + botan_rng_t rng; + char *name; + int oid; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (botan_rng_init(&rng, "user")) + { + return NULL; + } + if (botan_privkey_load(&key, rng, blob.ptr, blob.len, NULL)) + { + botan_rng_destroy(rng); + return NULL; + } + botan_rng_destroy(rng); + + if (botan_privkey_export_pubkey(&pubkey, key)) + { + botan_privkey_destroy(key); + return NULL; + } + name = get_algo_name(pubkey); + botan_pubkey_destroy(pubkey); + if (!name) + { + return NULL; + } + if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA)) + { + this = (private_key_t*)botan_rsa_private_key_adopt(key); + } + else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA)) + { + oid = determine_ec_oid(blob); + if (oid != OID_UNKNOWN) + { + this = (private_key_t*)botan_ec_private_key_adopt(key, oid); + } + } + if (!this) + { + botan_privkey_destroy(key); + } + free(name); + return this; +} diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.h b/src/libstrongswan/plugins/botan/botan_util_keys.h new file mode 100644 index 000000000..f05f7ce5e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util_keys.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Helper functions to load public and private keys in a generic way + * + * @defgroup botan_util_keys botan_util_keys + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_UTIL_KEYS_H_ +#define BOTAN_UTIL_KEYS_H_ + +#include <botan/ffi.h> + +#include <credentials/keys/public_key.h> +#include <credentials/keys/private_key.h> + +/** + * Load a public key in subjectPublicKeyInfo encoding + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +public_key_t *botan_public_key_load(key_type_t type, va_list args); + +/** + * Load a private key in PKCS#8 encoding + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +private_key_t *botan_private_key_load(key_type_t type, va_list args); + +#endif /** BOTAN_UTIL_KEYS_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_x25519.c b/src/libstrongswan/plugins/botan/botan_x25519.c new file mode 100644 index 000000000..519f29f55 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_x25519.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_x25519.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_X25519 + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_diffie_hellman_t private_diffie_hellman_t; + +/** + * Private data + */ +struct private_diffie_hellman_t { + + /** + * Public interface + */ + diffie_hellman_t public; + + /** + * Private key + */ + botan_privkey_t key; + + /** + * Shared secret + */ + chunk_t shared_secret; +}; + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(CURVE_25519, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + return botan_dh_key_derivation(this->key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_diffie_hellman_t *this, chunk_t *value) +{ + value->len = 0; + if (botan_pk_op_key_agreement_export_public(this->key, NULL, &value->len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *value = chunk_alloc(value->len); + if (botan_pk_op_key_agreement_export_public(this->key, value->ptr, + &value->len)) + { + chunk_free(value); + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + if (value.len != 32) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + if (botan_privkey_destroy(this->key)) + { + return FALSE; + } + + if (botan_privkey_load_x25519(&this->key, value.ptr)) + { + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_diffie_hellman_t *this) +{ + return CURVE_25519; +} + +METHOD(diffie_hellman_t, destroy, void, + private_diffie_hellman_t *this) +{ + botan_privkey_destroy(this->key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Described in header + */ +diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group) +{ + private_diffie_hellman_t *this; + botan_rng_t rng; + + INIT(this, + .public = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + ); + + if (botan_rng_init(&rng, "user")) + { + free(this); + return NULL; + } + + if (botan_privkey_create_ecdh(&this->key, rng, "curve25519")) + { + DBG1(DBG_LIB, "x25519 private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_x25519.h b/src/libstrongswan/plugins/botan/botan_x25519.h new file mode 100644 index 000000000..e95d6cde4 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_x25519.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_x25519 botan_x25519 + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_X25519_H_ +#define BOTAN_X25519_H_ + +#include <library.h> + +/** + * Creates a new X25519 implementation using Botan. + * + * @param group DH group, must be CURVE_25519 + * @return object, NULL if not supported + */ +diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group); + +#endif /** BOTAN_X25519_H_ @}*/ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 07eb457d5..f95094d8b 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index 09cbddee7..b57b78200 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -351,6 +350,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -371,8 +372,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -427,8 +426,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -457,8 +454,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 234a54cc2..0228adc25 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 82f82ca2d..56754db88 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 7c3012301..b5226d684 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 0928dee1c..18c6b7f94 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in index cb8bb3405..5b8b45e26 100644 --- a/src/libstrongswan/plugins/curve25519/Makefile.in +++ b/src/libstrongswan/plugins/curve25519/Makefile.in @@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -343,6 +342,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -363,8 +364,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -419,8 +418,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,8 +446,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 5ffa778cd..df4d5d657 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 37799583a..3e8efa37b 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 87b66df04..2bb55f6de 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index aa0bd5fa8..096e61214 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index da118ce57..304f4fcd4 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index e9a072461..513dc2a9b 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -62,7 +62,7 @@ struct private_gcm_aead_t { }; /** - * Find a suiteable word size and network order conversion functions + * Find a suitable word size and network order conversion functions */ #if ULONG_MAX == 18446744073709551615UL && defined(htobe64) # define htobeword htobe64 diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 3ed4a910f..dab9f6f1b 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index f59144a86..b57f05e3a 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -195,8 +195,8 @@ METHOD(diffie_hellman_t, destroy, void, /* * Generic internal constructor */ -gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len, - chunk_t g, chunk_t p) +static gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len, + chunk_t g, chunk_t p) { private_gcrypt_dh_t *this; gcry_error_t err; diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 11aef42f0..a74d76201 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 241ef7d3b..e9a83fdf4 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2017-2018 Tobias Brunner * Copyright (C) 2005 Jan Hutter * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2012 Andreas Steffen @@ -264,14 +264,15 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data) } /** - * Build a signature using the PKCS#1 EMSA scheme + * Hashes the data and builds the plaintext signature value with EMSA + * PKCS#1 v1.5 padding. + * + * Allocates the signature data. */ -static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, - hash_algorithm_t hash_algorithm, - chunk_t data, chunk_t *signature) +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em) { chunk_t digestInfo = chunk_empty; - chunk_t em; if (hash_algorithm != HASH_UNKNOWN) { @@ -295,43 +296,56 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, /* build DER-encoded digestInfo */ digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_algorithmIdentifier(hash_oid), - asn1_simple_object(ASN1_OCTET_STRING, hash) - ); - chunk_free(&hash); + asn1_wrap(ASN1_OCTET_STRING, "m", hash)); + data = digestInfo; } - if (data.len > this->k - 3) + if (data.len > keylen - 11) { - free(digestInfo.ptr); - DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - mpz_sizeinbase(this->n, 2)); + chunk_free(&digestInfo); + DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of " + "%zu bytes", data.len, keylen); return FALSE; } - /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em + /* EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em (at least 8 bytes) * T = encoded_hash */ - em.len = this->k; - em.ptr = malloc(em.len); + *em = chunk_alloc(keylen); /* fill em with padding */ - memset(em.ptr, 0xFF, em.len); + memset(em->ptr, 0xFF, em->len); /* set magic bytes */ - *(em.ptr) = 0x00; - *(em.ptr+1) = 0x01; - *(em.ptr + em.len - data.len - 1) = 0x00; - /* set DER-encoded hash */ - memcpy(em.ptr + em.len - data.len, data.ptr, data.len); + *(em->ptr) = 0x00; + *(em->ptr+1) = 0x01; + *(em->ptr + em->len - data.len - 1) = 0x00; + /* set encoded hash */ + memcpy(em->ptr + em->len - data.len, data.ptr, data.len); + + chunk_clear(&digestInfo); + return TRUE; +} + +/** + * Build a signature using the PKCS#1 EMSA scheme + */ +static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, + hash_algorithm_t hash_algorithm, + chunk_t data, chunk_t *signature) +{ + chunk_t em; + + if (!gmp_emsa_pkcs1_signature_data(hash_algorithm, data, this->k, &em)) + { + return FALSE; + } /* build signature */ *signature = rsasp1(this, em); - free(digestInfo.ptr); - free(em.ptr); - + chunk_free(&em); return TRUE; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 52bc9fb38..9b5ee67fa 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2017-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -70,7 +70,9 @@ struct private_gmp_rsa_public_key_t { /** * Shared functions defined in gmp_rsa_private_key.c */ -extern chunk_t gmp_mpz_to_chunk(const mpz_t value); +chunk_t gmp_mpz_to_chunk(const mpz_t value); +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em); /** * RSAEP algorithm specified in PKCS#1. @@ -115,26 +117,13 @@ static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data) } /** - * ASN.1 definition of digestInfo - */ -static const asn1Object_t digestInfoObjects[] = { - { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define DIGEST_INFO 0 -#define DIGEST_INFO_ALGORITHM 1 -#define DIGEST_INFO_DIGEST 2 - -/** * Verification of an EMSA PKCS1 signature described in PKCS#1 */ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hash_algorithm_t algorithm, chunk_t data, chunk_t signature) { - chunk_t em_ori, em; + chunk_t em_expected, em; bool success = FALSE; /* remove any preceding 0-bytes from signature */ @@ -148,140 +137,19 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, return FALSE; } - /* unpack signature */ - em_ori = em = rsavp1(this, signature); - - /* result should look like this: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em - * T = oid || hash - */ - - /* check magic bytes */ - if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + /* generate expected signature value */ + if (!gmp_emsa_pkcs1_signature_data(algorithm, data, this->k, &em_expected)) { - goto end; - } - em = chunk_skip(em, 2); - - /* find magic 0x00 */ - while (em.len > 0) - { - if (*em.ptr == 0x00) - { - /* found magic byte, stop */ - em = chunk_skip(em, 1); - break; - } - else if (*em.ptr != 0xFF) - { - /* bad padding, decryption failed ?!*/ - goto end; - } - em = chunk_skip(em, 1); - } - - if (em.len == 0) - { - /* no digestInfo found */ - goto end; - } - - if (algorithm == HASH_UNKNOWN) - { /* IKEv1 signatures without digestInfo */ - if (em.len != data.len) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes instead of" - " %u bytes", em.len, data.len); - goto end; - } - success = memeq_const(em.ptr, data.ptr, data.len); + return FALSE; } - else - { /* IKEv2 and X.509 certificate signatures */ - asn1_parser_t *parser; - chunk_t object; - int objectID; - hash_algorithm_t hash_algorithm = HASH_UNKNOWN; - - DBG2(DBG_LIB, "signature verification:"); - parser = asn1_parser_create(digestInfoObjects, em); - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case DIGEST_INFO: - { - if (em.len > object.len) - { - DBG1(DBG_LIB, "digestInfo field in signature is" - " followed by %u surplus bytes", - em.len - object.len); - goto end_parser; - } - break; - } - case DIGEST_INFO_ALGORITHM: - { - int hash_oid = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); - - hash_algorithm = hasher_algorithm_from_oid(hash_oid); - if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm) - { - DBG1(DBG_LIB, "expected hash algorithm %N, but found" - " %N (OID: %#B)", hash_algorithm_names, algorithm, - hash_algorithm_names, hash_algorithm, &object); - goto end_parser; - } - break; - } - case DIGEST_INFO_DIGEST: - { - chunk_t hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (hasher == NULL) - { - DBG1(DBG_LIB, "hash algorithm %N not supported", - hash_algorithm_names, hash_algorithm); - goto end_parser; - } - - if (object.len != hasher->get_hash_size(hasher)) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes" - " instead of %u bytes", object.len, - hasher->get_hash_size(hasher)); - hasher->destroy(hasher); - goto end_parser; - } - - /* build our own hash and compare */ - if (!hasher->allocate_hash(hasher, data, &hash)) - { - hasher->destroy(hasher); - goto end_parser; - } - hasher->destroy(hasher); - success = memeq_const(object.ptr, hash.ptr, hash.len); - free(hash.ptr); - break; - } - default: - break; - } - } + /* unpack signature */ + em = rsavp1(this, signature); -end_parser: - success &= parser->success(parser); - parser->destroy(parser); - } + success = chunk_equals_const(em_expected, em); -end: - free(em_ori.ptr); + chunk_free(&em_expected); + chunk_free(&em); return success; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 8de79663e..9f1f12601 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index 6573b311d..6ec8dc755 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 324157bc0..7582e2147 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 111f53239..e3ec9866c 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 1a41f73ea..ec49f9540 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in index fd69f4042..36ebc1c67 100644 --- a/src/libstrongswan/plugins/mgf1/Makefile.in +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 114507eeb..0b58efb22 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in index 81c10d5c9..cd618382e 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.in +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -345,6 +344,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -365,8 +366,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -421,8 +420,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,8 +448,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c index 72b7e034c..463276215 100644 --- a/src/libstrongswan/plugins/newhope/newhope_ke.c +++ b/src/libstrongswan/plugins/newhope/newhope_ke.c @@ -306,7 +306,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool, rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_LIB, "could not instatiate random source"); + DBG1(DBG_LIB, "could not instantiate random source"); return FALSE; } if (!rng->get_bytes(rng, seed_len, a_seed.ptr)) @@ -463,7 +463,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_LIB, "could not instatiate random source"); + DBG1(DBG_LIB, "could not instantiate random source"); goto end; } if (!rng->get_bytes(rng, seed_len, noise_seed.ptr)) diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in index 114035a4a..40961880c 100644 --- a/src/libstrongswan/plugins/newhope/tests/Makefile.in +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 0e24d4861..d9243ac62 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index cdfee525b..75f6abda9 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h index 3fee1800b..31c12e42c 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.h +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h @@ -71,7 +71,7 @@ struct ntru_drbg_t { }; /** - * Create and instantiate a new DRBG objet. + * Create and instantiate a new DRBG object. * * @param strength security strength in bits * @param pers_str personalization string diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h index 765b72bdd..642384feb 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.h +++ b/src/libstrongswan/plugins/ntru/ntru_poly.h @@ -49,7 +49,7 @@ struct ntru_poly_t { void (*get_array)(ntru_poly_t *this, uint16_t *array); /** - * Multiply polynomial a with ntru_poly_t object b having sparse coeffients + * Multiply polynomial a with ntru_poly_t object b having sparse coefficients * to form result polynomial c = a * b * * @param a input polynomial a diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 856055c6a..0fa8142a6 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -346,6 +345,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -366,8 +367,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -422,8 +421,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,8 +449,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 02a022d03..a1460d993 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 37917d441..1c6d0cfd6 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 10eb82619..af23b3058 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index ae24d4085..c2648d86c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 967e501d1..c934f0b1d 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -271,7 +271,8 @@ end: * } * * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that - * parameters MUST be included and publicKey SHOULD be. + * parameters MUST be included (an errata clarifies this, so this is only the + * case for plain private keys, not encoded in PKCS#8) and publicKey SHOULD be. */ static bool is_ec_private_key(chunk_t blob) { @@ -281,7 +282,8 @@ static bool is_ec_private_key(chunk_t blob) asn1_parse_integer_uint64(data) == 1 && asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING && asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 && - asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1; + asn1_unwrap(&data, &data) == ASN1_OID && + (!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1)); } /** diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 00d5a6a5d..8eec72903 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 6bb1b9a36..d47a1906c 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index f56df39d1..1539e57d7 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 9c408c443..8d038d698 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index ff7501c00..5caae5879 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 3a22a6316..6359e7cd7 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index d37c9834d..91526ccac 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 371e34db8..0ff72f58a 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 15e91b24a..4d4fcf1f1 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c index fe7eaa765..f688577e1 100644 --- a/src/libstrongswan/plugins/revocation/revocation_plugin.c +++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c @@ -76,6 +76,13 @@ METHOD(plugin_t, get_features, int, return countof(f); } +METHOD(plugin_t, reload, bool, + private_revocation_plugin_t *this) +{ + this->validator->reload(this->validator); + return TRUE; +} + METHOD(plugin_t, destroy, void, private_revocation_plugin_t *this) { @@ -95,6 +102,7 @@ plugin_t *revocation_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index f8e78ac0c..68292e3cd 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -27,6 +27,7 @@ #include <credentials/certificates/ocsp_response.h> #include <credentials/sets/ocsp_response_wrapper.h> #include <selectors/traffic_selector.h> +#include <threading/spinlock.h> typedef struct private_revocation_validator_t private_revocation_validator_t; @@ -50,6 +51,10 @@ struct private_revocation_validator_t { */ bool enable_crl; + /** + * Lock to access flags + */ + spinlock_t *lock; }; /** @@ -795,14 +800,21 @@ METHOD(cert_validator_t, validate, bool, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) { - if (online && (this->enable_ocsp || this->enable_crl) && + bool enable_ocsp, enable_crl; + + this->lock->lock(this->lock); + enable_ocsp = this->enable_ocsp; + enable_crl = this->enable_crl; + this->lock->unlock(this->lock); + + if (online && (enable_ocsp || enable_crl) && subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509) { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); - if (this->enable_ocsp) + if (enable_ocsp) { switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) { @@ -831,7 +843,7 @@ METHOD(cert_validator_t, validate, bool, auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED); } - if (this->enable_crl) + if (enable_crl) { switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) { @@ -865,9 +877,35 @@ METHOD(cert_validator_t, validate, bool, return TRUE; } +METHOD(revocation_validator_t, reload, void, + private_revocation_validator_t *this) +{ + bool enable_ocsp, enable_crl; + + enable_ocsp = lib->settings->get_bool(lib->settings, + "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns); + enable_crl = lib->settings->get_bool(lib->settings, + "%s.plugins.revocation.enable_crl", TRUE, lib->ns); + + this->lock->lock(this->lock); + this->enable_ocsp = enable_ocsp; + this->enable_crl = enable_crl; + this->lock->unlock(this->lock); + + if (!enable_ocsp) + { + DBG1(DBG_LIB, "all OCSP validation disabled"); + } + if (!enable_crl) + { + DBG1(DBG_LIB, "all CRL validation disabled"); + } +} + METHOD(revocation_validator_t, destroy, void, private_revocation_validator_t *this) { + this->lock->destroy(this->lock); free(this); } @@ -881,21 +919,13 @@ revocation_validator_t *revocation_validator_create() INIT(this, .public = { .validator.validate = _validate, + .reload = _reload, .destroy = _destroy, }, - .enable_ocsp = lib->settings->get_bool(lib->settings, - "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns), - .enable_crl = lib->settings->get_bool(lib->settings, - "%s.plugins.revocation.enable_crl", TRUE, lib->ns), + .lock = spinlock_create(), ); - if (!this->enable_ocsp) - { - DBG1(DBG_LIB, "all OCSP validation disabled"); - } - if (!this->enable_crl) - { - DBG1(DBG_LIB, "all CRL validation disabled"); - } + reload(this); + return &this->public; } diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.h b/src/libstrongswan/plugins/revocation/revocation_validator.h index 82cbde26b..9128787f1 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.h +++ b/src/libstrongswan/plugins/revocation/revocation_validator.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -36,6 +39,11 @@ struct revocation_validator_t { cert_validator_t validator; /** + * Reload the configuration + */ + void (*reload)(revocation_validator_t *this); + + /** * Destroy a revocation_validator_t. */ void (*destroy)(revocation_validator_t *this); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index ff0a30462..89d0fbb09 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 81284e137..32daea050 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 3ca2f5e24..ec55ffaaa 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 47af2c5fd..25e3781de 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index f0649b52a..cc2a8cbd7 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index ac644ec0b..864a536ee 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 45879e841..c8ad1e5d9 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -357,6 +356,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -377,8 +378,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -433,8 +432,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -463,8 +460,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 9bbe701ee..7ab965a82 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -303,4 +303,5 @@ TEST_VECTOR_DH(ecp224bp) TEST_VECTOR_DH(ecp256bp) TEST_VECTOR_DH(ecp384bp) TEST_VECTOR_DH(ecp512bp) -TEST_VECTOR_DH(curve25519) +TEST_VECTOR_DH(curve25519_1) +TEST_VECTOR_DH(curve25519_2) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c index f46d81c16..676fcfc5a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c @@ -16,10 +16,9 @@ #include <crypto/crypto_tester.h> /** - * From RFC 8031 + * From RFC 8037 */ - -dh_test_vector_t curve25519 = { +dh_test_vector_t curve25519_1 = { .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32, .priv_a = "\x77\x07\x6d\x0a\x73\x18\xa5\x7d\x3c\x16\xc1\x72\x51\xb2\x66\x45" "\xdf\x4c\x2f\x87\xeb\xc0\x99\x2a\xb1\x77\xfb\xa5\x1d\xb9\x2c\x2a", @@ -32,3 +31,20 @@ dh_test_vector_t curve25519 = { .shared = "\x4a\x5d\x9d\x5b\xa4\xce\x2d\xe1\x72\x8e\x3b\xf4\x80\x35\x0f\x25" "\xe0\x7e\x21\xc9\x47\xd1\x9e\x33\x76\xf0\x9b\x3c\x1e\x16\x17\x42", }; + +/** + * From RFC 8031 + */ +dh_test_vector_t curve25519_2 = { + .