From 25663e04c3ab01ef8dc9f906608282319cfea2db Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 20 Oct 2016 16:18:38 +0200 Subject: New upstream version 5.5.1 --- Android.common.mk | 2 +- Makefile.am | 2 +- Makefile.in | 7 +- NEWS | 36 + conf/Makefile.am | 2 + conf/Makefile.in | 7 +- conf/options/aikpub2.conf | 7 + conf/options/aikpub2.opt | 2 + conf/options/charon-nm.conf | 8 + conf/options/charon-nm.opt | 3 + conf/options/charon.conf | 15 +- conf/options/charon.opt | 15 +- conf/plugins/kernel-netlink.conf | 27 +- conf/plugins/kernel-netlink.opt | 43 +- conf/strongswan.conf.5.main | 69 +- config.h.in | 5 +- configure | 470 ++-- configure.ac | 54 +- init/Makefile.in | 5 +- init/systemd-swanctl/Makefile.in | 5 +- init/systemd/Makefile.in | 5 +- man/Makefile.in | 5 +- man/ipsec.conf.5.in | 36 +- scripts/Makefile.in | 5 +- src/Makefile.in | 5 +- src/_copyright/Makefile.in | 5 +- src/_updown/Makefile.in | 5 +- src/aikgen/Makefile.in | 5 +- src/aikpub2/Makefile.in | 5 +- src/charon-cmd/Makefile.in | 5 +- src/charon-nm/Makefile.am | 5 + src/charon-nm/Makefile.in | 83 +- src/charon-nm/nm-strongswan-service.conf | 15 + src/charon-nm/nm/nm_service.c | 56 +- src/charon-svc/Makefile.in | 5 +- src/charon-systemd/Makefile.in | 5 +- src/charon-tkm/Makefile.in | 5 +- src/charon-tkm/build_common.gpr | 3 +- src/charon-tkm/src/charon-tkm.c | 5 +- src/charon/Makefile.in | 5 +- src/checksum/Makefile.am | 9 + src/checksum/Makefile.in | 65 +- src/conftest/Makefile.in | 5 +- src/dumm/Makefile.in | 5 +- src/include/Makefile.in | 5 +- src/include/linux/xfrm.h | 22 + src/ipsec/Makefile.in | 5 +- src/ipsec/_ipsec.8 | 2 +- src/libcharon/Makefile.am | 7 - src/libcharon/Makefile.in | 141 +- src/libcharon/bus/bus.c | 101 +- src/libcharon/bus/bus.h | 35 +- src/libcharon/bus/listeners/listener.h | 38 +- src/libcharon/config/child_cfg.c | 14 + src/libcharon/config/child_cfg.h | 10 + src/libcharon/config/ike_cfg.h | 2 +- src/libcharon/config/proposal.c | 127 +- src/libcharon/encoding/message.c | 4 +- .../encoding/payloads/proposal_substructure.c | 15 +- src/libcharon/plugins/addrblock/Makefile.in | 5 +- src/libcharon/plugins/android_dns/Makefile.in | 5 +- src/libcharon/plugins/android_log/Makefile.in | 5 +- src/libcharon/plugins/attr/Makefile.in | 5 +- src/libcharon/plugins/attr_sql/Makefile.in | 5 +- src/libcharon/plugins/certexpire/Makefile.in | 5 +- src/libcharon/plugins/connmark/Makefile.in | 5 +- src/libcharon/plugins/coupling/Makefile.in | 5 +- src/libcharon/plugins/dhcp/Makefile.in | 5 +- src/libcharon/plugins/dnscert/Makefile.in | 5 +- src/libcharon/plugins/dnscert/dnscert_cred.c | 19 +- src/libcharon/plugins/duplicheck/Makefile.in | 5 +- src/libcharon/plugins/eap_aka/Makefile.in | 5 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 5 +- src/libcharon/plugins/eap_dynamic/Makefile.in | 5 +- src/libcharon/plugins/eap_gtc/Makefile.in | 5 +- src/libcharon/plugins/eap_identity/Makefile.in | 5 +- src/libcharon/plugins/eap_md5/Makefile.in | 5 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 5 +- src/libcharon/plugins/eap_peap/Makefile.in | 5 +- src/libcharon/plugins/eap_peap/eap_peap_server.c | 4 +- src/libcharon/plugins/eap_radius/Makefile.in | 5 +- src/libcharon/plugins/eap_sim/Makefile.in | 5 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 5 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 5 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 5 +- .../plugins/eap_simaka_reauth/Makefile.in | 5 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 5 +- src/libcharon/plugins/eap_tls/Makefile.in | 5 +- src/libcharon/plugins/eap_tnc/Makefile.in | 5 +- src/libcharon/plugins/eap_ttls/Makefile.in | 5 +- src/libcharon/plugins/error_notify/Makefile.in | 5 +- src/libcharon/plugins/ext_auth/Makefile.in | 5 +- src/libcharon/plugins/farp/Makefile.in | 5 +- src/libcharon/plugins/forecast/Makefile.in | 5 +- src/libcharon/plugins/ha/Makefile.in | 5 +- src/libcharon/plugins/ipseckey/Makefile.in | 5 +- src/libcharon/plugins/ipseckey/ipseckey_cred.c | 28 +- src/libcharon/plugins/kernel_iph/Makefile.in | 5 +- src/libcharon/plugins/kernel_libipsec/Makefile.in | 5 +- src/libcharon/plugins/kernel_netlink/Makefile.in | 5 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 113 +- .../plugins/kernel_netlink/kernel_netlink_net.c | 190 +- src/libcharon/plugins/kernel_pfkey/Makefile.in | 5 +- src/libcharon/plugins/kernel_pfroute/Makefile.in | 5 +- src/libcharon/plugins/kernel_wfp/Makefile.in | 5 +- src/libcharon/plugins/led/Makefile.in | 5 +- src/libcharon/plugins/load_tester/Makefile.in | 5 +- src/libcharon/plugins/lookip/Makefile.in | 5 +- src/libcharon/plugins/maemo/Makefile.am | 29 - src/libcharon/plugins/maemo/Makefile.in | 830 ------- src/libcharon/plugins/maemo/maemo_plugin.c | 87 - src/libcharon/plugins/maemo/maemo_plugin.h | 42 - src/libcharon/plugins/maemo/maemo_service.c | 530 ----- src/libcharon/plugins/maemo/maemo_service.h | 49 - .../plugins/maemo/org.strongswan.charon.service.in | 4 - src/libcharon/plugins/medcli/Makefile.in | 5 +- src/libcharon/plugins/medsrv/Makefile.in | 5 +- src/libcharon/plugins/osx_attr/Makefile.in | 5 +- src/libcharon/plugins/p_cscf/Makefile.in | 5 +- src/libcharon/plugins/radattr/Makefile.in | 5 +- src/libcharon/plugins/resolve/Makefile.in | 5 +- src/libcharon/plugins/smp/Makefile.in | 5 +- src/libcharon/plugins/socket_default/Makefile.in | 5 +- src/libcharon/plugins/socket_dynamic/Makefile.in | 5 +- src/libcharon/plugins/socket_win/Makefile.in | 5 +- src/libcharon/plugins/sql/Makefile.in | 5 +- src/libcharon/plugins/stroke/Makefile.in | 5 +- src/libcharon/plugins/stroke/stroke_cred.c | 12 +- src/libcharon/plugins/stroke/stroke_list.c | 9 + src/libcharon/plugins/stroke/stroke_socket.c | 2 +- src/libcharon/plugins/systime_fix/Makefile.in | 5 +- src/libcharon/plugins/tnc_ifmap/Makefile.in | 5 +- src/libcharon/plugins/tnc_pdp/Makefile.in | 5 +- src/libcharon/plugins/uci/Makefile.in | 5 +- src/libcharon/plugins/unity/Makefile.in | 5 +- src/libcharon/plugins/updown/Makefile.in | 5 +- src/libcharon/plugins/vici/Makefile.am | 1 + src/libcharon/plugins/vici/Makefile.in | 6 +- src/libcharon/plugins/vici/README.md | 13 + src/libcharon/plugins/vici/perl/Makefile.in | 5 +- .../plugins/vici/perl/Vici-Session/README.pod | 15 + .../vici/perl/Vici-Session/lib/Vici/Session.pm | 4 + src/libcharon/plugins/vici/python/Makefile.in | 5 +- src/libcharon/plugins/vici/python/vici/session.py | 11 + src/libcharon/plugins/vici/ruby/Makefile.in | 5 +- src/libcharon/plugins/vici/ruby/lib/vici.rb | 6 + src/libcharon/plugins/vici/vici_config.c | 64 +- src/libcharon/plugins/vici/vici_cred.c | 86 +- src/libcharon/plugins/vici/vici_cred.h | 10 + src/libcharon/plugins/vici/vici_plugin.c | 4 +- src/libcharon/plugins/vici/vici_query.c | 10 + src/libcharon/plugins/whitelist/Makefile.in | 5 +- src/libcharon/plugins/xauth_eap/Makefile.in | 5 +- src/libcharon/plugins/xauth_generic/Makefile.in | 5 +- src/libcharon/plugins/xauth_noauth/Makefile.in | 5 +- src/libcharon/plugins/xauth_pam/Makefile.in | 5 +- src/libcharon/sa/child_sa.c | 41 +- src/libcharon/sa/ike_sa.c | 19 +- src/libcharon/sa/ikev1/keymat_v1.c | 25 +- src/libcharon/sa/ikev1/task_manager_v1.c | 17 +- src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 3 + src/libcharon/sa/ikev1/tasks/quick_mode.c | 40 +- .../sa/ikev2/authenticators/pubkey_authenticator.c | 4 +- src/libcharon/sa/ikev2/keymat_v2.c | 56 +- src/libcharon/sa/ikev2/task_manager_v2.c | 25 +- src/libcharon/sa/ikev2/tasks/child_create.c | 69 +- src/libcharon/sa/ikev2/tasks/ike_init.c | 8 +- src/libcharon/tests/Makefile.in | 5 +- src/libcharon/tests/libcharon_tests.c | 17 + src/libcharon/tests/suites/test_proposal.c | 100 +- src/libfast/Makefile.in | 5 +- src/libimcv/Makefile.in | 5 +- src/libimcv/imv/data.sql | 18 + src/libimcv/plugins/imc_attestation/Makefile.in | 5 +- src/libimcv/plugins/imc_hcd/Makefile.in | 5 +- src/libimcv/plugins/imc_os/Makefile.in | 5 +- src/libimcv/plugins/imc_scanner/Makefile.in | 5 +- src/libimcv/plugins/imc_swid/Makefile.in | 5 +- src/libimcv/plugins/imc_test/Makefile.in | 5 +- src/libimcv/plugins/imv_attestation/Makefile.in | 5 +- src/libimcv/plugins/imv_hcd/Makefile.in | 5 +- src/libimcv/plugins/imv_os/Makefile.in | 5 +- src/libimcv/plugins/imv_scanner/Makefile.in | 5 +- src/libimcv/plugins/imv_swid/Makefile.in | 5 +- src/libimcv/plugins/imv_test/Makefile.in | 5 +- src/libimcv/pts/pts.c | 44 +- src/libipsec/Makefile.in | 5 +- src/libipsec/tests/Makefile.in | 5 +- src/libpttls/Makefile.in | 5 +- src/libradius/Makefile.in | 5 +- src/libsimaka/Makefile.in | 5 +- src/libstrongswan/Android.mk | 2 +- src/libstrongswan/Makefile.am | 45 +- src/libstrongswan/Makefile.in | 494 ++-- src/libstrongswan/asn1/oid.c | 969 ++++---- src/libstrongswan/asn1/oid.h | 40 +- src/libstrongswan/asn1/oid.txt | 11 +- src/libstrongswan/credentials/auth_cfg.c | 11 +- src/libstrongswan/credentials/keys/public_key.c | 64 +- src/libstrongswan/credentials/keys/public_key.h | 26 +- .../credentials/sets/auth_cfg_wrapper.c | 2 +- src/libstrongswan/credentials/sets/mem_cred.c | 38 +- src/libstrongswan/crypto/crypto_factory.c | 110 +- src/libstrongswan/crypto/crypto_factory.h | 42 +- src/libstrongswan/crypto/crypto_tester.c | 155 ++ src/libstrongswan/crypto/crypto_tester.h | 32 + src/libstrongswan/crypto/diffie_hellman.c | 5 +- src/libstrongswan/crypto/diffie_hellman.h | 1 + src/libstrongswan/crypto/hashers/hasher.c | 27 +- src/libstrongswan/crypto/mgf1/mgf1.c | 180 -- src/libstrongswan/crypto/mgf1/mgf1.h | 77 - src/libstrongswan/crypto/mgf1/mgf1_bitspender.c | 208 -- src/libstrongswan/crypto/mgf1/mgf1_bitspender.h | 67 - .../crypto/proposal/proposal_keywords.c | 2 +- .../crypto/proposal/proposal_keywords_static.c | 239 +- .../crypto/proposal/proposal_keywords_static.txt | 1 + src/libstrongswan/crypto/transform.c | 10 +- src/libstrongswan/crypto/transform.h | 1 + src/libstrongswan/crypto/xofs/mgf1.h | 47 + src/libstrongswan/crypto/xofs/xof.c | 27 + src/libstrongswan/crypto/xofs/xof.h | 114 + src/libstrongswan/crypto/xofs/xof_bitspender.c | 213 ++ src/libstrongswan/crypto/xofs/xof_bitspender.h | 69 + src/libstrongswan/library.c | 46 +- src/libstrongswan/math/libnttfft/Makefile.am | 15 + src/libstrongswan/math/libnttfft/Makefile.in | 775 ++++++ src/libstrongswan/math/libnttfft/ntt_fft.c | 207 ++ src/libstrongswan/math/libnttfft/ntt_fft.h | 79 + src/libstrongswan/math/libnttfft/ntt_fft_params.c | 652 +++++ src/libstrongswan/math/libnttfft/ntt_fft_params.h | 115 + src/libstrongswan/math/libnttfft/ntt_fft_reduce.h | 42 + src/libstrongswan/math/libnttfft/tests/Makefile.am | 21 + src/libstrongswan/math/libnttfft/tests/Makefile.in | 888 +++++++ .../math/libnttfft/tests/ntt_fft_tests.c | 60 + .../math/libnttfft/tests/ntt_fft_tests.h | 17 + .../math/libnttfft/tests/suites/test_ntt_fft.c | 154 ++ src/libstrongswan/plugins/acert/Makefile.in | 5 +- src/libstrongswan/plugins/aes/Makefile.in | 5 +- src/libstrongswan/plugins/aesni/Makefile.in | 5 +- src/libstrongswan/plugins/af_alg/Makefile.in | 5 +- src/libstrongswan/plugins/agent/Makefile.in | 5 +- src/libstrongswan/plugins/bliss/Makefile.am | 21 +- src/libstrongswan/plugins/bliss/Makefile.in | 42 +- src/libstrongswan/plugins/bliss/bliss_fft.c | 199 -- src/libstrongswan/plugins/bliss/bliss_fft.h | 71 - src/libstrongswan/plugins/bliss/bliss_fft_params.c | 215 -- src/libstrongswan/plugins/bliss/bliss_fft_params.h | 75 - src/libstrongswan/plugins/bliss/bliss_huffman.c | 2 +- src/libstrongswan/plugins/bliss/bliss_param_set.c | 24 +- src/libstrongswan/plugins/bliss/bliss_param_set.h | 58 +- src/libstrongswan/plugins/bliss/bliss_plugin.c | 16 +- .../plugins/bliss/bliss_private_key.c | 80 +- src/libstrongswan/plugins/bliss/bliss_public_key.c | 42 +- src/libstrongswan/plugins/bliss/bliss_public_key.h | 8 +- src/libstrongswan/plugins/bliss/bliss_sampler.c | 17 +- src/libstrongswan/plugins/bliss/bliss_sampler.h | 6 +- src/libstrongswan/plugins/bliss/bliss_signature.c | 6 +- src/libstrongswan/plugins/bliss/bliss_signature.h | 4 +- src/libstrongswan/plugins/bliss/bliss_utils.c | 18 +- src/libstrongswan/plugins/bliss/bliss_utils.h | 28 +- src/libstrongswan/plugins/bliss/tests/Makefile.am | 3 +- src/libstrongswan/plugins/bliss/tests/Makefile.in | 28 +- .../plugins/bliss/tests/bliss_tests.h | 3 +- .../plugins/bliss/tests/suites/test_bliss_fft.c | 110 - .../bliss/tests/suites/test_bliss_sampler.c | 6 +- .../bliss/tests/suites/test_bliss_signature.c | 4 +- src/libstrongswan/plugins/blowfish/Makefile.in | 5 +- src/libstrongswan/plugins/ccm/Makefile.in | 5 +- src/libstrongswan/plugins/chapoly/Makefile.am | 3 +- src/libstrongswan/plugins/chapoly/Makefile.in | 11 +- src/libstrongswan/plugins/chapoly/chapoly_plugin.c | 3 + src/libstrongswan/plugins/chapoly/chapoly_xof.c | 173 ++ src/libstrongswan/plugins/chapoly/chapoly_xof.h | 49 + src/libstrongswan/plugins/cmac/Makefile.in | 5 +- src/libstrongswan/plugins/constraints/Makefile.in | 5 +- src/libstrongswan/plugins/ctr/Makefile.in | 5 +- src/libstrongswan/plugins/curl/Makefile.in | 5 +- src/libstrongswan/plugins/des/Makefile.in | 5 +- src/libstrongswan/plugins/dnskey/Makefile.in | 5 +- src/libstrongswan/plugins/files/Makefile.in | 5 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 5 +- src/libstrongswan/plugins/gcm/Makefile.in | 5 +- src/libstrongswan/plugins/gcrypt/Makefile.in | 5 +- .../plugins/gcrypt/gcrypt_rsa_private_key.c | 12 +- .../plugins/gcrypt/gcrypt_rsa_public_key.c | 16 +- src/libstrongswan/plugins/gmp/Makefile.in | 5 +- src/libstrongswan/plugins/gmp/gmp_plugin.c | 40 +- .../plugins/gmp/gmp_rsa_private_key.c | 20 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 24 +- src/libstrongswan/plugins/hmac/Makefile.in | 5 +- src/libstrongswan/plugins/keychain/Makefile.in | 5 +- src/libstrongswan/plugins/ldap/Makefile.in | 5 +- src/libstrongswan/plugins/ldap/ldap_fetcher.c | 3 +- src/libstrongswan/plugins/md4/Makefile.in | 5 +- src/libstrongswan/plugins/md5/Makefile.in | 5 +- src/libstrongswan/plugins/mgf1/Makefile.am | 17 + src/libstrongswan/plugins/mgf1/Makefile.in | 791 +++++++ src/libstrongswan/plugins/mgf1/mgf1_plugin.c | 81 + src/libstrongswan/plugins/mgf1/mgf1_plugin.h | 42 + src/libstrongswan/plugins/mgf1/mgf1_xof.c | 285 +++ src/libstrongswan/plugins/mgf1/mgf1_xof.h | 49 + src/libstrongswan/plugins/mysql/Makefile.in | 5 +- src/libstrongswan/plugins/newhope/Makefile.am | 33 + src/libstrongswan/plugins/newhope/Makefile.in | 818 +++++++ src/libstrongswan/plugins/newhope/newhope_ke.c | 622 +++++ src/libstrongswan/plugins/newhope/newhope_ke.h | 50 + src/libstrongswan/plugins/newhope/newhope_noise.c | 160 ++ src/libstrongswan/plugins/newhope/newhope_noise.h | 70 + src/libstrongswan/plugins/newhope/newhope_plugin.c | 78 + src/libstrongswan/plugins/newhope/newhope_plugin.h | 42 + .../plugins/newhope/newhope_reconciliation.c | 217 ++ .../plugins/newhope/newhope_reconciliation.h | 70 + .../plugins/newhope/tests/Makefile.am | 25 + .../plugins/newhope/tests/Makefile.in | 929 ++++++++ .../plugins/newhope/tests/newhope_tests.c | 60 + .../plugins/newhope/tests/newhope_tests.h | 18 + .../plugins/newhope/tests/suites/test_newhope_ke.c | 193 ++ .../newhope/tests/suites/test_newhope_noise.c | 676 ++++++ .../tests/suites/test_newhope_reconciliation.c | 344 +++ src/libstrongswan/plugins/nonce/Makefile.in | 5 +- src/libstrongswan/plugins/ntru/Makefile.in | 5 +- src/libstrongswan/plugins/ntru/ntru_ke.c | 13 +- src/libstrongswan/plugins/ntru/ntru_param_set.c | 6 +- src/libstrongswan/plugins/ntru/ntru_param_set.h | 96 +- src/libstrongswan/plugins/ntru/ntru_plugin.c | 14 +- src/libstrongswan/plugins/ntru/ntru_poly.c | 13 +- src/libstrongswan/plugins/ntru/ntru_poly.h | 9 +- src/libstrongswan/plugins/ntru/ntru_private_key.c | 39 +- src/libstrongswan/plugins/ntru/ntru_private_key.h | 3 +- src/libstrongswan/plugins/ntru/ntru_public_key.c | 18 +- src/libstrongswan/plugins/ntru/ntru_public_key.h | 2 +- src/libstrongswan/plugins/ntru/ntru_trits.c | 11 +- src/libstrongswan/plugins/ntru/ntru_trits.h | 8 +- src/libstrongswan/plugins/openssl/Makefile.in | 5 +- .../plugins/openssl/openssl_ec_private_key.c | 25 +- .../plugins/openssl/openssl_ec_private_key.h | 14 +- src/libstrongswan/plugins/openssl/openssl_gcm.c | 6 +- src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 4 - src/libstrongswan/plugins/openssl/openssl_plugin.c | 70 +- .../plugins/openssl/openssl_rsa_private_key.c | 41 +- .../plugins/openssl/openssl_rsa_private_key.h | 14 +- .../plugins/openssl/openssl_rsa_public_key.c | 12 +- src/libstrongswan/plugins/openssl/openssl_util.h | 7 + src/libstrongswan/plugins/padlock/Makefile.in | 5 +- .../plugins/padlock/padlock_sha1_hasher.c | 11 +- src/libstrongswan/plugins/pem/Makefile.in | 5 +- src/libstrongswan/plugins/pgp/Makefile.in | 5 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 5 +- src/libstrongswan/plugins/pkcs1/pkcs1_builder.c | 72 +- src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 6 +- src/libstrongswan/plugins/pkcs11/Makefile.in | 5 +- .../plugins/pkcs11/pkcs11_private_key.c | 164 +- src/libstrongswan/plugins/pkcs12/Makefile.in | 5 +- src/libstrongswan/plugins/pkcs7/Makefile.in | 5 +- src/libstrongswan/plugins/pkcs8/Makefile.in | 5 +- src/libstrongswan/plugins/plugin_feature.c | 21 + src/libstrongswan/plugins/plugin_feature.h | 6 + src/libstrongswan/plugins/pubkey/Makefile.in | 5 +- src/libstrongswan/plugins/random/Makefile.in | 5 +- src/libstrongswan/plugins/rc2/Makefile.in | 5 +- src/libstrongswan/plugins/rdrand/Makefile.in | 5 +- src/libstrongswan/plugins/revocation/Makefile.in | 5 +- .../plugins/revocation/revocation_validator.c | 35 +- src/libstrongswan/plugins/sha1/Makefile.in | 5 +- src/libstrongswan/plugins/sha2/Makefile.in | 5 +- src/libstrongswan/plugins/sha3/Makefile.am | 5 +- src/libstrongswan/plugins/sha3/Makefile.in | 15 +- src/libstrongswan/plugins/sha3/sha3_hasher.c | 447 +--- src/libstrongswan/plugins/sha3/sha3_keccak.c | 498 ++++ src/libstrongswan/plugins/sha3/sha3_keccak.h | 82 + src/libstrongswan/plugins/sha3/sha3_plugin.c | 6 +- src/libstrongswan/plugins/sha3/sha3_shake.c | 143 ++ src/libstrongswan/plugins/sha3/sha3_shake.h | 48 + src/libstrongswan/plugins/soup/Makefile.in | 5 +- src/libstrongswan/plugins/sqlite/Makefile.in | 5 +- src/libstrongswan/plugins/sshkey/Makefile.in | 5 +- src/libstrongswan/plugins/test_vectors/Makefile.am | 2 + src/libstrongswan/plugins/test_vectors/Makefile.in | 28 +- .../plugins/test_vectors/test_vectors.h | 15 + .../test_vectors/test_vectors/chacha20_xof.c | 81 + .../plugins/test_vectors/test_vectors/sha3.c | 1 - .../plugins/test_vectors/test_vectors/sha3_shake.c | 472 ++++ .../plugins/test_vectors/test_vectors_plugin.c | 16 + src/libstrongswan/plugins/unbound/Makefile.in | 5 +- .../plugins/unbound/unbound_response.c | 3 +- src/libstrongswan/plugins/unbound/unbound_rr.c | 2 + src/libstrongswan/plugins/winhttp/Makefile.in | 5 +- src/libstrongswan/plugins/x509/Makefile.in | 5 +- src/libstrongswan/plugins/xcbc/Makefile.in | 5 +- src/libstrongswan/processing/watcher.c | 120 +- src/libstrongswan/tests/Makefile.in | 5 +- src/libstrongswan/tests/suites/test_auth_cfg.c | 18 +- src/libstrongswan/tests/suites/test_hasher.c | 50 +- src/libstrongswan/tests/suites/test_mgf1.c | 88 +- src/libstrongswan/tests/suites/test_ntru.c | 16 +- src/libstrongswan/tests/suites/test_rsa.c | 8 +- src/libstrongswan/tests/suites/test_utils.c | 23 +- src/libstrongswan/tests/tests.h | 4 +- src/libstrongswan/utils/leak_detective.c | 24 +- src/libstrongswan/utils/utils.h | 6 +- src/libstrongswan/utils/utils/byteorder.h | 42 + src/libtls/Makefile.in | 5 +- src/libtls/tests/Makefile.in | 5 +- src/libtls/tls_crypto.c | 20 +- src/libtnccs/Makefile.in | 5 +- src/libtnccs/plugins/tnc_imc/Makefile.in | 5 +- src/libtnccs/plugins/tnc_imv/Makefile.in | 5 +- src/libtnccs/plugins/tnc_tnccs/Makefile.in | 5 +- src/libtnccs/plugins/tnccs_11/Makefile.in | 5 +- src/libtnccs/plugins/tnccs_20/Makefile.in | 5 +- src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 5 +- src/libtncif/Makefile.in | 5 +- src/libtpmtss/Makefile.am | 5 +- src/libtpmtss/Makefile.in | 13 +- src/libtpmtss/tpm_tss_tss2.c | 7 +- src/libtpmtss/tpm_tss_tss2_names.c | 2 +- src/manager/Makefile.in | 5 +- src/medsrv/Makefile.in | 5 +- src/pki/Makefile.in | 5 +- src/pki/commands/issue.c | 7 +- src/pki/commands/keyid.c | 20 +- src/pki/commands/print.c | 16 +- src/pki/commands/pub.c | 11 +- src/pki/commands/req.c | 10 +- src/pki/commands/self.c | 8 +- src/pki/commands/signcrl.c | 18 +- src/pki/commands/verify.c | 18 +- src/pki/man/Makefile.in | 5 +- src/pki/man/pki---issue.1.in | 7 +- src/pki/man/pki---keyid.1.in | 7 +- src/pki/man/pki---print.1.in | 9 +- src/pki/man/pki---pub.1.in | 7 +- src/pki/man/pki---req.1.in | 3 +- src/pki/man/pki---self.1.in | 3 +- src/pki/man/pki---verify.1.in | 6 +- src/pool/Makefile.in | 5 +- src/pool/pool.