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32, + .priv_a = "\x75\x1f\xb4\x30\x86\x55\xb4\x76\xb6\x78\x9b\x73\x25\xf9\xea\x8c" + "\xdd\xd1\x6a\x58\x53\x3f\xf6\xd9\xe6\x00\x09\x46\x4a\x5f\x9d\x94", + .priv_b = "\x0a\x54\x64\x52\x53\x29\x0d\x60\xdd\xad\xd0\xe0\x30\xba\xcd\x9e" + "\x55\x01\xef\xdc\x22\x07\x55\xa1\xe9\x78\xf1\xb8\x39\xa0\x56\x88", + .pub_a = "\x48\xd5\xdd\xd4\x06\x12\x57\xba\x16\x6f\xa3\xf9\xbb\xdb\x74\xf1" + "\xa4\xe8\x1c\x08\x93\x84\xfa\x77\xf7\x90\x70\x9f\x0d\xfb\xc7\x66", + .pub_b = "\x0b\xe7\xc1\xf5\xaa\xd8\x7d\x7e\x44\x86\x62\x67\x32\x98\xa4\x43" + "\x47\x8b\x85\x97\x45\x17\x9e\xaf\x56\x4c\x79\xc0\xef\x6e\xee\x25", + .shared = "\xc7\x49\x50\x60\x7a\x12\x32\x7f\x32\x04\xd9\x4b\x68\x25\xbf\xb0" + "\x68\xb7\xf8\x31\x9a\x9e\x37\x08\xed\x3d\x43\xce\x81\x30\xc9\x50", +}; diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 2a4788ee1..8be6c1c3a 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index 7cd680095..20d6658c3 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 0f54f8cf0..ce53fff4d 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index bc3a44346..f3d4377d8 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -369,8 +369,13 @@ static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type) switch (oid) { case OID_XMPP_ADDR: - if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING, + if (asn1_parse_simple_object(&object, ASN1_UTF8STRING, parser->get_level(parser)+1, "xmppAddr")) + { /* we handle xmppAddr as RFC822 addr */ + *blob = object; + *type = ID_RFC822_ADDR; + } + else { goto end; } @@ -2021,6 +2026,8 @@ chunk_t build_generalName(identification_t *id) switch (id->get_type(id)) { + case ID_DER_ASN1_GN: + return chunk_clone(id->get_encoding(id)); case ID_RFC822_ADDR: context = ASN1_CONTEXT_S_1; break; diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 3a39037bc..966b6d733 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index dd9ad7e1b..03f7a6d8c 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -395,7 +395,7 @@ traffic_selector_t *traffic_selector_create_from_subnet( * greater or equal to 256 they are assumed to be type and code as defined * for traffic_selector_t. * - * @param protocol upper layer protocl to allow + * @param protocol upper layer protocol to allow * @param from_port start of allowed port range * @param to_port end of range * @return diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index a4c5060fa..44d035fac 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -73,6 +73,7 @@ struct private_settings_t { /** * Print a format key, but consume already processed arguments + * Note that key and start point into the same string */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) { @@ -115,6 +116,25 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** + * Check if the given section is contained in the given array. + */ +static bool has_section(array_t *array, section_t *section) +{ + section_t *current; + int i; + + for (i = 0; i < array_count(array); i++) + { + array_get(array, i, ¤t); + if (current == section) + { + return TRUE; + } + } + return FALSE; +} + +/** * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -160,15 +180,39 @@ static section_t *find_section_buffered(section_t *section, } /** - * Find all sections via a given key considering fallbacks, using buffered key, + * Forward declaration + */ +static array_t *find_sections(private_settings_t *this, section_t *section, + char *key, va_list args, array_t **sections); + +/** + * Resolve the given reference. Not thread-safe. + * Only a vararg function to get an empty va_list. + */ +static void resolve_reference(private_settings_t *this, section_ref_t *ref, + array_t **sections, ...) +{ + va_list args; + + va_start(args, sections); + find_sections(this, this->top, ref->name, args, sections); + va_end(args); +} + +/** + * Find all sections via a given key considering references, using buffered key, * reusable buffer. */ -static void find_sections_buffered(section_t *section, char *start, char *key, - va_list args, char *buf, int len, array_t **sections) +static void find_sections_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len, bool ignore_refs, + array_t **sections) { - section_t *found = NULL, *fallback; + section_t *found = NULL, *reference; + array_t *references; + section_ref_t *ref; char *pos; - int i; + int i, j; if (!section) { @@ -184,7 +228,7 @@ static void find_sections_buffered(section_t *section, char *start, char *key, return; } if (pos) - { /* restore so we can follow fallbacks */ + { /* restore so we can follow references */ *pos = '.'; } if (!strlen(buf)) @@ -199,147 +243,100 @@ static void find_sections_buffered(section_t *section, char *start, char *key, { if (pos) { - find_sections_buffered(found, start, pos+1, args, buf, len, - sections); + find_sections_buffered(this, found, start, pos+1, args, buf, len, + FALSE, sections); } - else + else if (!has_section(*sections, found)) { + /* ignore if already added to avoid loops */ array_insert_create(sections, ARRAY_TAIL, found); - for (i = 0; i < array_count(found->fallbacks); i++) + /* add all sections that are referenced here (also resolves + * references in parent sections of the referenced section) */ + for (i = 0; i < array_count(found->references); i++) { - array_get(found->fallbacks, i, &fallback); - array_insert_create(sections, ARRAY_TAIL, fallback); + array_get(found->references, i, &ref); + resolve_reference(this, ref, sections); } } } - if (section->fallbacks) + if (!ignore_refs && section != found && section->references) { - for (i = 0; i < array_count(section->fallbacks); i++) + /* find matching sub-sections relative to the referenced sections */ + for (i = 0; i < array_count(section->references); i++) { - array_get(section->fallbacks, i, &fallback); - find_sections_buffered(fallback, start, key, args, buf, len, - sections); + array_get(section->references, i, &ref); + references = NULL; + resolve_reference(this, ref, &references); + for (j = 0; j < array_count(references); j++) + { + array_get(references, j, &reference); + /* ignore references in this referenced section, they were + * resolved via resolve_reference() */ + find_sections_buffered(this, reference, start, key, args, + buf, len, TRUE, sections); + } + array_destroy(references); } } } /** - * Ensure that the section with the given key exists (thread-safe). + * Ensure that the section with the given key exists (not thread-safe). */ static section_t *ensure_section(private_settings_t *this, section_t *section, const char *key, va_list args) { char buf[128], keybuf[512]; - section_t *found; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } - /* we might have to change the tree */ - this->lock->write_lock(this->lock); - found = find_section_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), TRUE); - this->lock->unlock(this->lock); - return found; + return find_section_buffered(section, keybuf, keybuf, args, buf, + sizeof(buf), TRUE); } /** - * Find a section by a given key with its fallbacks (not thread-safe!). - * Sections are returned in depth-first order (array is allocated). NULL is - * returned if no sections are found. + * Find a section by a given key with resolved references (not thread-safe!). + * The array is allocated. NULL is returned if no sections are found. */ static array_t *find_sections(private_settings_t *this, section_t *section, - char *key, va_list args) + char *key, va_list args, array_t **sections) { char buf[128], keybuf[512]; - array_t *sections = NULL; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } - find_sections_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), §ions); - return sections; -} - -/** - * Check if the given fallback section already exists - */ -static bool fallback_exists(section_t *section, section_t *fallback) -{ - if (section == fallback) - { - return TRUE; - } - else if (section->fallbacks) - { - section_t *existing; - int i; - - for (i = 0; i < array_count(section->fallbacks); i++) - { - array_get(section->fallbacks, i, &existing); - if (existing == fallback) - { - return TRUE; - } - } - } - return FALSE; -} - -/** - * Ensure that the section with the given key exists and add the given fallback - * section (thread-safe). - */ -static void add_fallback_to_section(private_settings_t *this, - section_t *section, const char *key, va_list args, - section_t *fallback) -{ - char buf[128], keybuf[512]; - section_t *found; - - if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) - { - return; - } - this->lock->write_lock(this->lock); - found = find_section_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), TRUE); - if (!fallback_exists(found, fallback)) - { - /* to ensure sections referred to as fallback are not purged, we create - * the array there too */ - if (!fallback->fallbacks) - { - fallback->fallbacks = array_create(0, 0); - } - array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback); - } - this->lock->unlock(this->lock); + find_sections_buffered(this, section, keybuf, keybuf, args, buf, + sizeof(buf), FALSE, sections); + return *sections; } /** * Find the key/value pair for a key, using buffered key, reusable buffer - * If "ensure" is TRUE, the sections (and key/value pair) are created if they - * don't exist. - * Fallbacks are only considered if "ensure" is FALSE. + * There are two modes: 1. To find a key at an exact location and create the + * sections (and key/value pair) if necessary, don't pass an array for sections. + * 2. To find a key and follow references pass a pointer to an array to store + * visited sections. NULL is returned in this case if the key is not found. */ -static kv_t *find_value_buffered(section_t *section, char *start, char *key, - va_list args, char *buf, int len, bool ensure) +static kv_t *find_value_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len, bool ignore_refs, + array_t **sections) { - int i; - char *pos; - kv_t *kv = NULL; section_t *found = NULL; + kv_t *kv = NULL; + section_ref_t *ref; + array_t *references; + char *pos; + int i, j; - if (section == NULL) + if (!section) { return NULL; } - pos = strchr(key, '.'); if (pos) { @@ -348,7 +345,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } - /* restore so we can retry for fallbacks */ + /* restore so we can follow references */ *pos = '.'; if (!strlen(buf)) { @@ -357,7 +354,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, else if (array_bsearch(section->sections, buf, settings_section_find, &found) == -1) { - if (ensure) + if (!sections) { found = settings_section_create(strdup(buf)); settings_section_add(section, found, NULL); @@ -365,53 +362,144 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } if (found) { - kv = find_value_buffered(found, start, pos+1, args, buf, len, - ensure); - } - if (!kv && !ensure && section->fallbacks) - { - for (i = 0; !kv && i < array_count(section->fallbacks); i++) - { - array_get(section->fallbacks, i, &found); - kv = find_value_buffered(found, start, key, args, buf, len, - ensure); - } + kv = find_value_buffered(this, found, start, pos+1, args, buf, len, + FALSE, sections); } } else { + if (sections) + { + array_insert_create(sections, ARRAY_TAIL, section); + } if (!print_key(buf, len, start, key, args)) { return NULL; } if (array_bsearch(section->kv, buf, settings_kv_find, &kv) == -1) { - if (ensure) + if (!sections) { kv = settings_kv_create(strdup(buf), NULL); settings_kv_add(section, kv, NULL); } - else if (section->fallbacks) + } + } + if (!kv && !ignore_refs && sections && section->references) + { + /* find key relative to the referenced sections */ + for (i = 0; !kv && i < array_count(section->references); i++) + { + array_get(section->references, i, &ref); + references = NULL; + resolve_reference(this, ref, &references); + for (j = 0; !kv && j < array_count(references); j++) { - for (i = 0; !kv && i < array_count(section->fallbacks); i++) + array_get(references, j, &found); + /* ignore if already added to avoid loops */ + if (!has_section(*sections, found)) { - array_get(section->fallbacks, i, &found); - kv = find_value_buffered(found, start, key, args, buf, len, - ensure); + /* ignore references in this referenced section, they were + * resolved via resolve_reference() */ + kv = find_value_buffered(this, found, start, key, args, + buf, len, TRUE, sections); } } + array_destroy(references); } } return kv; } /** + * Remove the key/value pair for a key, using buffered key, reusable buffer + */ +static void remove_value_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len) +{ + section_t *found = NULL; + kv_t *kv = NULL, *ordered = NULL; + char *pos; + int idx, i; + + if (!section) + { + return; + } + pos = strchr(key, '.'); + if (pos) + { + *pos = '\0'; + pos++; + } + if (!print_key(buf, len, start, key, args)) + { + return; + } + if (!strlen(buf)) + { + found = section; + } + if (pos) + { + if (array_bsearch(section->sections, buf, settings_section_find, + &found) != -1) + { + remove_value_buffered(this, found, start, pos, args, buf, len); + } + } + else + { + idx = array_bsearch(section->kv, buf, settings_kv_find, &kv); + if (idx != -1) + { + array_remove(section->kv, idx, NULL); + for (i = 0; i < array_count(section->kv_order); i++) + { + array_get(section->kv_order, i, &ordered); + if (kv == ordered) + { + array_remove(section->kv_order, i, NULL); + settings_kv_destroy(kv, this->contents); + break; + } + } + } + } +} + +/* + * Described in header + */ +void settings_remove_value(settings_t *settings, char *key, ...) +{ + private_settings_t *this = (private_settings_t*)settings; + char buf[128], keybuf[512]; + va_list args; + + if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) + { + return; + } + va_start(args, key); + + this->lock->read_lock(this->lock); + remove_value_buffered(this, this->top, keybuf, keybuf, args, buf, + sizeof(buf)); + this->lock->unlock(this->lock); + + va_end(args); +} + +/** * Find the string value for a key (thread-safe). */ static char *find_value(private_settings_t *this, section_t *section, char *key, va_list args) { char buf[128], keybuf[512], *value = NULL; + array_t *sections = NULL; kv_t *kv; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) @@ -419,13 +507,14 @@ static char *find_value(private_settings_t *this, section_t *section, return NULL; } this->lock->read_lock(this->lock); - kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), - FALSE); + kv = find_value_buffered(this, section, keybuf, keybuf, args, + buf, sizeof(buf), FALSE, §ions); if (kv) { value = kv->value; } this->lock->unlock(this->lock); + array_destroy(sections); return value; } @@ -443,8 +532,8 @@ static void set_value(private_settings_t *this, section_t *section, return; } this->lock->write_lock(this->lock); - kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), - TRUE); + kv = find_value_buffered(this, section, keybuf, keybuf, args, + buf, sizeof(buf), FALSE, NULL); if (kv) { settings_kv_set(kv, strdupnull(value), this->contents); @@ -761,12 +850,12 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) { enumerator_data_t *data; - array_t *sections; + array_t *sections = NULL; va_list args; this->lock->read_lock(this->lock); va_start(args, key); - sections = find_sections(this, this->top, key, args); + sections = find_sections(this, this->top, key, args, §ions); va_end(args); if (!sections) @@ -793,13 +882,17 @@ CALLBACK(kv_filter, bool, while (orig->enumerate(orig, &kv)) { - if (seen->get(seen, kv->key) || !kv->value) + if (seen->get(seen, kv->key)) + { + continue; + } + seen->put(seen, kv->key, kv->key); + if (!kv->value) { continue; } *key = kv->key; *value = kv->value; - seen->put(seen, kv->key, kv->key); return TRUE; } return FALSE; @@ -818,12 +911,12 @@ METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) { enumerator_data_t *data; - array_t *sections; + array_t *sections = NULL; va_list args; this->lock->read_lock(this->lock); va_start(args, key); - sections = find_sections(this, this->top, key, args); + sections = find_sections(this, this->top, key, args, §ions); va_end(args); if (!sections) @@ -845,33 +938,34 @@ METHOD(settings_t, add_fallback, void, { section_t *section; va_list args; + char buf[512]; - /* find/create the fallback */ + this->lock->write_lock(this->lock); va_start(args, fallback); - section = ensure_section(this, this->top, fallback, args); + section = ensure_section(this, this->top, key, args); va_end(args); va_start(args, fallback); - add_fallback_to_section(this, this->top, key, args, section); + if (section && vsnprintf(buf, sizeof(buf), fallback, args) < sizeof(buf)) + { + settings_reference_add(section, strdup(buf), TRUE); + } va_end(args); + this->lock->unlock(this->lock); } /** * Load settings from files matching the given file pattern or from a string. - * All sections and values are added relative to "parent". * All files (even included ones) have to be loaded successfully. - * If merge is FALSE the contents of parent are replaced with the parsed - * contents, otherwise they are merged together. */ -static bool load_internal(private_settings_t *this, section_t *parent, - char *pattern, bool merge, bool string) +static section_t *load_internal(char *pattern, bool string) { section_t *section; bool loaded; if (pattern == NULL || !pattern[0]) - { /* TODO: Clear parent if merge is FALSE? */ - return TRUE; + { + return settings_section_create(NULL); } section = settings_section_create(NULL); @@ -880,61 +974,101 @@ static bool load_internal(private_settings_t *this, section_t *parent, if (!loaded) { settings_section_destroy(section, NULL); - return FALSE; + section = NULL; } + return section; +} - this->lock->write_lock(this->lock); - settings_section_extend(parent, section, this->contents, !merge); +/** + * Add sections and values in "section" relative to "parent". + * If merge is FALSE the contents of parent are replaced with the parsed + * contents, otherwise they are merged together. + * + * Releases the write lock and destroys the given section. + * If parent is NULL this is all that happens. + */ +static bool extend_section(private_settings_t *this, section_t *parent, + section_t *section, bool merge) +{ + if (parent) + { + settings_section_extend(parent, section, this->contents, !merge); + } this->lock->unlock(this->lock); - settings_section_destroy(section, NULL); - return TRUE; + return parent != NULL; } METHOD(settings_t, load_files, bool, private_settings_t *this, char *pattern, bool merge) { - return load_internal(this, this->top, pattern, merge, FALSE); + section_t *section; + + section = load_internal(pattern, FALSE); + if (!section) + { + return FALSE; + } + + this->lock->write_lock(this->lock); + return extend_section(this, this->top, section, merge); } METHOD(settings_t, load_files_section, bool, private_settings_t *this, char *pattern, bool merge, char *key, ...) { - section_t *section; + section_t *section, *parent; va_list args; - va_start(args, key); - section = ensure_section(this, this->top, key, args); - va_end(args); - + section = load_internal(pattern, FALSE); if (!section) { return FALSE; } - return load_internal(this, section, pattern, merge, FALSE); + + this->lock->write_lock(this->lock); + + va_start(args, key); + parent = ensure_section(this, this->top, key, args); + va_end(args); + + return extend_section(this, parent, section, merge); } METHOD(settings_t, load_string, bool, private_settings_t *this, char *settings, bool merge) { - return load_internal(this, this->top, settings, merge, TRUE); + section_t *section; + + section = load_internal(settings, TRUE); + if (!section) + { + return FALSE; + } + + this->lock->write_lock(this->lock); + return extend_section(this, this->top, section, merge); } METHOD(settings_t, load_string_section, bool, private_settings_t *this, char *settings, bool merge, char *key, ...) { - section_t *section; + section_t *section, *parent; va_list args; - va_start(args, key); - section = ensure_section(this, this->top, key, args); - va_end(args); - + section = load_internal(settings, TRUE); if (!section) { return FALSE; } - return load_internal(this, section, settings, merge, TRUE); + + this->lock->write_lock(this->lock); + + va_start(args, key); + parent = ensure_section(this, this->top, key, args); + va_end(args); + + return extend_section(this, parent, section, merge); } METHOD(settings_t, destroy, void, diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index e25c9da38..814cf32e5 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -288,15 +288,9 @@ struct settings_t { * 'section-one.two' will result in a lookup for the same section/key * in 'section-two'. * - * @note Lookups are depth-first and currently strictly top-down. - * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as - * fallback the keys/sections in lib2.sec would not be considered. But if - * app had lib3 as fallback the contents of lib3.sec would (as app is passed - * during the initial lookup). In the last example the order during - * enumerations would be app.sec, lib1.sec, lib3.sec. - * * @note Additional arguments will be applied to both section format - * strings so they must be compatible. + * strings so they must be compatible. And they are evaluated immediately, + * so arguments can't contain dots. * * @param section section for which a fallback is configured, printf style * @param fallback fallback section, printf style @@ -413,4 +407,18 @@ settings_t *settings_create(char *file); */ settings_t *settings_create_string(char *settings); +/** + * Remove the given key/value. + * + * Compared to setting a key to NULL, which makes it appear to be unset (i.e. + * default values will apply) this removes the given key (if found) and + * references/fallbacks will apply when looking for that key. This is mainly + * usefuls for the unit tests. + * + * @param settings settings to remove key/value from + * @param key key including sections, printf style format + * @param ... argument list for key + */ +void settings_remove_value(settings_t *settings, char *key, ...); + #endif /** SETTINGS_H_ @}*/ diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c index b13ff8009..c29dfa57b 100644 --- a/src/libstrongswan/settings/settings_lexer.c +++ b/src/libstrongswan/settings/settings_lexer.c @@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); yyg->yy_c_buf_p = yy_cp; /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ -#define YY_NUM_RULES 30 -#define YY_END_OF_BUFFER 31 +#define YY_NUM_RULES 39 +#define YY_END_OF_BUFFER 40 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -477,15 +477,17 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[63] = +static yyconst flex_int16_t yy_accept[85] = { 0, - 0, 0, 0, 0, 0, 0, 0, 0, 31, 9, - 2, 3, 2, 8, 1, 6, 9, 4, 5, 14, - 11, 12, 10, 13, 20, 16, 15, 17, 18, 29, - 21, 22, 23, 9, 2, 2, 1, 1, 3, 0, - 9, 14, 11, 20, 19, 29, 28, 27, 28, 24, - 25, 26, 1, 9, 9, 9, 9, 9, 0, 7, - 7, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 40, 12, 2, 3, 2, 11, 1, 7, 6, 8, + 9, 12, 4, 5, 17, 14, 15, 14, 18, 13, + 16, 23, 20, 21, 19, 22, 29, 25, 24, 26, + 27, 38, 30, 31, 32, 12, 2, 2, 1, 1, + 3, 0, 12, 17, 0, 14, 14, 13, 13, 15, + 0, 23, 20, 29, 28, 38, 37, 36, 37, 33, + 34, 35, 1, 12, 17, 13, 12, 12, 12, 12, + 0, 10, 10, 0 } ; static yyconst YY_CHAR yy_ec[256] = @@ -494,16 +496,16 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 1, 6, 7, 1, 1, 1, 1, 1, + 1, 1, 1, 8, 1, 9, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 10, 1, 1, + 11, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 8, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 9, 1, 1, 1, 1, 1, 1, 10, 11, + 1, 12, 1, 1, 1, 1, 1, 1, 13, 14, - 12, 1, 1, 1, 13, 1, 1, 14, 1, 15, - 1, 1, 1, 16, 1, 17, 18, 1, 1, 1, - 1, 1, 19, 1, 20, 1, 1, 1, 1, 1, + 15, 1, 1, 1, 16, 1, 1, 17, 1, 18, + 1, 1, 1, 19, 1, 20, 21, 1, 1, 1, + 1, 1, 22, 1, 23, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -520,113 +522,144 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst YY_CHAR yy_meta[21] = +static yyconst YY_CHAR yy_meta[24] = { 0, - 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 10, 7 + 1, 2, 3, 4, 5, 6, 5, 7, 8, 7, + 9, 10, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 7, 5 } ; -static yyconst flex_uint16_t yy_base[77] = +static yyconst flex_uint16_t yy_base[103] = { 0, - 0, 0, 19, 38, 57, 76, 23, 24, 70, 0, - 95, 244, 0, 244, 31, 244, 54, 244, 244, 0, - 44, 244, 244, 244, 0, 244, 244, 244, 0, 0, - 244, 244, 100, 0, 0, 0, 0, 33, 244, 65, - 57, 0, 45, 0, 244, 0, 244, 244, 62, 244, - 244, 244, 0, 43, 36, 27, 19, 46, 50, 244, - 51, 244, 117, 127, 137, 147, 155, 160, 170, 180, - 186, 193, 203, 213, 223, 233 + 0, 0, 23, 0, 45, 67, 89, 111, 49, 50, + 124, 0, 133, 335, 55, 335, 60, 335, 335, 335, + 335, 104, 335, 335, 112, 139, 335, 73, 335, 62, + 335, 0, 74, 335, 335, 335, 0, 335, 335, 335, + 0, 0, 335, 335, 144, 0, 0, 78, 0, 81, + 335, 117, 106, 102, 0, 0, 84, 0, 94, 335, + 107, 0, 97, 0, 335, 0, 335, 335, 106, 335, + 335, 335, 0, 89, 78, 0, 60, 53, 43, 98, + 102, 335, 103, 335, 164, 174, 184, 194, 204, 214, + 224, 234, 244, 249, 255, 264, 274, 284, 294, 304, + + 314, 324 } ; -static yyconst flex_int16_t yy_def[77] = +static yyconst flex_int16_t yy_def[103] = { 0, - 62, 1, 63, 63, 64, 64, 65, 65, 62, 66, - 62, 62, 67, 62, 68, 62, 66, 62, 62, 69, - 62, 62, 62, 62, 70, 62, 62, 62, 71, 72, - 62, 62, 73, 66, 11, 67, 74, 68, 62, 75, - 66, 69, 62, 70, 62, 72, 62, 62, 62, 62, - 62, 62, 74, 66, 66, 66, 66, 66, 76, 62, - 76, 0, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62 + 84, 1, 84, 3, 85, 85, 86, 86, 87, 87, + 84, 88, 84, 84, 84, 84, 89, 84, 84, 84, + 84, 88, 84, 84, 90, 84, 84, 84, 84, 91, + 84, 92, 84, 84, 84, 84, 93, 84, 84, 84, + 94, 95, 84, 84, 96, 88, 13, 84, 97, 89, + 84, 98, 88, 90, 99, 26, 84, 100, 91, 84, + 101, 92, 84, 93, 84, 95, 84, 84, 84, 84, + 84, 84, 97, 88, 99, 100, 88, 88, 88, 88, + 102, 84, 102, 0, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + + 84, 84 } ; -static yyconst flex_uint16_t yy_nxt[265] = +static yyconst flex_uint16_t yy_nxt[359] = { 0, - 10, 11, 12, 13, 11, 14, 15, 16, 10, 10, - 10, 10, 17, 10, 10, 10, 10, 10, 18, 19, - 21, 22, 23, 21, 24, 22, 31, 31, 32, 32, - 58, 33, 33, 39, 40, 39, 40, 57, 22, 21, - 22, 23, 21, 24, 22, 43, 43, 59, 43, 43, - 59, 61, 61, 56, 61, 61, 55, 22, 26, 26, - 27, 26, 28, 26, 48, 29, 54, 39, 41, 62, - 62, 62, 62, 62, 62, 62, 26, 26, 26, 27, - 26, 28, 26, 62, 29, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 26, 35, 62, 36, 35, - - 62, 37, 48, 49, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 50, 51, 52, 20, 20, 20, - 20, 20, 20, 20, 20, 20, 20, 25, 25, 25, - 25, 25, 25, 25, 25, 25, 25, 30, 30, 30, - 30, 30, 30, 30, 30, 30, 30, 34, 62, 62, - 62, 62, 62, 62, 62, 34, 36, 62, 36, 36, - 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, - 42, 62, 62, 62, 62, 62, 62, 42, 42, 42, - 44, 62, 62, 62, 62, 62, 62, 44, 62, 44, - 45, 45, 45, 46, 46, 46, 62, 46, 62, 46, - - 46, 62, 46, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 53, 53, 62, 62, 53, 53, 53, - 53, 53, 53, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 60, 60, 60, 60, 60, 60, 60, - 62, 60, 60, 9, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62 + 12, 13, 14, 15, 13, 16, 17, 18, 19, 20, + 21, 12, 12, 12, 12, 22, 12, 12, 12, 12, + 12, 23, 24, 25, 26, 27, 28, 26, 29, 30, + 31, 29, 29, 29, 25, 25, 25, 25, 25, 25, + 25, 25, 25, 25, 29, 29, 33, 34, 35, 33, + 36, 34, 43, 43, 44, 44, 48, 80, 48, 48, + 45, 45, 51, 52, 60, 61, 79, 34, 33, 34, + 35, 33, 36, 34, 57, 63, 57, 57, 63, 48, + 78, 48, 48, 51, 52, 57, 55, 57, 57, 34, + 38, 38, 39, 38, 40, 38, 60, 61, 63, 81, + + 41, 63, 81, 83, 83, 77, 83, 83, 68, 60, + 55, 38, 38, 38, 39, 38, 40, 38, 74, 51, + 55, 53, 41, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 38, 47, 84, 48, 47, 84, 49, + 56, 84, 57, 56, 84, 58, 68, 69, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 70, 71, 72, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 42, 42, 42, 42, 42, 42, + 42, 42, 42, 42, 46, 84, 84, 84, 84, 84, + + 84, 84, 84, 46, 50, 50, 50, 50, 50, 50, + 50, 50, 50, 50, 54, 84, 84, 84, 84, 84, + 84, 54, 84, 54, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 62, 84, 84, 84, 84, 84, + 62, 62, 62, 62, 64, 84, 84, 84, 84, 84, + 64, 64, 64, 65, 65, 66, 66, 66, 84, 66, + 84, 66, 66, 66, 67, 67, 67, 67, 67, 67, + 67, 67, 67, 67, 73, 73, 84, 84, 73, 73, + 73, 73, 73, 73, 52, 52, 52, 52, 52, 52, + 52, 52, 52, 52, 75, 84, 84, 84, 84, 84, + + 84, 84, 84, 75, 76, 76, 84, 84, 76, 76, + 76, 76, 76, 76, 61, 61, 61, 61, 61, 61, + 61, 61, 61, 61, 82, 82, 82, 82, 82, 82, + 82, 82, 84, 82, 11, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84 } ; -static yyconst flex_int16_t yy_chk[265] = +static yyconst flex_int16_t yy_chk[359] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 3, 3, 3, 3, 3, 3, 7, 8, 7, 8, - 57, 7, 8, 15, 15, 38, 38, 56, 3, 4, - 4, 4, 4, 4, 4, 21, 43, 58, 21, 43, - 58, 59, 61, 55, 59, 61, 54, 4, 5, 5, - 5, 5, 5, 5, 49, 5, 41, 40, 17, 9, - 0, 0, 0, 0, 0, 0, 5, 6, 6, 6, - 6, 6, 6, 0, 6, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 6, 11, 0, 11, 11, - - 0, 11, 33, 33, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 33, 33, 33, 63, 63, 63, - 63, 63, 63, 63, 63, 63, 63, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 65, 65, 65, - 65, 65, 65, 65, 65, 65, 65, 66, 0, 0, - 0, 0, 0, 0, 0, 66, 67, 0, 67, 67, - 68, 68, 68, 68, 68, 68, 68, 68, 68, 68, - 69, 0, 0, 0, 0, 0, 0, 69, 69, 69, - 70, 0, 0, 0, 0, 0, 0, 70, 0, 70, - 71, 71, 71, 72, 72, 72, 0, 72, 0, 72, - - 72, 0, 72, 73, 73, 73, 73, 73, 73, 73, - 73, 73, 73, 74, 74, 0, 0, 74, 74, 74, - 74, 74, 74, 75, 75, 75, 75, 75, 75, 75, - 75, 75, 75, 76, 76, 76, 76, 76, 76, 76, - 0, 76, 76, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62 + 1, 1, 1, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 5, 5, 5, 5, + 5, 5, 9, 10, 9, 10, 15, 79, 15, 15, + 9, 10, 17, 17, 30, 30, 78, 5, 6, 6, + 6, 6, 6, 6, 28, 33, 28, 28, 33, 48, + 77, 48, 48, 50, 50, 57, 75, 57, 57, 6, + 7, 7, 7, 7, 7, 7, 59, 59, 63, 80, + + 7, 63, 80, 81, 83, 74, 81, 83, 69, 61, + 54, 7, 8, 8, 8, 8, 8, 8, 53, 52, + 25, 22, 8, 11, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 8, 13, 0, 13, 13, 0, 13, + 26, 0, 26, 26, 0, 26, 45, 45, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 45, 45, 45, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 86, 86, 86, 86, 86, 86, + 86, 86, 86, 86, 87, 87, 87, 87, 87, 87, + 87, 87, 87, 87, 88, 0, 0, 0, 0, 0, + + 0, 0, 0, 88, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 90, 0, 0, 0, 0, 0, + 0, 90, 0, 90, 91, 91, 91, 91, 91, 91, + 91, 91, 91, 91, 92, 0, 0, 0, 0, 0, + 92, 92, 92, 92, 93, 0, 0, 0, 0, 0, + 93, 93, 93, 94, 94, 95, 95, 95, 0, 95, + 0, 95, 95, 95, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 97, 97, 0, 0, 97, 97, + 97, 97, 97, 97, 98, 98, 98, 98, 98, 98, + 98, 98, 98, 98, 99, 0, 0, 0, 0, 0, + + 0, 0, 0, 99, 100, 100, 0, 0, 100, 100, + 100, 100, 100, 100, 101, 101, 101, 101, 101, 101, + 101, 101, 101, 101, 102, 102, 102, 102, 102, 102, + 102, 102, 0, 102, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84 } ; /* Table of booleans, true if rule could match eol. */ -static yyconst flex_int32_t yy_rule_can_match_eol[31] = +static yyconst flex_int32_t yy_rule_can_match_eol[40] = { 0, -0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, }; +0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, + }; -static yyconst flex_int16_t yy_rule_linenum[30] = +static yyconst flex_int16_t yy_rule_linenum[39] = { 0, - 61, 62, 63, 65, 66, 68, 73, 78, 83, 89, - 90, 92, 112, 118, 125, 128, 148, 151, 154, 157, - 163, 164, 166, 186, 187, 188, 189, 190, 191 + 66, 67, 68, 70, 71, 73, 74, 76, 81, 86, + 91, 96, 102, 103, 104, 106, 108, 113, 120, 121, + 123, 144, 150, 157, 160, 180, 183, 186, 189, 195, + 196, 198, 218, 219, 220, 221, 222, 223 } ; /* The intent behind this definition is that it'll catch @@ -639,7 +672,7 @@ static yyconst flex_int16_t yy_rule_linenum[30] = #line 1 "settings/settings_lexer.l" #line 2 "settings/settings_lexer.l" /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -662,7 +695,7 @@ bool settings_parser_open_next_file(parser_helper_t *ctx); static void include_files(parser_helper_t *ctx); /* use start conditions stack */ -/* do not declare unneded functions */ +/* do not declare unneeded functions */ #define YY_NO_INPUT 1 /* don't use global variables, and interact properly with bison */ /* maintain the line number */ @@ -670,18 +703,22 @@ static void include_files(parser_helper_t *ctx); /* prefix function/variable declarations */ /* don't change the name of the output file otherwise autotools has issues */ /* type of our extra data */ +/* state used to scan references */ + /* state used to scan values */ /* state used to scan include file patterns */ /* state used to scan quoted strings */ -#line 680 "settings/settings_lexer.c" +/* pattern for section/key names */ +#line 716 "settings/settings_lexer.c" #define INITIAL 0 -#define val 1 -#define inc 2 -#define str 3 +#define ref 1 +#define val 2 +#define inc 3 +#define str 4 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way @@ -1030,10 +1067,10 @@ YY_DECL { /* %% [7.0] user's declarations go here */ -#line 59 "settings/settings_lexer.l" +#line 64 "settings/settings_lexer.l" -#line 1037 "settings/settings_lexer.c" +#line 1074 "settings/settings_lexer.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1062,13 +1099,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 244 ); + while ( yy_base[yy_current_state] != 335 ); yy_find_action: /* %% [10.0] code to find the action number goes here */ @@ -1103,13 +1140,13 @@ do_action: /* This label is used only to access EOF actions. */ { if ( yy_act == 0 ) fprintf( stderr, "--scanner backing up\n" ); - else if ( yy_act < 30 ) + else if ( yy_act < 39 ) fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n", (long)yy_rule_linenum[yy_act], yytext ); - else if ( yy_act == 30 ) + else if ( yy_act == 39 ) fprintf( stderr, "--accepting default rule (\"%s\")\n", yytext ); - else if ( yy_act == 31 ) + else if ( yy_act == 40 ) fprintf( stderr, "--(end of buffer or a NUL)\n" ); else fprintf( stderr, "--EOF (start condition %d)\n", YY_START ); @@ -1127,81 +1164,138 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 61 "settings/settings_lexer.l" +#line 66 "settings/settings_lexer.l" /* eat comments */ YY_BREAK case 2: YY_RULE_SETUP -#line 62 "settings/settings_lexer.l" +#line 67 "settings/settings_lexer.l" /* eat whitespace */ YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 63 "settings/settings_lexer.l" -return NEWLINE; /* also eats comments at the end of a line */ +#line 68 "settings/settings_lexer.l" +/* eat newlines and comments at the end of a line */ YY_BREAK case 4: -#line 66 "settings/settings_lexer.l" +#line 71 "settings/settings_lexer.l" case 5: YY_RULE_SETUP -#line 66 "settings/settings_lexer.l" +#line 71 "settings/settings_lexer.l" return yytext[0]; YY_BREAK case 6: YY_RULE_SETUP -#line 68 "settings/settings_lexer.l" +#line 73 "settings/settings_lexer.l" +return DOT; + YY_BREAK +case 7: +YY_RULE_SETUP +#line 74 "settings/settings_lexer.l" +return COMMA; + YY_BREAK +case 8: +YY_RULE_SETUP +#line 76 "settings/settings_lexer.l" +{ + yy_push_state(ref, yyscanner); + return COLON; +} + YY_BREAK +case 9: +YY_RULE_SETUP +#line 81 "settings/settings_lexer.l" { yy_push_state(val, yyscanner); return yytext[0]; } YY_BREAK -case 7: -/* rule 7 can match eol */ +case 10: +/* rule 10 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 73 "settings/settings_lexer.l" +#line 86 "settings/settings_lexer.l" { yyextra->string_init(yyextra); yy_push_state(inc, yyscanner); } YY_BREAK -case 8: +case 11: YY_RULE_SETUP -#line 78 "settings/settings_lexer.l" +#line 91 "settings/settings_lexer.l" { PARSER_DBG1(yyextra, "unexpected string detected"); return STRING_ERROR; } YY_BREAK -case 9: +case 12: YY_RULE_SETUP -#line 83 "settings/settings_lexer.l" +#line 96 "settings/settings_lexer.l" { yylval->s = strdup(yytext); return NAME; } YY_BREAK -case 10: +case 13: +YY_RULE_SETUP +#line 102 "settings/settings_lexer.l" +/* eat comments */ + YY_BREAK +case 14: +YY_RULE_SETUP +#line 103 "settings/settings_lexer.l" +/* eat whitespace */ + YY_BREAK +case 15: +/* rule 15 can match eol */ +YY_RULE_SETUP +#line 104 "settings/settings_lexer.l" +/* eat newlines and comments at the end of a line */ + YY_BREAK +case 16: +YY_RULE_SETUP +#line 106 "settings/settings_lexer.l" +return COMMA; + YY_BREAK +case 17: YY_RULE_SETUP -#line 89 "settings/settings_lexer.l" +#line 108 "settings/settings_lexer.l" +{ + yylval->s = strdup(yytext); + return NAME; + } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 113 "settings/settings_lexer.l" +{ + unput(yytext[0]); + yy_pop_state(yyscanner); + } + YY_BREAK + + +case 19: +YY_RULE_SETUP +#line 120 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK -case 11: +case 20: YY_RULE_SETUP -#line 90 "settings/settings_lexer.l" +#line 121 "settings/settings_lexer.l" YY_BREAK case YY_STATE_EOF(val): -#line 91 "settings/settings_lexer.l" -case 12: -/* rule 12 can match eol */ +#line 122 "settings/settings_lexer.l" +case 21: +/* rule 21 can match eol */ YY_RULE_SETUP -#line 92 "settings/settings_lexer.l" +#line 123 "settings/settings_lexer.l" { if (*yytext) { @@ -1220,20 +1314,21 @@ YY_RULE_SETUP } } yy_pop_state(yyscanner); + return NEWLINE; } YY_BREAK -case 13: +case 22: YY_RULE_SETUP -#line 112 "settings/settings_lexer.l" +#line 144 "settings/settings_lexer.l" { yyextra->string_init(yyextra); yy_push_state(str, yyscanner); } YY_BREAK /* same as above, but allow more characters */ -case 14: +case 23: YY_RULE_SETUP -#line 118 "settings/settings_lexer.l" +#line 150 "settings/settings_lexer.l" { yylval->s = strdup(yytext); return NAME; @@ -1241,18 +1336,18 @@ YY_RULE_SETUP YY_BREAK -case 15: +case 24: YY_RULE_SETUP -#line 125 "settings/settings_lexer.l" +#line 157 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK /* we allow all characters except #, } and spaces, they can be escaped */ case YY_STATE_EOF(inc): -#line 127 "settings/settings_lexer.l" -case 16: -/* rule 16 can match eol */ +#line 159 "settings/settings_lexer.l" +case 25: +/* rule 25 can match eol */ YY_RULE_SETUP -#line 128 "settings/settings_lexer.l" +#line 160 "settings/settings_lexer.l" { if (*yytext) { @@ -1274,49 +1369,49 @@ YY_RULE_SETUP yy_pop_state(yyscanner); } YY_BREAK -case 17: +case 26: YY_RULE_SETUP -#line 148 "settings/settings_lexer.l" +#line 180 "settings/settings_lexer.l" { /* string include */ yy_push_state(str, yyscanner); } YY_BREAK -case 18: +case 27: YY_RULE_SETUP -#line 151 "settings/settings_lexer.l" +#line 183 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 19: +case 28: YY_RULE_SETUP -#line 154 "settings/settings_lexer.l" +#line 186 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext+1); } YY_BREAK -case 20: +case 29: YY_RULE_SETUP -#line 157 "settings/settings_lexer.l" +#line 189 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 21: +case 30: YY_RULE_SETUP -#line 163 "settings/settings_lexer.l" +#line 195 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK -case 22: -#line 165 "settings/settings_lexer.l" +case 31: +#line 197 "settings/settings_lexer.l" YY_RULE_SETUP case YY_STATE_EOF(str): -#line 165 "settings/settings_lexer.l" -case 23: +#line 197 "settings/settings_lexer.l" +case 32: YY_RULE_SETUP -#line 166 "settings/settings_lexer.l" +#line 198 "settings/settings_lexer.l" { if (!streq(yytext, "\"")) { @@ -1337,43 +1432,44 @@ YY_RULE_SETUP } } YY_BREAK -case 24: +case 33: YY_RULE_SETUP -#line 186 "settings/settings_lexer.l" +#line 218 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\n"); YY_BREAK -case 25: +case 34: YY_RULE_SETUP -#line 187 "settings/settings_lexer.l" +#line 219 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\r"); YY_BREAK -case 26: +case 35: YY_RULE_SETUP -#line 188 "settings/settings_lexer.l" +#line 220 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\t"); YY_BREAK -case 27: -/* rule 27 can match eol */ +case 36: +/* rule 36 can match eol */ YY_RULE_SETUP -#line 189 "settings/settings_lexer.l" +#line 221 "settings/settings_lexer.l" /* merge lines that end with escaped EOL characters */ YY_BREAK -case 28: +case 37: YY_RULE_SETUP -#line 190 "settings/settings_lexer.l" +#line 222 "settings/settings_lexer.l" yyextra->string_add(yyextra, yytext+1); YY_BREAK -case 29: -/* rule 29 can match eol */ +case 38: +/* rule 38 can match eol */ YY_RULE_SETUP -#line 191 "settings/settings_lexer.l" +#line 223 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK case YY_STATE_EOF(INITIAL): -#line 196 "settings/settings_lexer.l" +case YY_STATE_EOF(ref): +#line 228 "settings/settings_lexer.l" { settings_parser_pop_buffer_state(yyscanner); if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER) @@ -1382,12 +1478,12 @@ case YY_STATE_EOF(INITIAL): } } YY_BREAK -case 30: +case 39: YY_RULE_SETUP -#line 204 "settings/settings_lexer.l" +#line 236 "settings/settings_lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1391 "settings/settings_lexer.c" +#line 1487 "settings/settings_lexer.c" case YY_END_OF_BUFFER: { @@ -1705,7 +1801,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -1739,11 +1835,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 62); + yy_is_jam = (yy_current_state == 84); (void)yyg; return yy_is_jam ? 0 : yy_current_state; @@ -2778,7 +2874,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner) /* %ok-for-header */ -#line 204 "settings/settings_lexer.l" +#line 236 "settings/settings_lexer.l" diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l index fa1ecac10..19ab8d7b2 100644 --- a/src/libstrongswan/settings/settings_lexer.l +++ b/src/libstrongswan/settings/settings_lexer.l @@ -1,6 +1,6 @@ %{ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -29,7 +29,7 @@ static void include_files(parser_helper_t *ctx); /* use start conditions stack */ %option stack -/* do not declare unneded functions */ +/* do not declare unneeded functions */ %option noinput noyywrap /* don't use global variables, and interact properly with bison */ @@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx); /* type of our extra data */ %option extra-type="parser_helper_t*" +/* state used to scan references */ +%x ref /* state used to scan values */ %x val /* state used to scan include file patterns */ @@ -56,15 +58,26 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ %x str +/* pattern for section/key names */ +NAME [^#{}:.,="\r\n\t ] + %% [\t ]*#[^\r\n]* /* eat comments */ [\t\r ]+ /* eat whitespace */ -\n|#.*\n return NEWLINE; /* also eats comments at the end of a line */ +\n|#.*\n /* eat newlines and comments at the end of a line */ "{" | "}" return yytext[0]; +"." return DOT; +"," return COMMA; + +":" { + yy_push_state(ref, yyscanner); + return COLON; +} + "=" { yy_push_state(val, yyscanner); return yytext[0]; @@ -80,16 +93,34 @@ static void include_files(parser_helper_t *ctx); return STRING_ERROR; } -[^#{}="\r\n\t ]+ { +{NAME}+ { yylval->s = strdup(yytext); return NAME; } +<ref>{ + [\t ]*#[^\r\n]* /* eat comments */ + [\t\r ]+ /* eat whitespace */ + \n|#.*\n /* eat newlines and comments at the end of a line */ + + "," return COMMA; + + {NAME}+(\.{NAME}+)* { + yylval->s = strdup(yytext); + return NAME; + } + + . { + unput(yytext[0]); + yy_pop_state(yyscanner); + } +} + <val>{ \r /* just ignore these */ [\t ]+ <<EOF>> | - [#}\n] { + [#}\n] { if (*yytext) { switch (yytext[0]) @@ -107,15 +138,16 @@ static void include_files(parser_helper_t *ctx); } } yy_pop_state(yyscanner); + return NEWLINE; } - "\"" { + "\"" { yyextra->string_init(yyextra); yy_push_state(str, yyscanner); } /* same as above, but allow more characters */ - [^#}"\r\n\t ]+ { + [^#}"\r\n\t ]+ { yylval->s = strdup(yytext); return NAME; } diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 3d1a2ba27..ad3d5288c 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -71,7 +71,7 @@ #line 1 "settings/settings_parser.y" /* yacc.c:339 */ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -120,6 +120,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name); static section_t *pop_section(parser_helper_t *ctx); static void add_section(parser_helper_t *ctx, section_t *section); static void add_setting(parser_helper_t *ctx, kv_t *kv); +static void add_references(parser_helper_t *ctx, array_t *references); /** * Make sure to call lexer with the proper context @@ -131,7 +132,7 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx) } -#line 135 "settings/settings_parser.c" /* yacc.c:339 */ +#line 136 "settings/settings_parser.c" /* yacc.c:339 */ # ifndef YY_NULLPTR # if defined __cplusplus && 201103L <= __cplusplus @@ -168,28 +169,35 @@ extern int settings_parser_debug; { NAME = 258, STRING = 259, - NEWLINE = 260, - STRING_ERROR = 261 + DOT = 260, + COMMA = 261, + COLON = 262, + NEWLINE = 263, + STRING_ERROR = 264 }; #endif /* Tokens. */ #define NAME 258 #define STRING 259 -#define NEWLINE 260 -#define STRING_ERROR 261 +#define DOT 260 +#define COMMA 261 +#define COLON 262 +#define NEWLINE 263 +#define STRING_ERROR 264 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 77 "settings/settings_parser.y" /* yacc.c:355 */ +#line 78 "settings/settings_parser.y" /* yacc.c:355 */ char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; -#line 193 "settings/settings_parser.c" /* yacc.c:355 */ +#line 201 "settings/settings_parser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -205,7 +213,7 @@ int settings_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 209 "settings/settings_parser.c" /* yacc.c:358 */ +#line 217 "settings/settings_parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -447,21 +455,21 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 13 +#define YYLAST 19 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 10 +#define YYNTOKENS 13 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 8 +#define YYNNTS 9 /* YYNRULES -- Number of rules. */ -#define YYNRULES 15 +#define YYNRULES 17 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 20 +#define YYNSTATES 24 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 261 +#define YYMAXUTOK 264 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -476,13 +484,13 @@ static const yytype_uint8 yytranslate[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 9, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 12, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 8, 2, 7, 2, 2, 2, 2, + 2, 2, 2, 11, 2, 10, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -496,15 +504,15 @@ static const yytype_uint8 yytranslate[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6 + 5, 6, 7, 8, 9 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 105, 105, 107, 108, 112, 116, 123, 131, 136, - 143, 148, 155, 156, 170, 171 + 0, 112, 112, 114, 115, 119, 123, 130, 138, 143, + 152, 157, 165, 170, 177, 178, 192, 193 }; #endif @@ -513,9 +521,10 @@ static const yytype_uint8 yyrline[] = First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "NAME", "STRING", "NEWLINE", - "STRING_ERROR", "'}'", "'{'", "'='", "$accept", "statements", - "statement", "section", "section_start", "setting", "value", "valuepart", YY_NULLPTR + "$end", "error", "$undefined", "NAME", "STRING", "\".\"", "\",\"", + "\":\"", "NEWLINE", "STRING_ERROR", "'}'", "'{'", "'='", "$accept", + "statements", "statement", "section", "section_start", "references", + "setting", "value", "valuepart", YY_NULLPTR }; #endif @@ -524,14 +533,15 @@ static const char *const yytname[] = (internal) symbol number NUM (which must be that of a token). */ static const yytype_uint16 yytoknum[] = { - 0, 256, 257, 258, 259, 260, 261, 125, 123, 61 + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 125, 123, 61 }; # endif -#define YYPACT_NINF -11 +#define YYPACT_NINF -7 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-11))) + (!!((Yystate) == (-7))) #define YYTABLE_NINF -1 @@ -542,8 +552,9 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int8 yypact[] = { - -11, 0, -11, -1, -11, -11, -11, -11, -11, 2, - -11, -2, 6, -11, -11, -11, -2, -11, -11, -11 + -7, 0, -7, -6, -7, -7, -7, -7, -7, 1, + -7, 8, -1, -7, 4, -7, -7, 8, -7, -7, + 10, -7, -7, -7 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -552,19 +563,20 @@ static const yytype_int8 yypact[] = static const yytype_uint8 yydefact[] = { 2, 0, 1, 0, 3, 4, 5, 2, 6, 0, - 8, 11, 0, 9, 14, 15, 10, 12, 7, 13 + 8, 13, 0, 10, 0, 16, 17, 12, 14, 7, + 0, 9, 15, 11 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { - -11, 5, -11, -11, -11, -11, -11, -10 + -7, 7, -7, -7, -7, -7, -7, -7, 2 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { - -1, 1, 5, 6, 7, 8, 16, 17 + -1, 1, 5, 6, 7, 14, 8, 17, 18 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -572,36 +584,37 @@ static const yytype_int8 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint8 yytable[] = { - 2, 14, 15, 3, 9, 4, 19, 10, 11, 3, - 13, 4, 12, 18 + 2, 9, 3, 3, 13, 10, 11, 4, 4, 19, + 20, 15, 16, 23, 12, 21, 0, 0, 0, 22 }; -static const yytype_uint8 yycheck[] = +static const yytype_int8 yycheck[] = { - 0, 3, 4, 3, 5, 5, 16, 8, 9, 3, - 8, 5, 7, 7 + 0, 7, 3, 3, 3, 11, 12, 8, 8, 10, + 6, 3, 4, 3, 7, 11, -1, -1, -1, 17 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { - 0, 11, 0, 3, 5, 12, 13, 14, 15, 5, - 8, 9, 11, 8, 3, 4, 16, 17, 7, 17 + 0, 14, 0, 3, 8, 15, 16, 17, 19, 7, + 11, 12, 14, 3, 18, 3, 4, 20, 21, 10, + 6, 11, 21, 3 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint8 yyr1[] = { - 0, 10, 11, 11, 11, 12, 12, 13, 14, 14, - 15, 15, 16, 16, 17, 17 + 0, 13, 14, 14, 14, 15, 15, 16, 17, 17, + 18, 18, 19, 19, 20, 20, 21, 21 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { - 0, 2, 0, 2, 2, 1, 1, 3, 2, 3, - 3, 2, 1, 2, 1, 1 + 0, 2, 0, 2, 2, 1, 1, 3, 2, 4, + 1, 3, 3, 2, 1, 2, 1, 1 }; @@ -1027,45 +1040,51 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c switch (yytype) { case 3: /* NAME */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1046 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 4: /* STRING */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1052 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 13: /* section */ -#line 93 "settings/settings_parser.y" /* yacc.c:1257 */ + case 16: /* section */ +#line 99 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1058 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 14: /* section_start */ -#line 93 "settings/settings_parser.y" /* yacc.c:1257 */ + case 17: /* section_start */ +#line 99 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1064 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 15: /* setting */ -#line 94 "settings/settings_parser.y" /* yacc.c:1257 */ + case 18: /* references */ +#line 101 "settings/settings_parser.y" /* yacc.c:1257 */ + { array_destroy_function(((*yyvaluep).refs), (void*)free, NULL); } +#line 1070 "settings/settings_parser.c" /* yacc.c:1257 */ + break; + + case 19: /* setting */ +#line 100 "settings/settings_parser.y" /* yacc.c:1257 */ { settings_kv_destroy(((*yyvaluep).kv), NULL); } -#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1076 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 16: /* value */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ + case 20: /* value */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1082 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 17: /* valuepart */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ + case 21: /* valuepart */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1088 "settings/settings_parser.c" /* yacc.c:1257 */ break; @@ -1331,64 +1350,84 @@ yyreduce: switch (yyn) { case 5: -#line 113 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 120 "settings/settings_parser.y" /* yacc.c:1646 */ { add_section(ctx, (yyvsp[0].sec)); } -#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1358 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 6: -#line 117 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 124 "settings/settings_parser.y" /* yacc.c:1646 */ { add_setting(ctx, (yyvsp[0].kv)); } -#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1366 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 7: -#line 124 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 131 "settings/settings_parser.y" /* yacc.c:1646 */ { pop_section(ctx); (yyval.sec) = (yyvsp[-2].sec); } -#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1375 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 8: -#line 132 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 139 "settings/settings_parser.y" /* yacc.c:1646 */ { (yyval.sec) = push_section(ctx, (yyvsp[-1].s)); } -#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1383 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 9: -#line 137 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 144 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.sec) = push_section(ctx, (yyvsp[-2].s)); + (yyval.sec) = push_section(ctx, (yyvsp[-3].s)); + add_references(ctx, (yyvsp[-1].refs)); + array_destroy((yyvsp[-1].refs)); } -#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1393 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 10: -#line 144 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 153 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); + (yyval.refs) = array_create(0, 0); + array_insert((yyval.refs), ARRAY_TAIL, (yyvsp[0].s)); } -#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1402 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 11: -#line 149 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 158 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); + array_insert((yyvsp[-2].refs), ARRAY_TAIL, (yyvsp[0].s)); + (yyval.refs) = (yyvsp[-2].refs); } -#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1411 "settings/settings_parser.c" /* yacc.c:1646 */ + break; + + case 12: +#line 166 "settings/settings_parser.y" /* yacc.c:1646 */ + { + (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); + } +#line 1419 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 13: -#line 157 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 171 "settings/settings_parser.y" /* yacc.c:1646 */ + { + (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); + } +#line 1427 "settings/settings_parser.c" /* yacc.c:1646 */ + break; + + case 15: +#line 179 "settings/settings_parser.y" /* yacc.c:1646 */ { /* just put a single space between them, use strings for more */ if (asprintf(&(yyval.s), "%s %s", (yyvsp[-1].s), (yyvsp[0].s)) < 0) { @@ -1399,11 +1438,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1442 "settings/settings_parser.c" /* yacc.c:1646 */ break; -#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1446 "settings/settings_parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -1631,7 +1670,7 @@ yyreturn: #endif return yyresult; } -#line 174 "settings/settings_parser.y" /* yacc.c:1906 */ +#line 196 "settings/settings_parser.y" /* yacc.c:1906 */ /** @@ -1700,6 +1739,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv) } /** + * Adds the given references to the section on top of the stack + */ +static void add_references(parser_helper_t *ctx, array_t *references) +{ + array_t *sections = (array_t*)ctx->context; + section_t *section; + enumerator_t *refs; + char *ref; + + array_get(sections, ARRAY_TAIL, §ion); + + refs = array_create_enumerator(references); + while (refs->enumerate(refs, &ref)) + { + settings_reference_add(section, ref, FALSE); + array_remove_at(references, refs); + } + refs->destroy(refs); +} + +/** * Parse the given file and add all sections and key/value pairs to the * given section. */ diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h index b41e0d56f..7c2a82841 100644 --- a/src/libstrongswan/settings/settings_parser.h +++ b/src/libstrongswan/settings/settings_parser.h @@ -47,28 +47,35 @@ extern int settings_parser_debug; { NAME = 258, STRING = 259, - NEWLINE = 260, - STRING_ERROR = 261 + DOT = 260, + COMMA = 261, + COLON = 262, + NEWLINE = 263, + STRING_ERROR = 264 }; #endif /* Tokens. */ #define NAME 258 #define STRING 259 -#define NEWLINE 260 -#define STRING_ERROR 261 +#define DOT 260 +#define COMMA 261 +#define COLON 262 +#define NEWLINE 263 +#define STRING_ERROR 264 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 77 "settings/settings_parser.y" /* yacc.c:1909 */ +#line 78 "settings/settings_parser.y" /* yacc.c:1909 */ char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; -#line 72 "settings/settings_parser.h" /* yacc.c:1909 */ +#line 79 "settings/settings_parser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y index 2ab9ea723..cc1c91775 100644 --- a/src/libstrongswan/settings/settings_parser.y +++ b/src/libstrongswan/settings/settings_parser.y @@ -1,6 +1,6 @@ %{ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -49,6 +49,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name); static section_t *pop_section(parser_helper_t *ctx); static void add_section(parser_helper_t *ctx, section_t *section); static void add_setting(parser_helper_t *ctx, kv_t *kv); +static void add_references(parser_helper_t *ctx, array_t *references); /** * Make sure to call lexer with the proper context @@ -78,20 +79,26 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx) char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; } %token <s> NAME STRING +%token DOT "." +%token COMMA "," +%token COLON ":" %token NEWLINE STRING_ERROR /* ...and other symbols */ %type <s> value valuepart %type <sec> section_start section %type <kv> setting +%type <refs> references /* properly destroy string tokens that are strdup()ed on error */ %destructor { free($$); } NAME STRING value valuepart /* properly destroy parse results on error */ %destructor { pop_section(ctx); settings_section_destroy($$, NULL); } section_start section %destructor { settings_kv_destroy($$, NULL); } setting +%destructor { array_destroy_function($$, (void*)free, NULL); } references /* there are two shift/reduce conflicts because of the "NAME = NAME" and * "NAME {" ambiguity, and the "NAME =" rule) */ @@ -133,9 +140,24 @@ section_start: $$ = push_section(ctx, $NAME); } | - NAME NEWLINE '{' + NAME ":" references '{' { $$ = push_section(ctx, $NAME); + add_references(ctx, $references); + array_destroy($references); + } + ; + +references: + NAME + { + $$ = array_create(0, 0); + array_insert($$, ARRAY_TAIL, $1); + } + | references "," NAME + { + array_insert($1, ARRAY_TAIL, $3); + $$ = $1; } ; @@ -239,6 +261,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv) } /** + * Adds the given references to the section on top of the stack + */ +static void add_references(parser_helper_t *ctx, array_t *references) +{ + array_t *sections = (array_t*)ctx->context; + section_t *section; + enumerator_t *refs; + char *ref; + + array_get(sections, ARRAY_TAIL, §ion); + + refs = array_create_enumerator(references); + while (refs->enumerate(refs, &ref)) + { + settings_reference_add(section, ref, FALSE); + array_remove_at(references, refs); + } + refs->destroy(refs); +} + +/** * Parse the given file and add all sections and key/value pairs to the * given section. */ diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c index 1c2d61de7..625b70409 100644 --- a/src/libstrongswan/settings/settings_types.c +++ b/src/libstrongswan/settings/settings_types.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -69,6 +69,12 @@ static void kv_destroy(kv_t *kv, int idx, array_t *contents) settings_kv_destroy(kv, contents); } +static void ref_destroy(section_ref_t *ref, int idx, void *ctx) +{ + free(ref->name); + free(ref); +} + /* * Described in header */ @@ -78,7 +84,7 @@ void settings_section_destroy(section_t *this, array_t *contents) array_destroy(this->sections_order); array_destroy_function(this->kv, (void*)kv_destroy, contents); array_destroy(this->kv_order); - array_destroy(this->fallbacks); + array_destroy_function(this->references, (void*)ref_destroy, NULL); free(this->name); free(this); } @@ -130,6 +136,35 @@ void settings_kv_add(section_t *section, kv_t *kv, array_t *contents) } /* + * Described in header + */ +void settings_reference_add(section_t *section, char *name, bool permanent) +{ + section_ref_t *ref; + int i; + + for (i = 0; i < array_count(section->references); i++) + { + array_get(section->references, i, &ref); + if (ref->permanent && !permanent) + { /* add it before any permanent references */ + break; + } + if (ref->permanent == permanent && streq(name, ref->name)) + { + free(name); + return; + } + } + + INIT(ref, + .name = name, + .permanent = permanent, + ); + array_insert_create(§ion->references, i, ref); +} + +/* * Add a section to the given parent, optionally remove settings/subsections * not found when extending an existing section */ @@ -167,14 +202,28 @@ void settings_section_add(section_t *parent, section_t *section, static bool section_purge(section_t *this, array_t *contents) { section_t *current; + section_ref_t *ref; int i, idx; array_destroy_function(this->kv, (void*)kv_destroy, contents); this->kv = NULL; array_destroy(this->kv_order); this->kv_order = NULL; - /* we ensure sections used as fallback, or configured with fallbacks (or - * having any such subsections) are not removed */ + /* remove non-permanent references */ + for (i = array_count(this->references) - 1; i >= 0; i--) + { + array_get(this->references, i, &ref); + if (!ref->permanent) + { + array_remove(this->references, i, NULL); + ref_destroy(ref, 0, NULL); + } + } + if (!array_count(this->references)) + { + array_destroy(this->references); + this->references = NULL; + } for (i = array_count(this->sections_order) - 1; i >= 0; i--) { array_get(this->sections_order, i, ¤t); @@ -187,7 +236,9 @@ static bool section_purge(section_t *this, array_t *contents) settings_section_destroy(current, contents); } } - return !this->fallbacks && !array_count(this->sections); + /* we ensure sections configured with permanent references (or having any + * such subsections) are not removed */ + return !this->references && !array_count(this->sections); } /* @@ -198,14 +249,15 @@ void settings_section_extend(section_t *base, section_t *extension, { enumerator_t *enumerator; section_t *section; + section_ref_t *ref; kv_t *kv; array_t *sections = NULL, *kvs = NULL; int idx; if (purge) - { /* remove sections and settings in base not found in extension, the - * others are removed too (from the _order list) so they can be inserted - * in the order found in extension */ + { /* remove sections, settings in base not found in extension, the others + * are removed too (from the _order list) so they can be inserted in the + * order found in extension, non-permanent references are removed */ enumerator = array_create_enumerator(base->sections_order); while (enumerator->enumerate(enumerator, (void**)§ion)) { @@ -245,6 +297,18 @@ void settings_section_extend(section_t *base, section_t *extension, array_sort(kvs, settings_kv_sort, NULL); } } + + enumerator = array_create_enumerator(base->references); + while (enumerator->enumerate(enumerator, (void**)&ref)) + { + if (ref->permanent) + { /* permanent references are ignored */ + continue; + } + array_remove_at(base->references, enumerator); + ref_destroy(ref, 0, NULL); + } + enumerator->destroy(enumerator); } while (array_remove(extension->sections_order, 0, §ion)) @@ -278,6 +342,16 @@ void settings_section_extend(section_t *base, section_t *extension, array_remove(extension->kv, idx, NULL); settings_kv_add(base, kv, contents); } + + while (array_remove(extension->references, 0, &ref)) + { + if (ref->permanent) + { /* ignore permanent references in the extension */ + continue; + } + settings_reference_add(base, strdup(ref->name), FALSE); + ref_destroy(ref, 0, NULL); + } array_destroy(sections); array_destroy(kvs); } diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h index 82bcb230a..8163a0134 100644 --- a/src/libstrongswan/settings/settings_types.h +++ b/src/libstrongswan/settings/settings_types.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ #define SETTINGS_TYPES_H_ typedef struct kv_t kv_t; +typedef struct section_ref_t section_ref_t; typedef struct section_t section_t; #include "collections/array.h" @@ -45,6 +46,23 @@ struct kv_t { }; /** + * Section reference. + */ +struct section_ref_t { + + /** + * Name of the referenced section. + */ + char *name; + + /** + * TRUE for permanent references that were added programmatically via + * add_fallback() and are not removed during reloads/purges. + */ + bool permanent; +}; + +/** * Section containing subsections and key value pairs. */ struct section_t { @@ -55,9 +73,9 @@ struct section_t { char *name; /** - * Fallback sections, as section_t. + * Referenced sections, as section_ref_t. */ - array_t *fallbacks; + array_t *references; /** * Subsections, as section_t. @@ -116,6 +134,15 @@ void settings_kv_set(kv_t *kv, char *value, array_t *contents); void settings_kv_add(section_t *section, kv_t *kv, array_t *contents); /** + * Add a reference to another section. + * + * @param section section to which to add the reference + * @param name name of the referenced section (adopted) + * @param permanent whether the reference is not removed during reloads + */ +void settings_reference_add(section_t *section, char *name, bool permanent); + +/** * Create a section with the given name. * * @param name name (gets adopted) diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 20cb27cf3..82bb640a8 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -354,7 +354,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -380,6 +379,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -400,8 +401,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -456,8 +455,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -486,8 +483,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c index c0a21fe34..4b2202431 100644 --- a/src/libstrongswan/tests/suites/test_identification.c +++ b/src/libstrongswan/tests/suites/test_identification.c @@ -234,6 +234,12 @@ static struct { .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }}, { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING, .data.s = "tester" }}, + {"xmppaddr:bob@strongswan.org", ID_DER_ASN1_GN, { .type = ENC_CHUNK, + .data.c = chunk_from_chars(0xa0,0x20,0x06,0x08,0x2b,0x06,0x01,0x05, + 0x05,0x07,0x08,0x05,0xa0,0x14,0x0c,0x12, + 0x62,0x6f,0x62,0x40,0x73,0x74,0x72,0x6f, + 0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f, + 0x72,0x67) }}, { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK, .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }}, { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING, diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c index 19f381ef3..30b7b5c11 100644 --- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c +++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c @@ -144,11 +144,12 @@ START_TEST(test_insert_before_ends) int round; enumerator = list->create_enumerator(list); + /* this does not change the enumerator position, which points to 1 */ list->insert_before(list, enumerator, (void*)0); ck_assert_int_eq(list->get_count(list), 6); ck_assert(list->get_first(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 0); - round = 0; + round = 1; while (enumerator->enumerate(enumerator, &x)) { ck_assert_int_eq(round, x); @@ -177,8 +178,13 @@ START_TEST(test_insert_before_empty) ck_assert_int_eq(x, 1); ck_assert(list->get_last(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 1); - ck_assert(enumerator->enumerate(enumerator, &x)); + ck_assert(!enumerator->enumerate(enumerator, &x)); + list->insert_before(list, enumerator, (void*)2); + ck_assert_int_eq(list->get_count(list), 2); + ck_assert(list->get_first(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 1); + ck_assert(list->get_last(list, (void*)&x) == SUCCESS); + ck_assert_int_eq(x, 2); ck_assert(!enumerator->enumerate(enumerator, NULL)); enumerator->destroy(enumerator); } @@ -221,6 +227,43 @@ START_TEST(test_remove_at) } END_TEST +START_TEST(test_remove_at_multi) +{ + enumerator_t *enumerator; + intptr_t x; + int round; + + round = 1; + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &x)) + { + ck_assert_int_eq(round, x); + if (round == 2 || round == 5) + { + list->remove_at(list, enumerator); + } + round++; + } + ck_assert_int_eq(list->get_count(list), 3); + list->reset_enumerator(list, enumerator); + round = 1; + while (enumerator->enumerate(enumerator, &x)) + { + if (round == 2) + { /* skip removed item */ + round++; + } + ck_assert_int_eq(round, x); + list->remove_at(list, enumerator); + round++; + } + ck_assert_int_eq(list->get_count(list), 0); + list->reset_enumerator(list, enumerator); + ck_assert(!enumerator->enumerate(enumerator, &x)); + enumerator->destroy(enumerator); +} +END_TEST + START_TEST(test_remove_at_ends) { enumerator_t *enumerator; @@ -228,14 +271,14 @@ START_TEST(test_remove_at_ends) enumerator = list->create_enumerator(list); list->remove_at(list, enumerator); - ck_assert_int_eq(list->get_count(list), 5); + ck_assert_int_eq(list->get_count(list), 4); ck_assert(list->get_first(list, (void*)&x) == SUCCESS); - ck_assert_int_eq(x, 1); + ck_assert_int_eq(x, 2); while (enumerator->enumerate(enumerator, &x)) { } list->remove_at(list, enumerator); - ck_assert_int_eq(list->get_count(list), 5); + ck_assert_int_eq(list->get_count(list), 4); ck_assert(list->get_last(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 5); enumerator->destroy(enumerator); @@ -254,14 +297,12 @@ START_TEST(test_insert_before_remove_at) { ck_assert_int_eq(round, x); if (round == 2) - { /* this replaces the current item, as insert_before does not change - * the enumerator position */ + { /* this replaces the current item */ list->insert_before(list, enumerator, (void*)42); list->remove_at(list, enumerator); } else if (round == 4) - { /* this does not replace the item, as remove_at moves the enumerator - * position to the previous item */ + { /* same here, the order of calls does not matter */ list->remove_at(list, enumerator); list->insert_before(list, enumerator, (void*)21); } @@ -276,13 +317,9 @@ START_TEST(test_insert_before_remove_at) { /* check replaced item */ ck_assert_int_eq(42, x); } - else if (round == 3) - { /* check misplaced item */ - ck_assert_int_eq(21, x); - } else if (round == 4) - { /* check misplaced item */ - ck_assert_int_eq(3, x); + { /* check replace item */ + ck_assert_int_eq(21, x); } else { @@ -348,6 +385,7 @@ Suite *linked_list_enumerator_suite_create() tc = tcase_create("modify"); tcase_add_checked_fixture(tc, setup_list, teardown_list); tcase_add_test(tc, test_remove_at); + tcase_add_test(tc, test_remove_at_multi); tcase_add_test(tc, test_remove_at_ends); tcase_add_test(tc, test_insert_before_remove_at); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c index 377f2a767..ac2b858bb 100644 --- a/src/libstrongswan/tests/suites/test_printf.c +++ b/src/libstrongswan/tests/suites/test_printf.c @@ -204,7 +204,7 @@ Suite *printf_suite_create() tcase_add_test(tc, test_printf_err); suite_add_tcase(s, tc); - tc = tcase_create("unsiged"); + tc = tcase_create("unsigned"); tcase_add_test(tc, test_printf_unsigned); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index 938fa38aa..099cd19c7 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -102,7 +102,12 @@ static struct { { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, + { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, + { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL }, + { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, + { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, @@ -159,6 +164,29 @@ START_TEST(test_select_spi) } END_TEST +START_TEST(test_matches) +{ + proposal_t *self, *other; + + self = proposal_create_from_string(select_data[_i].proto, + select_data[_i].self); + other = proposal_create_from_string(select_data[_i].proto, + select_data[_i].other); + if (select_data[_i].expected) + { + ck_assert(self->matches(self, other, FALSE)); + ck_assert(other->matches(other, self, FALSE)); + } + else + { + ck_assert(!self->matches(self, other, FALSE)); + ck_assert(!other->matches(other, self, FALSE)); + } + other->destroy(other); + self->destroy(self); +} +END_TEST + START_TEST(test_promote_dh_group) { proposal_t *proposal; @@ -312,6 +340,10 @@ Suite *proposal_suite_create() tcase_add_test(tc, test_select_spi); suite_add_tcase(s, tc); + tc = tcase_create("matches"); + tcase_add_loop_test(tc, test_matches, 0, countof(select_data)); + suite_add_tcase(s, tc); + tc = tcase_create("promote_dh_group"); tcase_add_test(tc, test_promote_dh_group); tcase_add_test(tc, test_promote_dh_group_already_front); diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 3f6353404..e6dc7744a 100644 --- a/src/libstrongswan/tests/suites/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -146,7 +146,7 @@ static void test_bad_sigs(public_key_t *pubkey) * RSA key sizes to test */ static int key_sizes[] = { - 768, 1024, 1536, 2048, 3072, 4096, + 1024, 1536, 2048, 3072, 4096, }; START_TEST(test_gen) diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 0759f7013..e0609605c 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -452,9 +452,10 @@ static void verify_sections(linked_list_t *verifier, char *parent) enumerator = settings->create_section_enumerator(settings, parent); ver = verifier->create_enumerator(verifier); - while (enumerator->enumerate(enumerator, §ion) && - ver->enumerate(ver, ¤t)) + while (enumerator->enumerate(enumerator, §ion)) { + ck_assert_msg(ver->enumerate(ver, ¤t), + "no more sections expected, found %s", section); ck_assert_str_eq(section, current); verifier->remove_at(verifier, ver); } @@ -498,10 +499,11 @@ static void verify_key_values(linked_list_t *keys, linked_list_t *values, enumerator = settings->create_key_value_enumerator(settings, parent); enum_keys = keys->create_enumerator(keys); enum_values = values->create_enumerator(values); - while (enumerator->enumerate(enumerator, &key, &value) && - enum_keys->enumerate(enum_keys, ¤t_key) && - enum_values->enumerate(enum_values, ¤t_value)) + while (enumerator->enumerate(enumerator, &key, &value)) { + ck_assert_msg(enum_keys->enumerate(enum_keys, ¤t_key), + "no more key/value expected, found %s = %s", key, value); + ck_assert(enum_values->enumerate(enum_values, ¤t_value)); ck_assert_str_eq(current_key, key); ck_assert_str_eq(current_value, value); keys->remove_at(keys, enum_keys); @@ -519,8 +521,8 @@ START_TEST(test_key_value_enumerator) { linked_list_t *keys, *values; - keys = linked_list_create_with_items("key1", "key2", "empty", "key3", NULL); - values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", NULL); + keys = linked_list_create_with_items("key1", "key2", "empty", "key3", "key4", "key5", NULL); + values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", "multi line\nstring", "escaped newline", NULL); verify_key_values(keys, values, "main"); keys = linked_list_create_with_items("key", "key2", "subsub", NULL); @@ -894,7 +896,6 @@ START_TEST(test_load_string) } END_TEST - START_TEST(test_load_string_section) { char *content = @@ -914,13 +915,6 @@ START_TEST(test_load_string_section) ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1")); verify_include(); - /* invalid strings are a failure */ - ck_assert(!settings->load_string_section(settings, "conf {", TRUE, "")); - /* NULL or empty strings are OK though */ - ck_assert(settings->load_string_section(settings, "", TRUE, "")); - ck_assert(settings->load_string_section(settings, NULL, TRUE, "")); - verify_include(); - ck_assert(settings->load_string_section(settings, include_content2, FALSE, "main")); verify_null("main.key1"); verify_string("v2", "main.key2"); @@ -934,6 +928,56 @@ START_TEST(test_load_string_section) } END_TEST +START_TEST(test_load_string_section_null) +{ + linked_list_t *keys, *values; + + char *content = + "main {\n" + " key1 = val1\n" + " key2 = val2\n" + " none = x\n" + " sub1 {\n" + " include = value\n" + " key2 = value2\n" + " }\n" + "}"; + + settings = settings_create_string(content); + + ck_assert(settings->load_string_section(settings, include_content1, TRUE, "")); + ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1")); + verify_include(); + + /* invalid strings are a failure */ + ck_assert(!settings->load_string_section(settings, "conf {", TRUE, "")); + /* NULL or empty strings are OK though when merging */ + ck_assert(settings->load_string_section(settings, "", TRUE, "")); + ck_assert(settings->load_string_section(settings, NULL, TRUE, "")); + verify_include(); + + /* they do purge the settings if merge is not TRUE */ + ck_assert(settings->load_string_section(settings, "", FALSE, "main")); + verify_null("main.key1"); + verify_null("main.sub1.key2"); + + keys = linked_list_create_with_items(NULL); + verify_sections(keys, "main"); + + keys = linked_list_create_with_items(NULL); + values = linked_list_create_with_items(NULL); + verify_key_values(keys, values, "main"); + + keys = linked_list_create_with_items("main", NULL); + verify_sections(keys, ""); + + ck_assert(settings->load_string_section(settings, NULL, FALSE, "")); + + keys = linked_list_create_with_items(NULL); + verify_sections(keys, ""); +} +END_TEST + START_SETUP(setup_fallback_config) { create_settings(chunk_from_str( @@ -1037,6 +1081,50 @@ START_TEST(test_add_fallback) } END_TEST +START_TEST(test_fallback_resolution) +{ + linked_list_t *keys, *values; + + settings->destroy(settings); + create_settings(chunk_from_str( + "base {\n" + " sub {\n" + " key1 = val1\n" + " key2 = val2\n" + " key5 = val5\n" + " subsub {\n" + " subkey1 = subval1\n" + " }\n" + " }\n" + "}\n" + "other {\n" + " sub {\n" + " key3 = val3\n" + " key4 = val4\n" + " }\n" + "}\n" + "main {\n" + " sub {\n" + " key4=\n" + " key5 = \n" + " }\n" + "}")); + + settings->add_fallback(settings, "other", "base"); + settings->add_fallback(settings, "main.sub", "other.sub"); + + verify_string("val1", "main.sub.key1"); + verify_string("val3", "main.sub.key3"); + verify_null("main.sub.key4"); + verify_null("main.sub.key5"); + verify_string("subval1", "main.sub.subsub.subkey1"); + + keys = linked_list_create_with_items("key3", "key1", "key2", NULL); + values = linked_list_create_with_items("val3", "val1", "val2", NULL); + verify_key_values(keys, values, "main.sub"); +} +END_TEST + START_TEST(test_add_fallback_printf) { settings->add_fallback(settings, "%s.sub1", "sub", "main"); @@ -1051,6 +1139,264 @@ START_TEST(test_add_fallback_printf) } END_TEST +START_TEST(test_references) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "main {\n" + " sub1 {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " key4 = sub1val4\n" + " subsub {\n" + " subkey1 = sub1subsubval1\n" + " subkey2 = sub1subsubval2\n" + " }\n" + " subsub1 {\n" + " subkey1 = sub1subsub1val1\n" + " }\n" + " }\n" + " sub2 : main.sub1 {\n" + " key2 = sub2val2\n" + " key3 = sub2val3\n" + " key4 =\n" + " subsub {\n" + " subkey1 = sub2subsubval1\n" + " subkey3 = sub2subsubval3\n" + " }\n" + " }\n" + "}")); + + verify_string("sub1val1", "main.sub2.key1"); + verify_string("sub2val2", "main.sub2.key2"); + verify_string("sub2val3", "main.sub2.key3"); + verify_null("main.sub2.key4"); + verify_string("sub2subsubval1", "main.sub2.subsub.subkey1"); + verify_string("sub1subsubval2", "main.sub2.subsub.subkey2"); + verify_string("sub2subsubval3", "main.sub2.subsub.subkey3"); + verify_string("sub1subsub1val1", "main.sub2.subsub1.subkey1"); + + keys = linked_list_create_with_items("subsub", "subsub1", NULL); + verify_sections(keys, "main.sub2"); + + keys = linked_list_create_with_items("key2", "key3", "key1", NULL); + values = linked_list_create_with_items("sub2val2", "sub2val3", "sub1val1", NULL); + verify_key_values(keys, values, "main.sub2"); + + keys = linked_list_create_with_items("subkey1", "subkey3", "subkey2", NULL); + values = linked_list_create_with_items("sub2subsubval1", "sub2subsubval3", "sub1subsubval2", NULL); + verify_key_values(keys, values, "main.sub2.subsub"); +} +END_TEST + +START_TEST(test_references_templates) +{ + create_settings(chunk_from_str( + "sub-def {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " subsub {\n" + " subkey1 = sub1subsubval1\n" + " }\n" + "}\n" + "subsub-def {\n" + " subkey1 = sub1subval1\n" + " subkey2 = sub1subval1\n" + "}\n" + "main {\n" + " sub1 : sub-def {\n" + " key1 = mainsub1val1\n" + " subsub : subsub-def {\n" + " subkey1 = mainsub1subval1\n" + " }\n" + " subsub1 {\n" + " subkey1 = mainsub1sub1val1\n" + " }\n" + " }\n" + " sub2 : sub-def {\n" + " key2 = mainsub2val2\n" + " key3 = mainsub2val3\n" + " subsub {\n" + " subkey3 = mainsub2subsubval3\n" + " }\n" + " }\n" + "}")); + + verify_string("mainsub1val1", "main.sub1.key1"); + verify_string("sub1val2", "main.sub1.key2"); + verify_string("mainsub1subval1", "main.sub1.subsub.subkey1"); + verify_string("sub1subval1", "main.sub1.subsub.subkey2"); + verify_string("mainsub1sub1val1", "main.sub1.subsub1.subkey1"); + verify_string("sub1val1", "main.sub2.key1"); + verify_string("mainsub2val2", "main.sub2.key2"); + verify_string("mainsub2val3", "main.sub2.key3"); + verify_string("sub1subsubval1", "main.sub2.subsub.subkey1"); + verify_null("main.sub2.subsub.subkey2"); + verify_string("mainsub2subsubval3", "main.sub2.subsub.subkey3"); +} +END_TEST + +START_TEST(test_references_order) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "main {\n" + " sub1 {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " subsub1 {\n" + " }\n" + " }\n" + " sub2 {\n" + " key2 = sub2val2\n" + " key3 = sub2val3\n" + " subsub2 {\n" + " }\n" + " }\n" + " sub3 : main.sub1, main.sub2 {\n" + " key3 = sub3val3\n" + " }\n" + " sub4 : main.sub2, main.sub1 {\n" + " key3 = sub4val3\n" + " }\n" + "}")); + + verify_string("sub1val2", "main.sub3.key2"); + verify_string("sub3val3", "main.sub3.key3"); + verify_string("sub2val2", "main.sub4.key2"); + verify_string("sub4val3", "main.sub4.key3"); + + /* the order of referenced keys/subsections depends on the reference + * statement's order */ + keys = linked_list_create_with_items("subsub1", "subsub2", NULL); + verify_sections(keys, "main.sub3"); + + keys = linked_list_create_with_items("subsub2", "subsub1", NULL); + verify_sections(keys, "main.sub4"); + + /* local keys are always enumerated first */ + keys = linked_list_create_with_items("key3", "key1", "key2", NULL); + values = linked_list_create_with_items("sub3val3", "sub1val1", "sub1val2", NULL); + verify_key_values(keys, values, "main.sub3"); + + keys = linked_list_create_with_items("key3", "key2", "key1", NULL); + values = linked_list_create_with_items("sub4val3", "sub2val2", "sub1val1", NULL); + verify_key_values(keys, values, "main.sub4"); +} +END_TEST + +START_TEST(test_references_resolution) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "sec-a {\n" + " sub1 {\n" + " a1 = val-a1\n" + " key = sec-a-val1\n" + " sub-a {\n" + " }\n" + " }\n" + "}\n" + "sec-b : sec-a {\n" + " sub1 {\n" + " b1 = val-b1\n" + " key = sec-b-val1\n" + " sub-b1 {\n" + " }\n" + " }\n" + " sub2 {\n" + " b2 = val-b2\n" + " key = sec-b-val2\n" + " sub-b2 {\n" + " }\n" + " }\n" + "}\n" + "sec-c : sec-b {\n" + " sub2 : sec-b.sub1 {\n" + " c2 = val-c2\n" + " key = sec-c-val2\n" + " sub-c2 {\n" + " }\n" + " }\n" + "}")); + + verify_string("sec-c-val2", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-c.sub2.key"); + verify_string("sec-b-val1", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-b.sub1.key"); + verify_string("sec-a-val1", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-a.sub1.key"); + verify_string("sec-b-val2", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-b.sub2.key"); + verify_null("sec-c.sub2.key"); + + keys = linked_list_create_with_items("sub-c2", "sub-b1", "sub-a", "sub-b2", NULL); + verify_sections(keys, "sec-c.sub2"); + + keys = linked_list_create_with_items("c2", "b1", "a1", "b2", NULL); + values = linked_list_create_with_items("val-c2", "val-b1", "val-a1", "val-b2", NULL); + verify_key_values(keys, values, "sec-c.sub2"); +} +END_TEST + +START_TEST(test_references_fallback) +{ + linked_list_t *keys, *values; + +#define test_references_fallback_base_settings \ + "lib {\n" \ + " key1 = libval1\n" \ + " keylib = libval\n" \ + " sub {\n" \ + " key1 = libsubval1\n" \ + " }\n" \ + " libsub {\n" \ + " }\n" \ + "}\n" \ + "other {\n" \ + " key1 = otherval1\n" \ + " keyother = otherval\n" \ + " sub {\n" \ + " key1 = othersubval1\n" \ + " }\n" \ + " othersub {\n" \ + " }\n" \ + "}\n" + + create_settings(chunk_from_str( + test_references_fallback_base_settings "app : other {}")); + + /* references have precedence over fallbacks */ + settings->add_fallback(settings, "app", "lib"); + verify_string("otherval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("othersubval1", "app.sub.key1"); + + keys = linked_list_create_with_items("sub", "othersub", "libsub", NULL); + verify_sections(keys, "app"); + + keys = linked_list_create_with_items("key1", "keyother", "keylib", NULL); + values = linked_list_create_with_items("otherval1", "otherval", "libval", NULL); + verify_key_values(keys, values, "app"); + + /* fallbacks are unaffected when reloading configs with references */ + ck_assert(settings->load_string_section(settings, + test_references_fallback_base_settings "app {}", FALSE, "")); + verify_string("libval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("libsubval1", "app.sub.key1"); + + ck_assert(settings->load_string_section(settings, + test_references_fallback_base_settings "app : other {}", FALSE, "")); + verify_string("otherval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("othersubval1", "app.sub.key1"); +} +END_TEST + START_SETUP(setup_string_config) { create_settings(chunk_from_str( @@ -1115,6 +1461,25 @@ START_TEST(test_valid) ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(settings->load_files(settings, path, FALSE)); verify_string("a setting with = and { character", "equals"); + + contents = chunk_from_str( + "ref { key = value }\nvalid:ref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + + contents = chunk_from_str( + "ref { key = value }\nvalid\n:\nref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + + contents = chunk_from_str( + "ref { key = value }\nother { key1 = value1 }\nvalid\n:\nref\n\t,\nother {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + verify_string("value1", "valid.key1"); } END_TEST @@ -1157,6 +1522,21 @@ START_TEST(test_invalid) "\"unexpected\" = string"); ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "incorrect :: ref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "/var/log/daemon.log { dmn = 1 }"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "filelog { /var/log/daemon.log = 1 }"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); } END_TEST @@ -1326,14 +1706,25 @@ Suite *settings_suite_create() tcase_add_checked_fixture(tc, setup_include_config, teardown_config); tcase_add_test(tc, test_load_string); tcase_add_test(tc, test_load_string_section); + tcase_add_test(tc, test_load_string_section_null); suite_add_tcase(s, tc); tc = tcase_create("fallback"); tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config); tcase_add_test(tc, test_add_fallback); + tcase_add_test(tc, test_fallback_resolution); tcase_add_test(tc, test_add_fallback_printf); suite_add_tcase(s, tc); + tc = tcase_create("references"); + tcase_add_checked_fixture(tc, NULL, teardown_config); + tcase_add_test(tc, test_references); + tcase_add_test(tc, test_references_templates); + tcase_add_test(tc, test_references_order); + tcase_add_test(tc, test_references_resolution); + tcase_add_test(tc, test_references_fallback); + suite_add_tcase(s, tc); + tc = tcase_create("strings"); tcase_add_checked_fixture(tc, setup_string_config, teardown_config); tcase_add_test(tc, test_strings); diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 00f000a6a..f1d46ee6b 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -860,47 +860,75 @@ END_TEST static struct { char *s; bool ok; + mark_op_t ops; mark_t m; } mark_data[] = { - {NULL, FALSE, { 0 }}, - {"", TRUE, { 0, 0xffffffff }}, - {"/", TRUE, { 0, 0 }}, - {"42", TRUE, { 42, 0xffffffff }}, - {"0x42", TRUE, { 0x42, 0xffffffff }}, - {"x", FALSE, { 0 }}, - {"42/", TRUE, { 0, 0 }}, - {"42/0", TRUE, { 0, 0 }}, - {"42/x", FALSE, { 0 }}, - {"42/42", TRUE, { 42, 42 }}, - {"42/0xff", TRUE, { 42, 0xff }}, - {"0x42/0xff", TRUE, { 0x42, 0xff }}, - {"/0xff", TRUE, { 0, 0xff }}, - {"/x", FALSE, { 0 }}, - {"x/x", FALSE, { 0 }}, - {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }}, - {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique/", TRUE, { MARK_UNIQUE, 0 }}, - {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, - {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique0xffffffffff", FALSE, { 0, 0 }}, - {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, - {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }}, - {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, - {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-dir0xffffffff", FALSE, { 0, 0 }}, - {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, - {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-/0xffffffff", FALSE, { 0, 0 }}, - {"%unique-foo/0xffffffff", FALSE, { 0, 0 }}, + {NULL, FALSE, MARK_OP_NONE, { 0 }}, + {"", TRUE, MARK_OP_NONE, { 0, 0xffffffff }}, + {"/", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42", TRUE, MARK_OP_NONE, { 42, 0xffffffff }}, + {"0x42", TRUE, MARK_OP_NONE, { 0x42, 0xffffffff }}, + {"x", FALSE, MARK_OP_NONE, { 0 }}, + {"42/", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42/0", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42/x", FALSE, MARK_OP_NONE, { 0 }}, + {"42/42", TRUE, MARK_OP_NONE, { 42, 42 }}, + {"42/0xff", TRUE, MARK_OP_NONE, { 42, 0xff }}, + {"0x42/0xff", TRUE, MARK_OP_NONE, { 0x42, 0xff }}, + {"/0xff", TRUE, MARK_OP_NONE, { 0, 0xff }}, + {"/x", FALSE, MARK_OP_NONE, { 0 }}, + {"x/x", FALSE, MARK_OP_NONE, { 0 }}, + {"0xfffffff0/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { 0x0000fff0, 0x0000ffff }}, + {"%unique", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique/", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0 }}, + {"%unique", FALSE, MARK_OP_NONE, + { 0, 0 }}, + {"%unique/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0x0000ffff }}, + {"%unique/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique0xffffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"0xffffffff/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0x0000ffff }}, + {"0xffffffff/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique-dir", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir/", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0 }}, + {"%unique-dir", FALSE, MARK_OP_NONE, + { 0, 0 }}, + {"%unique-dir/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"%unique-dir/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"0xfffffffe/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"0xfffffffe/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-/0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"%unique-foo/0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"%same", TRUE, MARK_OP_SAME, + { MARK_SAME, 0xffffffff }}, + {"%same/0x0000ffff", TRUE, MARK_OP_SAME, + { MARK_SAME, 0x0000ffff }}, + {"%%same", FALSE, MARK_OP_NONE, + { 0, 0 }}, }; START_TEST(test_mark_from_string) { mark_t mark; - if (mark_from_string(mark_data[_i].s, &mark)) + if (mark_from_string(mark_data[_i].s, mark_data[_i].ops, &mark)) { ck_assert_int_eq(mark.value, mark_data[_i].m.value); ck_assert_int_eq(mark.mask, mark_data[_i].m.mask); diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c index a26889580..135c8022e 100644 --- a/src/libstrongswan/threading/windows/mutex.c +++ b/src/libstrongswan/threading/windows/mutex.c @@ -112,7 +112,7 @@ METHOD(condvar_t, timed_wait, bool, thread_set_active_condvar(&this->cv); /* while a CriticalSection is recursive, waiting in a condvar releases - * only one mutex. So release (and reaquire) all locks except the last. */ + * only one mutex. So release (and reacquire) all locks except the last. */ times = mutex->times; while (mutex->times-- > 1) { diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 56298a60f..36c0c9daa 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -1222,6 +1222,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { "dns:", ID_FQDN }, { "asn1dn:", ID_DER_ASN1_DN }, { "asn1gn:", ID_DER_ASN1_GN }, + { "xmppaddr:", ID_DER_ASN1_GN }, { "keyid:", ID_KEY_ID }, }; private_identification_t *this; @@ -1233,6 +1234,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { this = identification_create(prefixes[i].type); str += strlen(prefixes[i].str); + if (*str == '#') { this->encoded = chunk_from_hex(chunk_from_str(str + 1), NULL); @@ -1241,6 +1243,17 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { this->encoded = chunk_clone(chunk_from_str(str)); } + + if (prefixes[i].type == ID_DER_ASN1_GN && + strcasepfx(prefixes[i].str, "xmppaddr:")) + { + this->encoded = asn1_wrap(ASN1_CONTEXT_C_0, "mm", + asn1_build_known_oid(OID_XMPP_ADDR), + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_UTF8STRING, "m", + this->encoded))); + } + return this; } } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index b873e12a8..efeb0f478 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Tobias Brunner + * Copyright (C) 2013-2018 Tobias Brunner * Copyright (C) 2006-2013 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -162,7 +162,12 @@ static spinlock_t *lock; /** * Is leak detection currently enabled? */ -static bool enabled = FALSE; +static bool enabled; + +/** + * Whether to report calls to free() with memory not allocated by us + */ +static bool ignore_unknown; /** * Is leak detection disabled for the current thread? @@ -609,6 +614,11 @@ static char *whitelist[] = { /* FHH IMCs and IMVs */ "TNC_IMC_NotifyConnectionChange", "TNC_IMV_NotifyConnectionChange", + /* Botan */ + "botan_public_key_load", + "botan_privkey_create_ecdsa", + "botan_privkey_create_ecdh", + "botan_privkey_load_ecdh", }; /** @@ -883,7 +893,7 @@ HOOK(void, free, void *ptr) return; } /* allow freeing of NULL */ - if (ptr == NULL) + if (!ptr) { return; } @@ -894,21 +904,47 @@ HOOK(void, free, void *ptr) if (hdr->magic != MEMORY_HEADER_MAGIC || tail->magic != MEMORY_TAIL_MAGIC) { + bool bt = TRUE; + + /* check if memory appears to be allocated by our hooks */ if (has_hdr(hdr)) { - /* memory was allocated by our hooks but is corrupted */ fprintf(stderr, "freeing corrupted memory (%p): " - "header magic 0x%x, tail magic 0x%x:\n", - ptr, hdr->magic, tail->magic); + "%u bytes, header magic 0x%x, tail magic 0x%x:\n", + ptr, hdr->bytes, hdr->magic, tail->magic); + remove_hdr(hdr); + + if (hdr->magic == MEMORY_HEADER_MAGIC) + { /* only access the old backtrace if header magic is valid */ + hdr->backtrace->log(hdr->backtrace, stderr, TRUE); + hdr->backtrace->destroy(hdr->backtrace); + } + else + { + fprintf(stderr, " header magic invalid, ignore backtrace of " + "allocation\n"); + } } else { - /* memory was not allocated by our hooks */ - fprintf(stderr, "freeing invalid memory (%p)\n", ptr); + /* just free this block of unknown memory */ + hdr = ptr; + + if (ignore_unknown) + { + bt = FALSE; + } + else + { + fprintf(stderr, "freeing unknown memory (%p):\n", ptr); + } + } + if (bt) + { + backtrace = backtrace_create(2); + backtrace->log(backtrace, stderr, TRUE); + backtrace->destroy(backtrace); } - backtrace = backtrace_create(2); - backtrace->log(backtrace, stderr, TRUE); - backtrace->destroy(backtrace); } else { @@ -916,12 +952,11 @@ HOOK(void, free, void *ptr) hdr->backtrace->destroy(hdr->backtrace); - /* clear MAGIC, set mem to something remarkable */ + /* set mem to something remarkable */ memset(hdr, MEMORY_FREE_PATTERN, sizeof(memory_header_t) + hdr->bytes + sizeof(memory_tail_t)); - - real_free(hdr); } + real_free(hdr); enable_thread(before); } @@ -933,19 +968,19 @@ HOOK(void*, realloc, void *old, size_t bytes) memory_header_t *hdr; memory_tail_t *tail; backtrace_t *backtrace; - bool before; + bool before, have_backtrace = TRUE; if (!enabled || thread_disabled->get(thread_disabled)) { return real_realloc(old, bytes); } /* allow reallocation of NULL */ - if (old == NULL) + if (!old) { return malloc(bytes); } /* handle zero size as a free() */ - if (bytes == 0) + if (!bytes) { free(old); return NULL; @@ -954,22 +989,64 @@ HOOK(void*, realloc, void *old, size_t bytes) hdr = old - sizeof(memory_header_t); tail = old + hdr->bytes; - remove_hdr(hdr); - + before = enable_thread(FALSE); if (hdr->magic != MEMORY_HEADER_MAGIC || tail->magic != MEMORY_TAIL_MAGIC) { - fprintf(stderr, "reallocating invalid memory (%p):\n" - "header magic 0x%x:\n", old, hdr->magic); - backtrace = backtrace_create(2); - backtrace->log(backtrace, stderr, TRUE); - backtrace->destroy(backtrace); + bool bt = TRUE; + + /* check if memory appears to be allocated by our hooks */ + if (has_hdr(hdr)) + { + fprintf(stderr, "reallocating corrupted memory (%p, %u bytes): " + "%zu bytes, header magic 0x%x, tail magic 0x%x:\n", + old, hdr->bytes, bytes, hdr->magic, tail->magic); + remove_hdr(hdr); + + if (hdr->magic == MEMORY_HEADER_MAGIC) + { /* only access header fields (backtrace, bytes) if header magic + * is still valid */ + hdr->backtrace->log(hdr->backtrace, stderr, TRUE); + memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic)); + } + else + { + fprintf(stderr, " header magic invalid, ignore backtrace of " + "allocation\n"); + have_backtrace = FALSE; + hdr->magic = MEMORY_HEADER_MAGIC; + } + } + else + { + /* adopt this block of unknown memory */ + hdr = old; + have_backtrace = FALSE; + + if (ignore_unknown) + { + bt = FALSE; + } + else + { + fprintf(stderr, "reallocating unknown memory (%p): %zu bytes:\n", + old, bytes); + } + } + if (bt) + { + backtrace = backtrace_create(2); + backtrace->log(backtrace, stderr, TRUE); + backtrace->destroy(backtrace); + } } else { + remove_hdr(hdr); /* clear tail magic, allocate, set tail magic */ memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic)); } + hdr = real_realloc(hdr, sizeof(memory_header_t) + bytes + sizeof(memory_tail_t)); tail = ((void*)hdr) + bytes + sizeof(memory_header_t); @@ -978,8 +1055,10 @@ HOOK(void*, realloc, void *old, size_t bytes) /* update statistics */ hdr->bytes = bytes; - before = enable_thread(FALSE); - hdr->backtrace->destroy(hdr->backtrace); + if (have_backtrace) + { + hdr->backtrace->destroy(hdr->backtrace); + } hdr->backtrace = backtrace_create(2); enable_thread(before); @@ -1022,6 +1101,7 @@ leak_detective_t *leak_detective_create() free(this); return NULL; } + ignore_unknown = getenv("LEAK_DETECTIVE_IGNORE_UNKNOWN") != NULL; lock = spinlock_create(); thread_disabled = thread_value_create(NULL); diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h index a973b1adc..c23b361ec 100644 --- a/src/libstrongswan/utils/utils/atomics.h +++ b/src/libstrongswan/utils/utils/atomics.h @@ -27,8 +27,14 @@ */ typedef u_int refcount_t; +/* use __atomic* built-ins with clang, if available (note that clang also + * defines __GNUC__, however only claims to be GCC 4.2) */ +#if defined(__clang__) +# if __has_builtin(__atomic_add_fetch) +# define HAVE_GCC_ATOMIC_OPERATIONS +# endif /* use __atomic* built-ins with GCC 4.7 and newer */ -#ifdef __GNUC__ +#elif defined(__GNUC__) # if (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6)) # define HAVE_GCC_ATOMIC_OPERATIONS # endif @@ -47,7 +53,7 @@ typedef u_int refcount_t; #define ref_put(ref) (!__atomic_sub_fetch(ref, 1, __ATOMIC_ACQ_REL)) #define ref_cur(ref) __atomic_load_n(ref, __ATOMIC_RELAXED) -#define _cas_impl(ptr, oldval, newval) ({ typeof(oldval) _old = oldval; \ +#define _cas_impl(ptr, oldval, newval) ({ typeof(*ptr) _old = oldval; \ __atomic_compare_exchange_n(ptr, &_old, newval, FALSE, \ __ATOMIC_SEQ_CST, __ATOMIC_RELAXED); }) #define cas_bool(ptr, oldval, newval) _cas_impl(ptr, oldval, newval) diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 3412ab1cb..ea6449df3 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -363,7 +363,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -389,6 +388,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -409,8 +410,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -465,8 +464,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -495,8 +492,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index c46ca18bd..20913bc09 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -333,6 +332,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -353,8 +354,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -409,8 +408,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,8 +436,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 2ba6dd2a6..1f2439ca1 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -188,7 +188,7 @@ static status_t process_server_hello(private_tls_peer_t *this, suite = cipher; if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1, KEY_ANY)) { - DBG1(DBG_TLS, "received TLS cipher suite %N inacceptable", + DBG1(DBG_TLS, "received TLS cipher suite %N unacceptable", tls_cipher_suite_names, suite); this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE); return NEED_MORE; diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 422211afa..70d17f22c 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -190,7 +190,7 @@ static bool select_suite_and_key(private_tls_server_t *this, suites, count, type); if (!this->suite) { - DBG1(DBG_TLS, "received cipher suites inacceptable"); + DBG1(DBG_TLS, "received cipher suites unacceptable"); return FALSE; } this->server_auth->destroy(this->server_auth); @@ -199,7 +199,7 @@ static bool select_suite_and_key(private_tls_server_t *this, this->server_auth); if (!key) { - DBG1(DBG_TLS, "received cipher suites inacceptable"); + DBG1(DBG_TLS, "received cipher suites unacceptable"); return FALSE; } } diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h index 0d4db3b41..7924c585c 100644 --- a/src/libtls/tls_socket.h +++ b/src/libtls/tls_socket.h @@ -104,7 +104,7 @@ struct tls_socket_t { * @param peer client identity, NULL for no client authentication * @param fd socket to read/write from * @param cache session cache to use, or NULL - * @param max_version maximun TLS version to negotiate + * @param max_version maximum TLS version to negotiate * @param nullok accept NULL encryption ciphers * @return TLS socket wrapper */ diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index 97995800b..ab45f6f91 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -367,7 +367,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -393,6 +392,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -413,8 +414,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -469,8 +468,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -499,8 +496,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 7143a1ce2..70c87ee51 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index a142a7eff..532ec741a 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -342,6 +341,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -362,8 +363,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -418,8 +417,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -448,8 +445,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index 72a195eca..4ffdf5a43 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index 7e15cb2ff..7649e999b 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -351,6 +350,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -371,8 +372,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -427,8 +426,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -457,8 +454,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index d7d445fd1..69d48dc47 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -328,7 +328,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -354,6 +353,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -374,8 +375,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -430,8 +429,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -460,8 +457,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c index 86ae1c099..32d950297 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c @@ -92,6 +92,11 @@ struct private_tnccs_20_server_t { bool request_handshake_retry; /** + * Flag set after sending SRETRY batch + */ + bool retry_handshake; + + /** * SendMessage() by IMV only allowed if flag is set */ bool send_msg; @@ -279,8 +284,9 @@ static void build_retry_batch(private_tnccs_20_server_t *this) change_batch_type(this, PB_BATCH_SRETRY); this->recs->clear_recommendation(this->recs); - tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, - TNC_CONNECTION_STATE_HANDSHAKE); + + /* Handshake will be retried with next incoming CDATA batch */ + this->retry_handshake = TRUE; } METHOD(tnccs_20_handler_t, process, status_t, @@ -301,7 +307,17 @@ METHOD(tnccs_20_handler_t, process, status_t, pb_tnc_msg_t *msg; bool empty = TRUE; - if (batch_type == PB_BATCH_CRETRY) + if (batch_type == PB_BATCH_CDATA) + { + /* retry handshake after a previous SRETRY batch */ + if (this->retry_handshake) + { + tnc->imvs->notify_connection_change(tnc->imvs, + this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + this->retry_handshake = FALSE; + } + } + else if (batch_type == PB_BATCH_CRETRY) { /* Send an SRETRY batch in response */ this->mutex->lock(this->mutex); diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 79db1e9b4..d18924612 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index bd1da8e18..9b4b149a5 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -277,7 +277,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -303,6 +302,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -323,8 +324,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -379,8 +378,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -409,8 +406,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am index 1b3a9706f..d192fc126 100644 --- a/src/libtpmtss/Makefile.am +++ b/src/libtpmtss/Makefile.am @@ -24,8 +24,8 @@ libtpmtss_la_SOURCES = \ tpm_tss.h tpm_tss.c \ tpm_tss_quote_info.h tpm_tss_quote_info.c \ tpm_tss_trousers.h tpm_tss_trousers.c \ - tpm_tss_tss2.h tpm_tss_tss2.c \ - tpm_tss_tss2_names.h tpm_tss_tss2_names.c + tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c if MONOLITHIC SUBDIRS = diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in index 50861bcdd..724906de9 100644 --- a/src/libtpmtss/Makefile.in +++ b/src/libtpmtss/Makefile.in @@ -146,7 +146,8 @@ libtpmtss_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) $(am__append_4) am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \ - tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo + tpm_tss_trousers.lo tpm_tss_tss2_v1.lo tpm_tss_tss2_v2.lo \ + tpm_tss_tss2_names_v1.lo tpm_tss_tss2_names_v2.lo libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -355,7 +356,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -381,6 +381,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -401,8 +403,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -457,8 +457,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -487,8 +485,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -511,8 +513,8 @@ libtpmtss_la_SOURCES = \ tpm_tss.h tpm_tss.c \ tpm_tss_quote_info.h tpm_tss_quote_info.c \ tpm_tss_trousers.h tpm_tss_trousers.c \ - tpm_tss_tss2.h tpm_tss_tss2.c \ - tpm_tss_tss2_names.h tpm_tss_tss2_names.c + tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) @MONOLITHIC_TRUE@SUBDIRS = $(am__append_3) @@ -600,8 +602,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_quote_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_trousers.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v2.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in index e03e73656..7cbd25414 100644 --- a/src/libtpmtss/plugins/tpm/Makefile.in +++ b/src/libtpmtss/plugins/tpm/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libtpmtss/plugins/tpm/tpm_plugin.c b/src/libtpmtss/plugins/tpm/tpm_plugin.c index e98899852..a00f46ea2 100644 --- a/src/libtpmtss/plugins/tpm/tpm_plugin.c +++ b/src/libtpmtss/plugins/tpm/tpm_plugin.c @@ -18,6 +18,7 @@ #include "tpm_cert.h" #include "tpm_rng.h" +#include <tpm_tss.h> #include <library.h> typedef struct private_tpm_plugin_t private_tpm_plugin_t; @@ -80,6 +81,7 @@ METHOD(plugin_t, destroy, void, private_tpm_plugin_t *this) { free(this); + libtpmtss_deinit(); } /* @@ -89,6 +91,11 @@ plugin_t *tpm_plugin_create() { private_tpm_plugin_t *this; + if (!libtpmtss_init()) + { + return NULL; + } + INIT(this, .public = { .plugin = { diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c index 0df5ee94c..3b7582ae3 100644 --- a/src/libtpmtss/plugins/tpm/tpm_private_key.c +++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c @@ -93,7 +93,7 @@ METHOD(private_key_t, sign, bool, enumerator->destroy(enumerator); return this->tpm->sign(this->tpm, this->hierarchy, this->handle, scheme, - data, pin, signature); + params, data, pin, signature); } METHOD(private_key_t, decrypt, bool, diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c index 42a341896..72fd45b81 100644 --- a/src/libtpmtss/tpm_tss.c +++ b/src/libtpmtss/tpm_tss.c @@ -27,12 +27,20 @@ /** * Described in header. */ -void libtpmtss_init(void) +bool libtpmtss_init(void) { - /* empty */ + return tpm_tss_tss2_init(); } -typedef tpm_tss_t*(*tpm_tss_create)(); +/** + * Described in header. + */ +void libtpmtss_deinit(void) +{ + tpm_tss_tss2_deinit(); +} + +typedef tpm_tss_t*(*tpm_tss_create)(void); /** * See header. diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h index bcb7ab949..11e4a7c15 100644 --- a/src/libtpmtss/tpm_tss.h +++ b/src/libtpmtss/tpm_tss.h @@ -48,14 +48,14 @@ struct tpm_tss_t { /** * Get TPM version supported by TSS * - * @return TPM version + * @return TPM version */ tpm_version_t (*get_version)(tpm_tss_t *this); /** * Get TPM version info (TPM 1.2 only) * - * @return TPM version info struct + * @return TPM version info struct */ chunk_t (*get_version_info)(tpm_tss_t *this); @@ -74,8 +74,8 @@ struct tpm_tss_t { /** * Get public key from TPM using its object handle (TPM 2.0 only) * - * @param handle key object handle - * @return public key in PKCS#1 format + * @param handle key object handle + * @return public key in PKCS#1 format */ chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle); @@ -125,14 +125,15 @@ struct tpm_tss_t { * @param handle object handle of TPM key to be used for signature * @param hierarchy hierarchy the TPM key object is attached to * @param scheme scheme to be used for signature + * @param param signature scheme parameters * @param data data to be hashed and signed * @param pin PIN code or empty chunk * @param signature returns signature * @return TRUE if signature succeeded */ bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle, - signature_scheme_t scheme, chunk_t data, chunk_t pin, - chunk_t *signature); + signature_scheme_t scheme, void *params, chunk_t data, + chunk_t pin, chunk_t *signature); /** * Get random bytes from the TPM @@ -169,8 +170,15 @@ struct tpm_tss_t { tpm_tss_t *tpm_tss_probe(tpm_version_t version); /** - * Dummy libtpmtss initialization function needed for integrity test + * libtpmtss initialization function + * + * @return TRUE if initialization was successful + */ +bool libtpmtss_init(void); + +/** + * libtpmtss de-initialization function */ -void libtpmtss_init(void); +void libtpmtss_deinit(void); #endif /** TPM_TSS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c index 6ed57af9d..81e542d02 100644 --- a/src/libtpmtss/tpm_tss_trousers.c +++ b/src/libtpmtss/tpm_tss_trousers.c @@ -584,7 +584,8 @@ err1: METHOD(tpm_tss_t, sign, bool, private_tpm_tss_trousers_t *this, uint32_t hierarchy, uint32_t handle, - signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature) + signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin, + chunk_t *signature) { return FALSE; } diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h index 3afba0db2..3ff3e6685 100644 --- a/src/libtpmtss/tpm_tss_trousers.h +++ b/src/libtpmtss/tpm_tss_trousers.h @@ -47,6 +47,6 @@ struct tpm_tss_trousers_t { /** * Create a tpm_tss_trousers instance. */ -tpm_tss_t *tpm_tss_trousers_create(); +tpm_tss_t *tpm_tss_trousers_create(void); #endif /** TPM_TSS_TROUSERS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2.h b/src/libtpmtss/tpm_tss_tss2.h index f3a11e5fd..f2846c916 100644 --- a/src/libtpmtss/tpm_tss_tss2.h +++ b/src/libtpmtss/tpm_tss_tss2.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,6 +26,18 @@ /** * Create a tpm_tss_tss2 instance. */ -tpm_tss_t *tpm_tss_tss2_create(); +tpm_tss_t *tpm_tss_tss2_create(void); + +/** + * Initialize the tpm_tss_tss2 library. + * + * @return TRUE if initialization was successful + */ +bool tpm_tss_tss2_init(void); + +/** + * /De-initialize the tpm_tss_tss2 library. + */ +void tpm_tss_tss2_deinit(void); #endif /** TPM_TSS_TSS2_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names_v1.c index a613ac566..d2a4b5b57 100644 --- a/src/libtpmtss/tpm_tss_tss2_names.c +++ b/src/libtpmtss/tpm_tss_tss2_names_v1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,7 @@ #include "tpm_tss_tss2_names.h" -#ifdef TSS_TSS2 +#ifdef TSS_TSS2_V1 #include <tpm20.h> @@ -102,7 +102,9 @@ ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P6 ); ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256); -#else /* TSS_TSS2 */ +#else /* TSS_TSS2_V1 */ + +#ifndef TSS_TSS2_V2 /** * TPM 2.0 algorithm ID names @@ -118,6 +120,8 @@ ENUM(tpm_ecc_curve_names, 0, 0, "NONE" ); -#endif /* TSS_TSS2 */ +#endif /* !TSS_TSS2_V2 */ + +#endif /* TSS_TSS2_V1 */ diff --git a/src/libtpmtss/tpm_tss_tss2_names_v2.c b/src/libtpmtss/tpm_tss_tss2_names_v2.c new file mode 100644 index 000000000..c8d29e4e6 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_names_v2.c @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2018 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifdef TSS_TSS2_V2 + +#include "tpm_tss_tss2_names.h" + +#include <tss2/tss2_sys.h> + +/** + * TPM 2.0 algorithm ID names + */ +ENUM_BEGIN(tpm_alg_id_names, TPM2_ALG_ERROR, TPM2_ALG_RSA, + "ERROR", + "RSA" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SHA1, TPM2_ALG_KEYEDHASH, TPM2_ALG_RSA, + "SHA1", + "HMAC", + "AES", + "MGF1", + "KEYEDHASH" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_XOR, TPM2_ALG_SHA512, TPM2_ALG_KEYEDHASH, + "XOR", + "SHA256", + "SHA384", + "SHA512" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_NULL, TPM2_ALG_NULL, TPM2_ALG_SHA512, + "NULL" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SM3_256, TPM2_ALG_ECMQV, TPM2_ALG_NULL, + "SM3_256", + "SM4", + "RSASSA", + "RSAES", + "RSAPSS", + "OAEP", + "ECDSA", + "ECDH", + "SM2", + "ECSCHNORR", + "ECMQV" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_KDF1_SP800_56A, TPM2_ALG_ECC, TPM2_ALG_ECMQV, + "KDF1_SP800_56A", + "KDF2", + "KDF1_SP800_108", + "ECC" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SYMCIPHER, TPM2_ALG_CAMELLIA, TPM2_ALG_ECC, + "SYMCIPHER", + "CAMELLIA" +); +ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_CTR, TPM2_ALG_ECB, TPM2_ALG_CAMELLIA, + "CTR", + "OFB", + "CBC", + "CFB", + "ECB" +); +ENUM_END(tpm_alg_id_names, TPM2_ALG_ECB); + +/** + * TPM 2.0 ECC curve names + */ +ENUM_BEGIN(tpm_ecc_curve_names, TPM2_ECC_NONE, TPM2_ECC_NIST_P521, + "NONE", + "NIST_P192", + "NIST_P224", + "NIST_P256", + "NIST_P384", + "NIST_P521" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_BN_P256, TPM2_ECC_BN_P638, TPM2_ECC_NIST_P521, + "BN_P256", + "BN_P638" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_SM2_P256, TPM2_ECC_SM2_P256, TPM2_ECC_BN_P638, + "SM2_P256" +); +ENUM_END(tpm_ecc_curve_names, TPM2_ECC_SM2_P256); + +#endif /* TSS_TSS2_V2 */ + diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2_v1.c index 90a16c103..9ed2798f7 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2_v1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,7 +16,7 @@ #include "tpm_tss_tss2.h" #include "tpm_tss_tss2_names.h" -#ifdef TSS_TSS2 +#ifdef TSS_TSS2_V1 #include <asn1/asn1.h> #include <asn1/oid.h> @@ -24,9 +24,9 @@ #include <tpm20.h> -#ifdef TSS2_TCTI_TABRMD +#ifdef TSS2_TCTI_TABRMD_V1 #include <tcti/tcti-tabrmd.h> -#endif /* TSS2_TCTI_TABRMD */ +#endif /* TSS2_TCTI_TABRMD_V1 */ #ifdef TSS2_TCTI_SOCKET #include <tcti_socket.h> @@ -828,10 +828,12 @@ METHOD(tpm_tss_t, quote, bool, METHOD(tpm_tss_t, sign, bool, private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle, - signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature) + signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin, + chunk_t *signature) { key_type_t key_type; hash_algorithm_t hash_alg; + rsa_pss_params_t *rsa_pss_params; uint32_t rval; TPM_ALG_ID alg_id; @@ -870,8 +872,17 @@ METHOD(tpm_tss_t, sign, bool, } *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; - key_type = key_type_from_signature_scheme(scheme); - hash_alg = hasher_from_signature_scheme(scheme, NULL); + if (scheme == SIGN_RSA_EMSA_PSS) + { + key_type = KEY_RSA; + rsa_pss_params = (rsa_pss_params_t *)params; + hash_alg = rsa_pss_params->hash; + } + else + { + key_type = key_type_from_signature_scheme(scheme); + hash_alg = hasher_from_signature_scheme(scheme, NULL); + } /* Check if hash algorithm is supported by TPM */ alg_id = hash_alg_to_tpm_alg_id(hash_alg); @@ -890,8 +901,16 @@ METHOD(tpm_tss_t, sign, bool, if (key_type == KEY_RSA && public.t.publicArea.type == TPM_ALG_RSA) { - sig_scheme.scheme = TPM_ALG_RSASSA; - sig_scheme.details.rsassa.hashAlg = alg_id; + if (scheme == SIGN_RSA_EMSA_PSS) + { + sig_scheme.scheme = TPM_ALG_RSAPSS; + sig_scheme.details.rsapss.hashAlg = alg_id; + } + else + { + sig_scheme.scheme = TPM_ALG_RSASSA; + sig_scheme.details.rsassa.hashAlg = alg_id; + } } else if (key_type == KEY_ECDSA && public.t.publicArea.type == TPM_ALG_ECC) { @@ -983,6 +1002,12 @@ METHOD(tpm_tss_t, sign, bool, sig.signature.rsassa.sig.t.buffer, sig.signature.rsassa.sig.t.size)); break; + case SIGN_RSA_EMSA_PSS: + *signature = chunk_clone( + chunk_create( + sig.signature.rsapss.sig.t.buffer, + sig.signature.rsapss.sig.t.size)); + break; case SIGN_ECDSA_256: case SIGN_ECDSA_384: case SIGN_ECDSA_521: @@ -1046,12 +1071,14 @@ METHOD(tpm_tss_t, get_data, bool, private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle, chunk_t pin, chunk_t *data) { - uint16_t nv_size, nv_offset = 0; + uint16_t max_data_size, nv_size, nv_offset = 0; uint32_t rval; + TPMS_CAPABILITY_DATA cap_data; + TPMI_YES_NO more_data; TPM2B_NAME nv_name = { { sizeof(TPM2B_NAME)-2, } }; TPM2B_NV_PUBLIC nv_public = { { 0, } }; - TPM2B_MAX_NV_BUFFER nv_data = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } }; + TPM2B_MAX_NV_BUFFER nv_data = { { MAX_NV_BUFFER_SIZE, } }; TPMS_AUTH_COMMAND session_data_cmd; TPMS_AUTH_RESPONSE session_data_rsp; TSS2_SYS_CMD_AUTHS sessions_data_cmd; @@ -1059,6 +1086,18 @@ METHOD(tpm_tss_t, get_data, bool, TPMS_AUTH_COMMAND *session_data_cmd_array[1]; TPMS_AUTH_RESPONSE *session_data_rsp_array[1]; + /* query maximum TPM data transmission size */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES, + TPM_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for " + "TPM_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval); + return FALSE; + } + max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value, + MAX_NV_BUFFER_SIZE); + /* get size of NV object */ rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public, &nv_name, 0); @@ -1093,11 +1132,11 @@ METHOD(tpm_tss_t, get_data, bool, } *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; - /* read NV data an NV buffer block at a time */ + /* read NV data a maximum data size block at a time */ while (nv_size > 0) { rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, - &sessions_data_cmd, min(nv_size, MAX_NV_BUFFER_SIZE), + &sessions_data_cmd, min(nv_size, max_data_size), nv_offset, &nv_data, &sessions_data_rsp); if (rval != TPM_RC_SUCCESS) @@ -1154,7 +1193,7 @@ tpm_tss_t *tpm_tss_tss2_create() { available = initialize_sys_context(this); } - DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not "); + DBG1(DBG_PTS, "TPM 2.0 via TSS2 v1 %savailable", available ? "" : "not "); if (!available) { @@ -1164,13 +1203,15 @@ tpm_tss_t *tpm_tss_tss2_create() return &this->public; } -#else /* TSS_TSS2 */ +#else /* TSS_TSS2_V1 */ -tpm_tss_t *tpm_tss_tss2_create() +#ifndef TSS_TSS2_V2 +tpm_tss_t *tpm_tss_tss2_create(void) { return NULL; } +#endif /* !TSS_TSS2_V2 */ -#endif /* TSS_TSS2 */ +#endif /* TSS_TSS2_V1 */ diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c new file mode 100644 index 000000000..7cb0d48a9 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_v2.c @@ -0,0 +1,1190 @@ +/* + * Copyright (C) 2018 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss_tss2.h" +#include "tpm_tss_tss2_names.h" + +#ifdef TSS_TSS2_V2 + +#include <asn1/asn1.h> +#include <asn1/oid.h> +#include <bio/bio_reader.h> + +#include <tss2/tss2_sys.h> + +#include <dlfcn.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +#define LABEL "TPM 2.0 -" + +#define PLATFORM_PCR 24 + +typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t; + +/** + * Private data of an tpm_tss_tss2_t object. + */ +struct private_tpm_tss_tss2_t { + + /** + * Public tpm_tss_tss2_t interface. + */ + tpm_tss_t public; + + /** + * TCTI context + */ + TSS2_TCTI_CONTEXT *tcti_context; + + /** + * SYS context + */ + TSS2_SYS_CONTEXT *sys_context; + + /** + * Number of supported algorithms + */ + size_t supported_algs_count; + + /** + * List of supported algorithms + */ + TPM2_ALG_ID supported_algs[TPM2_PT_ALGORITHM_SET]; +}; + +/** + * Global TCTI dynamic library handle and init function + */ +static void *tcti_handle; + +static TSS2_TCTI_INIT_FUNC tcti_init; + +static char *tcti_opts; + +/** + * Empty AUTH_COMMAND + */ +static const TPMS_AUTH_COMMAND auth_cmd_empty; + +/** + * Convert hash algorithm to TPM2_ALG_ID + */ +static TPM2_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return TPM2_ALG_SHA1; + case HASH_SHA256: + return TPM2_ALG_SHA256; + case HASH_SHA384: + return TPM2_ALG_SHA384; + case HASH_SHA512: + return TPM2_ALG_SHA512; + default: + return TPM2_ALG_ERROR; + } +} + +/** + * Convert TPM2_ALG_ID to hash algorithm + */ +static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM2_ALG_ID alg) +{ + switch (alg) + { + case TPM2_ALG_SHA1: + return HASH_SHA1; + case TPM2_ALG_SHA256: + return HASH_SHA256; + case TPM2_ALG_SHA384: + return HASH_SHA384; + case TPM2_ALG_SHA512: + return HASH_SHA512; + default: + return HASH_UNKNOWN; + } +} + +/** + * Check if an algorithm given by its TPM2_ALG_ID is supported by the TPM + */ +static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM2_ALG_ID alg_id) +{ + int i; + + if (alg_id == TPM2_ALG_ERROR) + { + return FALSE; + } + + for (i = 0; i < this->supported_algs_count; i++) + { + if (this->supported_algs[i] == alg_id) + { + return TRUE; + } + } + + return FALSE; +} + +/** + * Get a list of supported algorithms + */ +static bool get_algs_capability(private_tpm_tss_tss2_t *this) +{ + TPMS_CAPABILITY_DATA cap_data; + TPMS_TAGGED_PROPERTY tp; + TPMI_YES_NO more_data; + TPM2_ALG_ID alg; + uint32_t rval, i, offset, revision = 0, year = 0; + size_t len = BUF_LEN; + char buf[BUF_LEN], manufacturer[5], vendor_string[17]; + char *pos = buf; + int written; + + /* get fixed properties */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_FIXED, TPM2_MAX_TPM_PROPERTIES, + &more_data, &cap_data, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_TPM_PROPERTIES: 0x%06x", + LABEL, rval); + return FALSE; + } + memset(manufacturer, '\0', sizeof(manufacturer)); + memset(vendor_string, '\0', sizeof(vendor_string)); + + /* print fixed properties */ + for (i = 0; i < cap_data.data.tpmProperties.count; i++) + { + tp = cap_data.data.tpmProperties.tpmProperty[i]; + switch (tp.property) + { + case TPM2_PT_REVISION: + revision = tp.value; + break; + case TPM2_PT_YEAR: + year = tp.value; + break; + case TPM2_PT_MANUFACTURER: + htoun32(manufacturer, tp.value); + break; + case TPM2_PT_VENDOR_STRING_1: + case TPM2_PT_VENDOR_STRING_2: + case TPM2_PT_VENDOR_STRING_3: + case TPM2_PT_VENDOR_STRING_4: + offset = 4 * (tp.property - TPM2_PT_VENDOR_STRING_1); + htoun32(vendor_string + offset, tp.value); + break; + default: + break; + } + } + DBG2(DBG_PTS, "%s manufacturer: %s (%s) rev: %05.2f %u", LABEL, manufacturer, + vendor_string, (float)revision/100, year); + + /* get supported algorithms */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ALGS, + 0, TPM2_PT_ALGORITHM_SET, &more_data, &cap_data, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_ALGS: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* Number of supported algorithms */ + this->supported_algs_count = cap_data.data.algorithms.count; + + /* store and print supported algorithms */ + for (i = 0; i < this->supported_algs_count; i++) + { + alg = cap_data.data.algorithms.algProperties[i].alg; + this->supported_algs[i] = alg; + + written = snprintf(pos, len, " %N", tpm_alg_id_names, alg); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf); + + /* get supported ECC curves */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ECC_CURVES, + 0, TPM2_PT_LOADED_CURVES, &more_data, &cap_data, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM2_ECC_CURVES: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* reset print buffer */ + pos = buf; + len = BUF_LEN; + + /* print supported ECC curves */ + for (i = 0; i < cap_data.data.eccCurves.count; i++) + { + written = snprintf(pos, len, " %N", tpm_ecc_curve_names, + cap_data.data.eccCurves.eccCurves[i]); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf); + + return TRUE; +} + +/** + * Initialize TSS2 TCTI context + */ +static bool initialize_tcti_context(private_tpm_tss_tss2_t *this) +{ + size_t tcti_context_size; + uint32_t rval; + + if (!tcti_init) + { + return FALSE; + } + + /* determine size of tcti context */ + rval = tcti_init(NULL, &tcti_context_size, tcti_opts); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval); + return FALSE; + } + + /* allocate and initialize memory for tcti context */ + this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + memset(this->tcti_context, 0x00, tcti_context_size); + + /* initialize tcti context */ + rval = tcti_init(this->tcti_context, &tcti_context_size, tcti_opts); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval); + return FALSE; + } + return TRUE; +} + +/** + * Initialize TSS2 Sys context + */ +static bool initialize_sys_context(private_tpm_tss_tss2_t *this) +{ + uint32_t sys_context_size; + uint32_t rval; + + TSS2_ABI_VERSION abi_version = { + .tssCreator = 1, + .tssFamily = 2, + .tssLevel = 1, + .tssVersion = 108 + }; + + /* determine size of sys context */ + sys_context_size = Tss2_Sys_GetContextSize(0); + + /* allocate memory for sys context */ + this->sys_context = (TSS2_SYS_CONTEXT*)malloc(sys_context_size); + + /* initialize sys context */ + rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size, + this->tcti_context, &abi_version); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* get a list of supported algorithms and ECC curves */ + return get_algs_capability(this); +} + +/** + * Finalize TSS context + */ +static void finalize_context(private_tpm_tss_tss2_t *this) +{ + if (this->tcti_context) + { + Tss2_Tcti_Finalize(this->tcti_context); + free(this->tcti_context); + } + if (this->sys_context) + { + Tss2_Sys_Finalize(this->sys_context); + free(this->sys_context); + } +} + +METHOD(tpm_tss_t, get_version, tpm_version_t, + private_tpm_tss_tss2_t *this) +{ + return TPM_VERSION_2_0; +} + +METHOD(tpm_tss_t, get_version_info, chunk_t, + private_tpm_tss_tss2_t *this) +{ + return chunk_empty; +} + +/** + * read the public key portion of a TSS 2.0 AIK key from NVRAM + */ +bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, + TPM2B_PUBLIC *public) +{ + uint32_t rval; + + TPM2B_NAME name = { sizeof(TPM2B_NAME)-2, }; + TPM2B_NAME qualified_name = { sizeof(TPM2B_NAME)-2, }; + TSS2L_SYS_AUTH_RESPONSE auth_rsp; + + + /* read public key for a given object handle from TPM 2.0 NVRAM */ + rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name, + &qualified_name, &auth_rsp); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x", + LABEL, handle, rval); + return FALSE; + } + return TRUE; +} + +METHOD(tpm_tss_t, generate_aik, bool, + private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob, + chunk_t *aik_pubkey, chunk_t *identity_req) +{ + return FALSE; +} + +METHOD(tpm_tss_t, get_public, chunk_t, + private_tpm_tss_tss2_t *this, uint32_t handle) +{ + TPM2B_PUBLIC public = { 0, }; + TPM2_ALG_ID sig_alg, digest_alg; + chunk_t aik_blob, aik_pubkey = chunk_empty; + + if (!read_public(this, handle, &public)) + { + return chunk_empty; + } + + aik_blob = chunk_create((u_char*)&public, sizeof(public)); + DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); + + /* convert TSS 2.0 AIK public key blot into PKCS#1 format */ + switch (public.publicArea.type) + { + case TPM2_ALG_RSA: + { + TPM2B_PUBLIC_KEY_RSA *rsa; + TPMT_RSA_SCHEME *scheme; + chunk_t aik_exponent, aik_modulus; + + scheme = &public.publicArea.parameters.rsaDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + rsa = &public.publicArea.unique.rsa; + aik_modulus = chunk_create(rsa->buffer, rsa->size); + aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); + + /* subjectPublicKeyInfo encoding of AIK RSA key */ + if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, + NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, + CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + { + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " + "failed", LABEL); + return chunk_empty; + } + break; + } + case TPM2_ALG_ECC: + { + TPMS_ECC_POINT *ecc; + TPMT_ECC_SCHEME *scheme; + chunk_t ecc_point; + uint8_t *pos; + + scheme = &public.publicArea.parameters.eccDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + ecc = &public.publicArea.unique.ecc; + + /* allocate space for bit string */ + pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING, + 2 + ecc->x.size + ecc->y.size); + /* bit string length is a multiple of octets */ + *pos++ = 0x00; + /* uncompressed ECC point format */ + *pos++ = 0x04; + /* copy x coordinate of ECC point */ + memcpy(pos, ecc->x.buffer, ecc->x.size); + pos += ecc->x.size; + /* copy y coordinate of ECC point */ + memcpy(pos, ecc->y.buffer, ecc->y.size); + /* subjectPublicKeyInfo encoding of AIK ECC key */ + aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EC_PUBLICKEY), + asn1_build_known_oid(ecc->x.size == 32 ? + OID_PRIME256V1 : OID_SECT384R1)), + ecc_point); + break; + } + default: + DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + return chunk_empty; + } + DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", + tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); + return aik_pubkey; +} + +/** + * Configure a PCR Selection assuming a maximum of 24 registers + */ +static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs, + hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel) +{ + TPM2_ALG_ID alg_id; + uint32_t pcr; + + /* check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, alg); + return FALSE; + } + + /* initialize the PCR Selection structure,*/ + pcr_sel->count = 1; + pcr_sel->pcrSelections[0].hash = alg_id; + pcr_sel->pcrSelections[0].sizeofSelect = 3; + pcr_sel->pcrSelections[0].pcrSelect[0] = 0; + pcr_sel->pcrSelections[0].pcrSelect[1] = 0; + pcr_sel->pcrSelections[0].pcrSelect[2] = 0; + + /* set the selected PCRs */ + for (pcr = 0; pcr < PLATFORM_PCR; pcr++) + { + if (pcrs & (1 << pcr)) + { + pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) ); + } + } + return TRUE; +} + +METHOD(tpm_tss_t, read_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) +{ + TPML_PCR_SELECTION pcr_selection; + TPML_DIGEST pcr_values; + + uint32_t pcr_update_counter, rval; + uint8_t *pcr_value_ptr; + size_t pcr_value_len; + + if (pcr_num >= PLATFORM_PCR) + { + DBG1(DBG_PTS, "%s maximum number of supported PCR is %d", + LABEL, PLATFORM_PCR); + return FALSE; + } + + if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection)) + { + return FALSE; + } + + /* initialize the PCR Digest structure */ + memset(&pcr_values, 0, sizeof(TPML_DIGEST)); + + /* read the PCR value */ + rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection, + &pcr_update_counter, &pcr_selection, &pcr_values, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x", + LABEL, rval); + return FALSE; + } + pcr_value_ptr = (uint8_t *)pcr_values.digests[0].buffer; + pcr_value_len = (size_t) pcr_values.digests[0].size; + + *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len)); + + return TRUE; +} + +METHOD(tpm_tss_t, extend_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg) +{ + uint32_t rval; + TPM2_ALG_ID alg_id; + TPML_DIGEST_VALUES digest_values; + TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } }; + TSS2L_SYS_AUTH_RESPONSE auth_rsp; + + auth_cmd.auths[0].sessionHandle = TPM2_RS_PW; + + /* check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, alg); + return FALSE; + } + + digest_values.count = 1; + digest_values.digests[0].hashAlg = alg_id; + + switch (alg) + { + case HASH_SHA1: + if (data.len != HASH_SIZE_SHA1) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha1, data.ptr, + HASH_SIZE_SHA1); + break; + case HASH_SHA256: + if (data.len != HASH_SIZE_SHA256) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha256, data.ptr, + HASH_SIZE_SHA256); + break; + case HASH_SHA384: + if (data.len != HASH_SIZE_SHA384) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha384, data.ptr, + HASH_SIZE_SHA384); + break; + case HASH_SHA512: + if (data.len != HASH_SIZE_SHA512) + { + return FALSE; + } + memcpy(digest_values.digests[0].digest.sha512, data.ptr, + HASH_SIZE_SHA512); + break; + default: + return FALSE; + } + + /* extend PCR */ + rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &auth_cmd, + &digest_values, &auth_rsp); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x", + LABEL, pcr_num, rval); + return FALSE; + } + + /* get updated PCR value */ + return read_pcr(this, pcr_num, pcr_value, alg); +} + +METHOD(tpm_tss_t, quote, bool, + private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) +{ + chunk_t quoted_chunk, qualified_signer, extra_data, clock_info, + firmware_version, pcr_select, pcr_digest; + hash_algorithm_t pcr_digest_alg; + bio_reader_t *reader; + uint32_t rval; + + TPM2B_DATA qualifying_data; + TPML_PCR_SELECTION pcr_selection; + TPM2B_ATTEST quoted = { sizeof(TPM2B_ATTEST)-2, }; + TPMT_SIG_SCHEME scheme; + TPMT_SIGNATURE sig; + TPMI_ALG_HASH hash_alg; + TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } }; + TSS2L_SYS_AUTH_RESPONSE auth_rsp; + + auth_cmd.auths[0].sessionHandle = TPM2_RS_PW; + + qualifying_data.size = data.len; + memcpy(qualifying_data.buffer, data.ptr, data.len); + + scheme.scheme = TPM2_ALG_NULL; + memset(&sig, 0x00, sizeof(sig)); + + /* set Quote mode */ + *quote_mode = TPM_QUOTE_TPM2; + + if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection)) + { + return FALSE; + } + + rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &auth_cmd, + &qualifying_data, &scheme, &pcr_selection, "ed, + &sig, &auth_rsp); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval); + return FALSE; + } + quoted_chunk = chunk_create(quoted.attestationData, quoted.size); + + reader = bio_reader_create(chunk_skip(quoted_chunk, 6)); + if (!reader->read_data16(reader, &qualified_signer) || + !reader->read_data16(reader, &extra_data) || + !reader->read_data (reader, 17, &clock_info) || + !reader->read_data (reader, 8, &firmware_version) || + !reader->read_data (reader, 10, &pcr_select) || + !reader->read_data16(reader, &pcr_digest)) + { + DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL); + reader->destroy(reader); + return FALSE; + } + reader->destroy(reader); + + DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest); + DBG2(DBG_PTS, "TPM Quote Info: %B", "ed_chunk); + DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer); + DBG2(DBG_PTS, "extraData: %B", &extra_data); + DBG2(DBG_PTS, "clockInfo: %B", &clock_info); + DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version); + DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select); + + /* extract signature */ + switch (sig.sigAlg) + { + case TPM2_ALG_RSASSA: + case TPM2_ALG_RSAPSS: + *quote_sig = chunk_clone( + chunk_create( + sig.signature.rsassa.sig.buffer, + sig.signature.rsassa.sig.size)); + hash_alg = sig.signature.rsassa.hash; + break; + case TPM2_ALG_ECDSA: + case TPM2_ALG_ECDAA: + case TPM2_ALG_SM2: + case TPM2_ALG_ECSCHNORR: + *quote_sig = chunk_cat("cc", + chunk_create( + sig.signature.ecdsa.signatureR.buffer, + sig.signature.ecdsa.signatureR.size), + chunk_create( + sig.signature.ecdsa.signatureS.buffer, + sig.signature.ecdsa.signatureS.size)); + hash_alg = sig.signature.ecdsa.hash; + break; + default: + DBG1(DBG_PTS, "%s unsupported %N signature algorithm", + LABEL, tpm_alg_id_names, sig.sigAlg); + return FALSE; + }; + + DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg); + pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg); + + DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig); + + /* Create and initialize Quote Info object */ + *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg, + pcr_digest); + (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info, + pcr_select); + (*quote_info)->set_version_info(*quote_info, firmware_version); + + return TRUE; +} + +METHOD(tpm_tss_t, sign, bool, + private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle, + signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin, + chunk_t *signature) +{ + key_type_t key_type; + hash_algorithm_t hash_alg; + rsa_pss_params_t *rsa_pss_params; + uint32_t rval; + + TPM2_ALG_ID alg_id; + TPM2B_MAX_BUFFER buffer; + TPM2B_DIGEST hash = { sizeof(TPM2B_DIGEST)-2, }; + TPMT_TK_HASHCHECK validation; + TPM2B_PUBLIC public = { 0, }; + TPMT_SIG_SCHEME sig_scheme; + TPMT_SIGNATURE sig; + TPMS_AUTH_COMMAND *cmd; + TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } }; + TSS2L_SYS_AUTH_RESPONSE auth_rsp; + + cmd = &auth_cmd.auths[0]; + cmd->sessionHandle = TPM2_RS_PW; + + if (pin.len > 0) + { + cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len); + memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size); + } + + if (scheme == SIGN_RSA_EMSA_PSS) + { + key_type = KEY_RSA; + rsa_pss_params = (rsa_pss_params_t *)params; + hash_alg = rsa_pss_params->hash; + } + else + { + key_type = key_type_from_signature_scheme(scheme); + hash_alg = hasher_from_signature_scheme(scheme, NULL); + } + + /* Check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(hash_alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, hash_alg); + return FALSE; + } + + /* Get public key */ + if (!read_public(this, handle, &public)) + { + return FALSE; + } + + if (key_type == KEY_RSA && public.publicArea.type == TPM2_ALG_RSA) + { + if (scheme == SIGN_RSA_EMSA_PSS) + { + sig_scheme.scheme = TPM2_ALG_RSAPSS; + sig_scheme.details.rsapss.hashAlg = alg_id; + } + else + { + sig_scheme.scheme = TPM2_ALG_RSASSA; + sig_scheme.details.rsassa.hashAlg = alg_id; + } + } + else if (key_type == KEY_ECDSA && public.publicArea.type == TPM2_ALG_ECC) + { + sig_scheme.scheme = TPM2_ALG_ECDSA; + sig_scheme.details.ecdsa.hashAlg = alg_id; + + } + else + { + DBG1(DBG_PTS, "%s signature scheme %N not supported by TPM key", + LABEL, signature_scheme_names, scheme); + return FALSE; + } + + if (data.len <= TPM2_MAX_DIGEST_BUFFER) + { + memcpy(buffer.buffer, data.ptr, data.len); + buffer.size = data.len; + + rval = Tss2_Sys_Hash(this->sys_context, 0, &buffer, alg_id, hierarchy, + &hash, &validation, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_Hash failed: 0x%06x", LABEL, rval); + return FALSE; + } + } + else + { + TPMI_DH_OBJECT sequence_handle; + TPM2B_AUTH null_auth; + + null_auth.size = 0; + rval = Tss2_Sys_HashSequenceStart(this->sys_context, 0, &null_auth, + alg_id, &sequence_handle, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_HashSequenceStart failed: 0x%06x", + LABEL, rval); + return FALSE; + } + + while (data.len > 0) + { + buffer.size = min(data.len, TPM2_MAX_DIGEST_BUFFER); + memcpy(buffer.buffer, data.ptr, buffer.size); + data.ptr += buffer.size; + data.len -= buffer.size; + + rval = Tss2_Sys_SequenceUpdate(this->sys_context, sequence_handle, + &auth_cmd, &buffer, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_SequenceUpdate failed: 0x%06x", + LABEL, rval); + return FALSE; + } + } + buffer.size = 0; + + rval = Tss2_Sys_SequenceComplete(this->sys_context, sequence_handle, + &auth_cmd, &buffer, hierarchy, + &hash, &validation, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_SequenceComplete failed: 0x%06x", + LABEL, rval); + return FALSE; + } + } + + rval = Tss2_Sys_Sign(this->sys_context, handle, &auth_cmd, &hash, + &sig_scheme, &validation, &sig, &auth_rsp); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_Sign failed: 0x%06x", LABEL, rval); + return FALSE; + } + + /* extract signature */ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_SHA1: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + *signature = chunk_clone( + chunk_create( + sig.signature.rsassa.sig.buffer, + sig.signature.rsassa.sig.size)); + break; + case SIGN_RSA_EMSA_PSS: + *signature = chunk_clone( + chunk_create( + sig.signature.rsapss.sig.buffer, + sig.signature.rsapss.sig.size)); + break; + case SIGN_ECDSA_256: + case SIGN_ECDSA_384: + case SIGN_ECDSA_521: + *signature = chunk_cat("cc", + chunk_create( + sig.signature.ecdsa.signatureR.buffer, + sig.signature.ecdsa.signatureR.size), + chunk_create( + sig.signature.ecdsa.signatureS.buffer, + sig.signature.ecdsa.signatureS.size)); + break; + case SIGN_ECDSA_WITH_SHA256_DER: + case SIGN_ECDSA_WITH_SHA384_DER: + case SIGN_ECDSA_WITH_SHA512_DER: + *signature = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_integer("c", + chunk_create( + sig.signature.ecdsa.signatureR.buffer, + sig.signature.ecdsa.signatureR.size)), + asn1_integer("c", + chunk_create( + sig.signature.ecdsa.signatureS.buffer, + sig.signature.ecdsa.signatureS.size))); + break; + default: + DBG1(DBG_PTS, "%s unsupported %N signature scheme", + LABEL, signature_scheme_names, scheme); + return FALSE; + }; + + return TRUE; +} + +METHOD(tpm_tss_t, get_random, bool, + private_tpm_tss_tss2_t *this, size_t bytes, uint8_t *buffer) +{ + size_t len, random_len= sizeof(TPM2B_DIGEST)-2; + TPM2B_DIGEST random = { random_len, }; + uint8_t *pos = buffer; + uint32_t rval; + + while (bytes > 0) + { + len = min(bytes, random_len); + + rval = Tss2_Sys_GetRandom(this->sys_context, NULL, len, &random, NULL); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_GetRandom failed: 0x%06x", LABEL, rval); + return FALSE; + } + memcpy(pos, random.buffer, random.size); + pos += random.size; + bytes -= random.size; + } + + return TRUE; +} + +METHOD(tpm_tss_t, get_data, bool, + private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle, + chunk_t pin, chunk_t *data) +{ + uint16_t max_data_size, nv_size, nv_offset = 0; + uint32_t rval; + + TPMS_CAPABILITY_DATA cap_data; + TPMI_YES_NO more_data; + TPM2B_NAME nv_name = { sizeof(TPM2B_NAME)-2, }; + TPM2B_NV_PUBLIC nv_public = { 0, }; + TPM2B_MAX_NV_BUFFER nv_data = { TPM2_MAX_NV_BUFFER_SIZE, }; + TPMS_AUTH_COMMAND *cmd; + TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } }; + TSS2L_SYS_AUTH_RESPONSE auth_rsp; + + /* query maximum TPM data transmission size */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for " + "TPM2_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval); + return FALSE; + } + max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value, + TPM2_MAX_NV_BUFFER_SIZE); + + /* get size of NV object */ + rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public, + &nv_name, 0); + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval); + return FALSE; + } + nv_size = nv_public.nvPublic.dataSize; + *data = chunk_alloc(nv_size); + + /* prepare NV read session */ + cmd = &auth_cmd.auths[0]; + cmd->sessionHandle = TPM2_RS_PW; + + if (pin.len > 0) + { + cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len); + memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size); + } + + /* read NV data a maximum data size block at a time */ + while (nv_size > 0) + { + rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, &auth_cmd, + min(nv_size, max_data_size), nv_offset, &nv_data, &auth_rsp); + + if (rval != TPM2_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval); + chunk_free(data); + return FALSE; + } + memcpy(data->ptr + nv_offset, nv_data.buffer, nv_data.size); + nv_offset += nv_data.size; + nv_size -= nv_data.size; + } + + return TRUE; +} + +METHOD(tpm_tss_t, destroy, void, + private_tpm_tss_tss2_t *this) +{ + finalize_context(this); + free(this); +} + +/** + * See header + */ +tpm_tss_t *tpm_tss_tss2_create() +{ + private_tpm_tss_tss2_t *this; + bool available; + + INIT(this, + .public = { + .get_version = _get_version, + .get_version_info = _get_version_info, + .generate_aik = _generate_aik, + .get_public = _get_public, + .read_pcr = _read_pcr, + .extend_pcr = _extend_pcr, + .quote = _quote, + .sign = _sign, + .get_random = _get_random, + .get_data = _get_data, + .destroy = _destroy, + }, + ); + + available = initialize_tcti_context(this); + if (available) + { + available = initialize_sys_context(this); + } + DBG1(DBG_PTS, "TPM 2.0 via TSS2 v2 %savailable", available ? "" : "not "); + + if (!available) + { + destroy(this); + return NULL; + } + return &this->public; +} + +/** + * See header + */ +bool tpm_tss_tss2_init(void) +{ + TSS2_TCTI_INFO_FUNC infofn; + const TSS2_TCTI_INFO *info; + char tcti_lib_format[] = "libtss2-tcti-%s.so.0"; + char tcti_lib[BUF_LEN]; + char *tcti_names[] = { "device", "tabrmd", "mssim" }; + char *tcti_options[] = { "/dev/tpmrm0", "", "" }; + char *tcti_name; + bool match = FALSE; + struct stat st; + int i = 0; + + /* check for the existence of an in-kernel TPM resource manager */ + if (stat(tcti_options[i], &st)) + { + i = 1; + } + DBG2(DBG_PTS, "%s \"%s\" in-kernel resource manager is %spresent", + LABEL, tcti_options[0], i ? "not " : ""); + + /* select a dynamic TCTI library (device, tabrmd or mssim) */ + tcti_name = lib->settings->get_str(lib->settings, + "%s.plugins.tpm.tcti.name", tcti_names[i], lib->ns); + snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name); + + for (i = 0; i < countof(tcti_names); i++) + { + if (streq(tcti_name, tcti_names[i])) + { + match = TRUE; + break; + } + } + if (!match) + { + DBG1(DBG_PTS, "%s \"%s\" is not a valid TCTI library name", + LABEL, tcti_lib); + return FALSE; + } + + tcti_opts = lib->settings->get_str(lib->settings, + "%s.plugins.tpm.tcti.opts", tcti_options[i], lib->ns); + + /* open the selected dynamic TCTI library */ + tcti_handle = dlopen(tcti_lib, RTLD_LAZY); + if (!tcti_handle) + { + DBG1(DBG_PTS, "%s could not load \"%s\"", LABEL, tcti_lib); + return FALSE; + } + + infofn = (TSS2_TCTI_INFO_FUNC)dlsym(tcti_handle, TSS2_TCTI_INFO_SYMBOL); + if (!infofn) + { + DBG1(DBG_PTS, "%s symbol \"%s\" not found in \"%s\"", LABEL, + TSS2_TCTI_INFO_SYMBOL, tcti_lib); + tpm_tss_tss2_deinit(); + + return FALSE; + } + DBG2(DBG_PTS, "%s \"%s\" successfully loaded", LABEL, tcti_lib); + info = infofn(); + tcti_init = info->init; + + return TRUE; +} + +/** + * See header + */ +void tpm_tss_tss2_deinit(void) +{ + dlclose(tcti_handle); + tcti_handle = NULL; + tcti_init = NULL; + tcti_opts = NULL; +} + +#else /* TSS_TSS2_V2 */ + +/** + * See header + */ +bool tpm_tss_tss2_init(void) +{ + return TRUE; +} + +/** + * See header + */ +void tpm_tss_tss2_deinit(void) +{ + /* empty */ +} + +#endif /* TSS_TSS2_V2 */ + diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index c8450d27f..534e2046c 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -329,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -355,6 +354,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -375,8 +376,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -431,8 +430,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -461,8 +458,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/manager/main.c b/src/manager/main.c index 1ba8b1e04..dbde1c098 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -50,7 +50,7 @@ int main (int arc, char *argv[]) { DBG1(DBG_LIB, "database URI undefined, set manager.database " "in strongswan.conf"); - //return 1; + return 1; } storage = storage_create(database); diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 02b5607b1..ea5da2f98 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -344,6 +343,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -364,8 +365,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -420,8 +419,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,8 +447,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 8b369b38d..bdc792ec2 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -357,6 +356,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -377,8 +378,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -433,8 +432,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -463,8 +460,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 50f939687..ca208a5cf 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -124,7 +124,7 @@ static int sign_crl() char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL; char *basecrl = NULL; char serial[512], *keyid = NULL; - int serial_len = 0; + int serial_len; crl_reason_t reason = CRL_REASON_UNSPECIFIED; time_t thisUpdate, nextUpdate, date = time(NULL); time_t lifetime = 15 * 24 * 60 * 60; @@ -204,7 +204,6 @@ static int sign_crl() } add_revoked(list, chunk_create(serial, serial_len), reason, date); date = time(NULL); - serial_len = 0; reason = CRL_REASON_UNSPECIFIED; continue; case 's': @@ -222,7 +221,6 @@ static int sign_crl() serial_len = chunk.len; add_revoked(list, chunk_create(serial, serial_len), reason, date); date = time(NULL); - serial_len = 0; reason = CRL_REASON_UNSPECIFIED; continue; } diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index 533dfcab1..ce9273439 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -268,7 +268,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -294,6 +293,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -314,8 +315,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -370,8 +369,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -400,8 +397,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index e6815434f..cd207bb38 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 1bab5804f..2fb49b4ef 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 1d5e53241..c0fd915d6 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/sec-updater/Makefile.in b/src/sec-updater/Makefile.in index a434b9d34..b66aab7b9 100644 --- a/src/sec-updater/Makefile.in +++ b/src/sec-updater/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 80fd2c68d..d871a8bcc 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -381,6 +380,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -401,8 +402,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -457,8 +456,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -487,8 +484,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/starter/confread.c b/src/starter/confread.c index 345d0b60b..407ef5e13 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -444,7 +444,7 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key, KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_COMPRESS) break; case KW_MARK: - if (!mark_from_string(value, &conn->mark_in)) + if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in)) { cfg->err++; break; @@ -452,13 +452,13 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key, conn->mark_out = conn->mark_in; break; case KW_MARK_IN: - if (!mark_from_string(value, &conn->mark_in)) + if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in)) { cfg->err++; } break; case KW_MARK_OUT: - if (!mark_from_string(value, &conn->mark_out)) + if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_out)) { cfg->err++; } diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c index d19cee08a..ff7c75bb7 100644 --- a/src/starter/parser/lexer.c +++ b/src/starter/parser/lexer.c @@ -657,7 +657,7 @@ bool conf_parser_open_next_file(parser_helper_t *ctx); static void include_files(parser_helper_t *ctx); /* use start conditions stack */ -/* do not declare unneded functions */ +/* do not declare unneeded functions */ #define YY_NO_INPUT 1 /* don't use global variables, and interact properly with bison */ /* maintain the line number */ diff --git a/src/starter/parser/lexer.l b/src/starter/parser/lexer.l index e10fd1b38..fb23a0f93 100644 --- a/src/starter/parser/lexer.l +++ b/src/starter/parser/lexer.l @@ -30,7 +30,7 @@ static void include_files(parser_helper_t *ctx); /* use start conditions stack */ %option stack -/* do not declare unneded functions */ +/* do not declare unneeded functions */ %option noinput noyywrap /* don't use global variables, and interact properly with bison */ diff --git a/src/starter/starter.c b/src/starter/starter.c index 8ca1af29c..5038429bd 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -650,6 +650,7 @@ int main (int argc, char **argv) */ if (_action_ & FLAG_ACTION_RELOAD) { + _action_ &= ~FLAG_ACTION_RELOAD; if (starter_charon_pid()) { for (conn = cfg->conn_first; conn; conn = conn->next) @@ -679,7 +680,6 @@ int main (int argc, char **argv) } } } - _action_ &= ~FLAG_ACTION_RELOAD; } /* @@ -687,6 +687,7 @@ int main (int argc, char **argv) */ if (_action_ & FLAG_ACTION_UPDATE) { + _action_ &= ~FLAG_ACTION_UPDATE; DBG2(DBG_APP, "Reloading config..."); new_cfg = confread_load(config_file); @@ -767,7 +768,6 @@ int main (int argc, char **argv) confread_free(new_cfg); } } - _action_ &= ~FLAG_ACTION_UPDATE; last_reload = time_monotonic(NULL); } @@ -776,6 +776,7 @@ int main (int argc, char **argv) */ if (_action_ & FLAG_ACTION_START_CHARON) { + _action_ &= ~FLAG_ACTION_START_CHARON; if (!starter_charon_pid()) { DBG2(DBG_APP, "Attempting to start %s...", daemon_name); @@ -786,7 +787,6 @@ int main (int argc, char **argv) } starter_stroke_configure(cfg); } - _action_ &= ~FLAG_ACTION_START_CHARON; for (ca = cfg->ca_first; ca; ca = ca->next) { diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index ce0c7b43c..115c7262d 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -333,6 +332,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -353,8 +354,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -409,8 +408,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -439,8 +436,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index be31bc581..1c15bd305 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -281,7 +281,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -307,6 +306,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -327,8 +328,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -383,8 +382,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -413,8 +410,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in index 28169508a..2bd25a8b0 100644 --- a/src/sw-collector/Makefile.in +++ b/src/sw-collector/Makefile.in @@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -344,6 +343,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -364,8 +365,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -420,8 +419,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -450,8 +447,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index ea7130bbb..c746573f8 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -357,6 +356,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -377,8 +378,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -433,8 +432,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -463,8 +460,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/swanctl/commands/counters.c b/src/swanctl/commands/counters.c index ab386b5d8..909ca4366 100644 --- a/src/swanctl/commands/counters.c +++ b/src/swanctl/commands/counters.c @@ -48,7 +48,7 @@ static int counters(vici_conn_t *conn) vici_res_t *res; command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *name = NULL; - int ret; + int ret = 0; bool all = FALSE, reset = FALSE; while (TRUE) @@ -131,7 +131,7 @@ static int counters(vici_conn_t *conn) } } vici_free_res(res); - return 0; + return ret; } /** diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c index 8e452a6f6..bf8d2cd79 100644 --- a/src/swanctl/commands/initiate.c +++ b/src/swanctl/commands/initiate.c @@ -131,7 +131,7 @@ static void __attribute__ ((constructor))reg() {"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"}, { {"help", 'h', 0, "show usage information"}, - {"child", 'c', 1, "initate a CHILD_SA configuration"}, + {"child", 'c', 1, "initiate a CHILD_SA configuration"}, {"ike", 'i', 1, "name of the connection to which the child belongs"}, {"timeout", 't', 1, "timeout in seconds before detaching"}, {"raw", 'r', 0, "dump raw response message"}, diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c index f692e9966..5f7dd8189 100644 --- a/src/swanctl/commands/list_conns.c +++ b/src/swanctl/commands/list_conns.c @@ -2,7 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * - * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2016-2018 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -199,6 +199,10 @@ CALLBACK(conn_sn, int, { printf(" groups: %s\n", auth->get(auth, "groups")); } + if (auth->get(auth, "cert_policy")) + { + printf(" cert policy: %s\n", auth->get(auth, "cert_policy")); + } if (auth->get(auth, "certs")) { printf(" certs: %s\n", auth->get(auth, "certs")); @@ -234,7 +238,7 @@ CALLBACK(conns, int, void *null, vici_res_t *res, char *name) { int ret; - char *version, *reauth_time, *rekey_time, *dpd_delay; + char *version, *reauth_time, *rekey_time, *dpd_delay, *ppk_id, *ppk_req; hashtable_t *ike; version = vici_find_str(res, "", "%s.version", name); @@ -278,6 +282,14 @@ CALLBACK(conns, int, } printf("\n"); + ppk_id = vici_find_str(res, NULL, "%s.ppk_id", name); + ppk_req = vici_find_str(res, NULL, "%s.ppk_required", name); + if (ppk_id || ppk_req) + { + printf(" ppk: %s%s%srequired\n", ppk_id ?: "", ppk_id ? ", " : "", + !ppk_req || !streq(ppk_req, "yes") ? "not " : ""); + } + ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike); free_hashtable(ike); return ret; diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c index 28602fc65..232f03cc2 100644 --- a/src/swanctl/commands/list_sas.c +++ b/src/swanctl/commands/list_sas.c @@ -266,6 +266,10 @@ CALLBACK(ike_sa, int, } printf("/%s", ike->get(ike, "prf-alg")); printf("/%s", ike->get(ike, "dh-group")); + if (streq(ike->get(ike, "ppk"), "yes")) + { + printf("/PPK"); + } printf("\n"); } diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c index 0010ce140..26f043a6a 100644 --- a/src/swanctl/commands/load_all.c +++ b/src/swanctl/commands/load_all.c @@ -31,8 +31,8 @@ static int load_all(vici_conn_t *conn) bool clear = FALSE, noprompt = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; settings_t *cfg; + char *arg, *file = SWANCTL_CONF; int ret = 0; - char *arg; while (TRUE) { @@ -52,6 +52,9 @@ static int load_all(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'f': + file = arg; + continue; case EOF: break; default: @@ -60,10 +63,10 @@ static int load_all(vici_conn_t *conn) break; } - cfg = settings_create(SWANCTL_CONF); + cfg = settings_create(file); if (!cfg) { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + fprintf(stderr, "parsing '%s' failed\n", file); return EINVAL; } @@ -104,6 +107,7 @@ static void __attribute__ ((constructor))reg() {"noprompt", 'n', 0, "do not prompt for passwords"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"file", 'f', 1, "custom path to swanctl.conf"}, } }); } diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c index d82c0f98e..61682a386 100644 --- a/src/swanctl/commands/load_authorities.c +++ b/src/swanctl/commands/load_authorities.c @@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn) { command_format_options_t format = COMMAND_FORMAT_NONE; settings_t *cfg; - char *arg; + char *arg, *file = SWANCTL_CONF; int ret; while (TRUE) @@ -325,6 +325,9 @@ static int load_authorities(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'f': + file = arg; + continue; case EOF: break; default: @@ -333,10 +336,10 @@ static int load_authorities(vici_conn_t *conn) break; } - cfg = settings_create(SWANCTL_CONF); + cfg = settings_create(file); if (!cfg) { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + fprintf(stderr, "parsing '%s' failed\n", file); return EINVAL; } @@ -360,6 +363,7 @@ static void __attribute__ ((constructor))reg() {"help", 'h', 0, "show usage information"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"file", 'f', 1, "custom path to swanctl.conf"}, } }); } diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index 0518ef54f..dad03945d 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -425,7 +425,7 @@ static int load_conns(vici_conn_t *conn) { command_format_options_t format = COMMAND_FORMAT_NONE; settings_t *cfg; - char *arg; + char *arg, *file = SWANCTL_CONF; int ret; while (TRUE) @@ -440,6 +440,9 @@ static int load_conns(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'f': + file = arg; + continue; case EOF: break; default: @@ -448,10 +451,10 @@ static int load_conns(vici_conn_t *conn) break; } - cfg = settings_create(SWANCTL_CONF); + cfg = settings_create(file); if (!cfg) { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + fprintf(stderr, "parsing '%s' failed\n", file); return EINVAL; } @@ -474,6 +477,7 @@ static void __attribute__ ((constructor))reg() {"help", 'h', 0, "show usage information"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"file", 'f', 1, "custom path to swanctl.conf"}, } }); } diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index 15ef2f151..a9e352f7e 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -665,6 +665,7 @@ static bool load_secret(load_ctx_t *ctx, char *section) "xauth", "ntlm", "ike", + "ppk", "private", "rsa", "ecdsa", @@ -688,7 +689,7 @@ static bool load_secret(load_ctx_t *ctx, char *section) return FALSE; } if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") && - !streq(type, "ike")) + !streq(type, "ike") && !streq(type, "ppk")) { /* skip non-shared secrets */ return TRUE; } @@ -945,7 +946,7 @@ static int load_creds(vici_conn_t *conn) bool clear = FALSE, noprompt = FALSE; command_format_options_t format = COMMAND_FORMAT_NONE; settings_t *cfg; - char *arg; + char *arg, *file = SWANCTL_CONF; int ret; while (TRUE) @@ -966,6 +967,9 @@ static int load_creds(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'f': + file = arg; + continue; case EOF: break; default: @@ -974,10 +978,10 @@ static int load_creds(vici_conn_t *conn) break; } - cfg = settings_create(SWANCTL_CONF); + cfg = settings_create(file); if (!cfg) { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + fprintf(stderr, "parsing '%s' failed\n", file); return EINVAL; } @@ -1002,6 +1006,7 @@ static void __attribute__ ((constructor))reg() {"noprompt", 'n', 0, "do not prompt for passwords"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"file", 'f', 1, "custom path to swanctl.conf"}, } }); } diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index feb8d3a52..ec9508efb 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn) { command_format_options_t format = COMMAND_FORMAT_NONE; settings_t *cfg; - char *arg; + char *arg, *file = SWANCTL_CONF; int ret; while (TRUE) @@ -266,6 +266,9 @@ static int load_pools(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'f': + file = arg; + continue; case EOF: break; default: @@ -274,10 +277,10 @@ static int load_pools(vici_conn_t *conn) break; } - cfg = settings_create(SWANCTL_CONF); + cfg = settings_create(file); if (!cfg) { - fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF); + fprintf(stderr, "parsing '%s' failed\n", file); return EINVAL; } @@ -300,6 +303,7 @@ static void __attribute__ ((constructor))reg() {"help", 'h', 0, "show usage information"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"file", 'f', 1, "custom path to swanctl.conf"}, } }); } diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c index 47a313657..f44ecaa3c 100644 --- a/src/swanctl/commands/rekey.c +++ b/src/swanctl/commands/rekey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2017-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ static int rekey(vici_conn_t *conn) command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL, *ike = NULL; int ret = 0, child_id = 0, ike_id = 0; + bool reauth = FALSE; while (TRUE) { @@ -49,6 +50,9 @@ static int rekey(vici_conn_t *conn) case 'I': ike_id = atoi(arg); continue; + case 'a': + reauth = TRUE; + continue; case EOF: break; default: @@ -74,6 +78,10 @@ static int rekey(vici_conn_t *conn) { vici_add_key_valuef(req, "ike-id", "%d", ike_id); } + if (reauth) + { + vici_add_key_valuef(req, "reauth", "yes"); + } res = vici_submit(req, conn); if (!res) { @@ -111,13 +119,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { rekey, 'R', "rekey", "rekey an SA", {"--child <name> | --ike <name | --child-id <id> | --ike-id <id>", - "[--raw|--pretty]"}, + "[--reauth] [--raw|--pretty]"}, { {"help", 'h', 0, "show usage information"}, {"child", 'c', 1, "rekey by CHILD_SA name"}, {"ike", 'i', 1, "rekey by IKE_SA name"}, {"child-id", 'C', 1, "rekey by CHILD_SA unique identifier"}, {"ike-id", 'I', 1, "rekey by IKE_SA unique identifier"}, + {"reauth", 'a', 0, "reauthenticate instead of rekey an IKEv2 SA"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, } diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 9b87a963a..c50f20dc6 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -56,6 +56,13 @@ # Send certificate payloads (always, never or ifasked). # send_cert = ifasked + # String identifying the Postquantum Preshared Key (PPK) to be used. + # ppk_id = + + # Whether a Postquantum Preshared Key (PPK) is required for this + # connection. + # ppk_required = no + # Number of retransmission sequences to perform during initial connect. # keyingtries = 1 @@ -311,6 +318,14 @@ # Netfilter mark and mask for output traffic. # mark_out = 0/0x00000000 + # Netfilter mark applied to packets after the inbound IPsec SA + # processed them. + # set_mark_in = 0/0x00000000 + + # Netfilter mark applied to packets after the outbound IPsec SA + # processed them. + # set_mark_out = 0/0x00000000 + # Traffic Flow Confidentiality padding. # tfc_padding = 0 @@ -321,6 +336,18 @@ # IPsec implementation. # hw_offload = no + # Whether to copy the DF bit to the outer IPv4 header in tunnel + # mode. + # copy_df = yes + + # Whether to copy the ECN header field to/from the outer IP + # header in tunnel mode. + # copy_ecn = yes + + # Whether to copy the DSCP header field to/from the outer IP + # header in tunnel mode. + # copy_dscp = out + # Action to perform after loading the configuration (none, trap, # start). # start_action = none @@ -379,6 +406,17 @@ # } + # Postquantum Preshared Key (PPK) section for a specific secret. + # ppk<suffix> { + + # Value of the PPK. + # secret = + + # PPK identity the PPK belongs to. + # id<suffix> = + + # } + # Private key decryption passphrase for a key in the private folder. # private<suffix> { diff --git a/src/swanctl/swanctl.conf.5.head.in b/src/swanctl/swanctl.conf.5.head.in index 5742d2593..a14225df0 100644 --- a/src/swanctl/swanctl.conf.5.head.in +++ b/src/swanctl/swanctl.conf.5.head.in @@ -6,8 +6,8 @@ swanctl.conf is the configuration file used by the .BR swanctl (8) tool to load configurations and credentials into the strongSwan IKE daemon. -For a description of the basic file syntax, including how to split the -configuration in multiple files by including other files, refer to +For a description of the basic file syntax, including how to reference sections +or split the configuration in multiple files by including other files, refer to .BR strongswan.conf (5). .SH TIME FORMATS diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 1f7e3a2cc..1f8900959 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -217,6 +217,14 @@ causes certificate payloads to be sent unconditionally whenever certificate authentication is used. .TP +.BR connections.<conn>.ppk_id " []" +String identifying the Postquantum Preshared Key (PPK) to be used. + +.TP +.BR connections.<conn>.ppk_required " [no]" +Whether a Postquantum Preshared Key (PPK) is required for this connection. + +.TP .BR connections.<conn>.keyingtries " [1]" Number of retransmission sequences to perform during initial connect. Instead of giving up initiation after the first retransmission sequence with the default @@ -1127,6 +1135,52 @@ The default mask if omitted is 0xffffffff. .TP +.BR connections.<conn>.children.<child>.set_mark_in " [0/0x00000000]" +Netfilter mark applied to packets after the inbound IPsec SA processed them. +This way it's not necessary to mark packets via Netfilter before decryption or +right afterwards to match policies or process them differently (e.g. via policy +routing). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default +mask if omitted is 0xffffffff. The special value +.RI "" "%same" "" +uses the value (but not +the mask) from +.RB "" "mark_in" "" +as mark value, which can be fixed, +.RI "" "%unique" "" +or +.RI "" "%unique\-dir" "." + + +Setting marks in XFRM input requires Linux 4.19 or higher. + +.TP +.BR connections.<conn>.children.<child>.set_mark_out " [0/0x00000000]" +Netfilter mark applied to packets after the outbound IPsec SA processed them. +This allows processing ESP packets differently than the original traffic (e.g. +via policy routing). + +An additional mask may be appended to the mark, separated by +.RI "" "/" "." +The default +mask if omitted is 0xffffffff. The special value +.RI "" "%same" "" +uses the value (but not +the mask) from +.RB "" "mark_out" "" +as mark value, which can be fixed, +.RI "" "%unique" "" +or +.RI "" "%unique\-dir" "." + + +Setting marks in XFRM output is supported since Linux 4.14. Setting a mask +requires at least Linux 4.19. + +.TP .BR connections.<conn>.children.<child>.tfc_padding " [0]" Pads ESP packets with additional data to have a consistent ESP packet size for improved Traffic Flow Confidentiality. The padding defines the minimum size of @@ -1155,6 +1209,44 @@ enables offloading, if it's supported, but the installation does not fail otherwise. .TP +.BR connections.<conn>.children.<child>.copy_df " [yes]" +Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This +effectively disables Path MTU discovery (PMTUD). Controlling this behavior is +not supported by all kernel interfaces. + +.TP +.BR connections.<conn>.children.<child>.copy_ecn " [yes]" +Whether to copy the ECN (Explicit Congestion Notification) header field to/from +the outer IP header in tunnel mode. Controlling this behavior is not supported +by all kernel interfaces. + +.TP +.BR connections.<conn>.children.<child>.copy_dscp " [out]" +Whether to copy the DSCP (Differentiated Services Field Codepoint) header field +to/from the outer IP header in tunnel mode. The value +.RI "" "out" "" +only copies the +field from the inner to the outer header, the value +.RI "" "in" "" +does the opposite and +only copies the field from the outer to the inner header when decapsulating, the +value +.RI "" "yes" "" +copies the field in both directions, and the value +.RI "" "no" "" +disables +copying the field altogether. Setting this to +.RI "" "yes" "" +or +.RI "" "in" "" +could allow an +attacker to adversely affect other traffic at the receiver, which is why the +default is +.RI "" "out" "." +Controlling this behavior is not supported by all kernel +interfaces. + +.TP .BR connections.<conn>.children.<child>.start_action " [none]" Action to perform after loading the configuration. The default of .RI "" "none" "" @@ -1297,6 +1389,31 @@ prefix, if a secret is shared between multiple peers. .TP +.B secrets.ppk<suffix> +.br +Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is +defined in a unique section having the +.RI "" "ppk" "" +prefix. + +.TP +.BR secrets.ppk<suffix>.secret " []" +Value of the PPK. It may either be an ASCII string, a hex encoded string if +it has a +.RI "" "0x" "" +prefix or a Base64 encoded string if it has a +.RI "" "0s" "" +prefix in its +value. Should have at least 256 bits of entropy for 128\-bit security. + +.TP +.BR secrets.ppk<suffix>.id<suffix> " []" +PPK identity the PPK belongs to. Multiple unique identities may be specified, +each having an +.RI "" "id" "" +prefix, if a secret is shared between multiple peers. + +.TP .B secrets.private<suffix> .br Private key decryption passphrase for a key in the diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 120e5812e..1c1e85e3e 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -188,6 +188,12 @@ connections.<conn>.send_cert = ifasked certificate payloads altogether, _always_ causes certificate payloads to be sent unconditionally whenever certificate authentication is used. +connections.<conn>.ppk_id = + String identifying the Postquantum Preshared Key (PPK) to be used. + +connections.<conn>.ppk_required = no + Whether a Postquantum Preshared Key (PPK) is required for this connection. + connections.<conn>.keyingtries = 1 Number of retransmission sequences to perform during initial connect. @@ -910,6 +916,37 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000 An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. +connections.<conn>.children.<child>.set_mark_in = 0/0x00000000 + Netfilter mark applied to packets after the inbound IPsec SA processed them. + + Netfilter mark applied to packets after the inbound IPsec SA processed them. + This way it's not necessary to mark packets via Netfilter before decryption + or right afterwards to match policies or process them differently (e.g. via + policy routing). + + An additional mask may be appended to the mark, separated by _/_. The + default mask if omitted is 0xffffffff. The special value _%same_ uses + the value (but not the mask) from **mark_in** as mark value, which can be + fixed, _%unique_ or _%unique-dir_. + + Setting marks in XFRM input requires Linux 4.19 or higher. + +connections.<conn>.children.<child>.set_mark_out = 0/0x00000000 + Netfilter mark applied to packets after the outbound IPsec SA processed + them. + + Netfilter mark applied to packets after the outbound IPsec SA processed + them. This allows processing ESP packets differently than the original + traffic (e.g. via policy routing). + + An additional mask may be appended to the mark, separated by _/_. The + default mask if omitted is 0xffffffff. The special value _%same_ uses + the value (but not the mask) from **mark_out** as mark value, which can be + fixed, _%unique_ or _%unique-dir_. + + Setting marks in XFRM output is supported since Linux 4.14. Setting a mask + requires at least Linux 4.19. + connections.<conn>.children.<child>.tfc_padding = 0 Traffic Flow Confidentiality padding. @@ -937,6 +974,35 @@ connections.<conn>.children.<child>.hw_offload = no enables offloading, if it's supported, but the installation does not fail otherwise. +connections.<conn>.children.<child>.copy_df = yes + Whether to copy the DF bit to the outer IPv4 header in tunnel mode. + + Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This + effectively disables Path MTU discovery (PMTUD). Controlling this behavior + is not supported by all kernel interfaces. + +connections.<conn>.children.<child>.copy_ecn = yes + Whether to copy the ECN header field to/from the outer IP header in tunnel + mode. + + Whether to copy the ECN (Explicit Congestion Notification) header field + to/from the outer IP header in tunnel mode. Controlling this behavior is not + supported by all kernel interfaces. + +connections.<conn>.children.<child>.copy_dscp = out + Whether to copy the DSCP header field to/from the outer IP header in tunnel + mode. + + Whether to copy the DSCP (Differentiated Services Field Codepoint) header + field to/from the outer IP header in tunnel mode. The value _out_ only + copies the field from the inner to the outer header, the value _in_ does the + opposite and only copies the field from the outer to the inner header when + decapsulating, the value _yes_ copies the field in both directions, and the + value _no_ disables copying the field altogether. Setting this to _yes_ or + _in_ could allow an attacker to adversely affect other traffic at the + receiver, which is why the default is _out_. Controlling this behavior is + not supported by all kernel interfaces. + connections.<conn>.children.<child>.start_action = none Action to perform after loading the configuration (_none_, _trap_, _start_). @@ -1047,6 +1113,26 @@ secrets.ike<suffix>.id<suffix> = may be specified, each having an _id_ prefix, if a secret is shared between multiple peers. +secrets.ppk<suffix> { # } + Postquantum Preshared Key (PPK) section for a specific secret. + + Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is + defined in a unique section having the _ppk_ prefix. + +secrets.ppk<suffix>.secret = + Value of the PPK. + + Value of the PPK. It may either be an ASCII string, a hex encoded string if + it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in + its value. Should have at least 256 bits of entropy for 128-bit security. + +secrets.ppk<suffix>.id<suffix> = + PPK identity the PPK belongs to. + + PPK identity the PPK belongs to. Multiple unique identities + may be specified, each having an _id_ prefix, if a secret is shared between + multiple peers. + secrets.private<suffix> { # } Private key decryption passphrase for a key in the _private_ folder. diff --git a/src/tpm_extendpcr/Makefile.in b/src/tpm_extendpcr/Makefile.in index 0ce681c69..84867829c 100644 --- a/src/tpm_extendpcr/Makefile.in +++ b/src/tpm_extendpcr/Makefile.in @@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -306,6 +305,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -326,8 +327,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -382,8 +381,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -412,8 +409,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ |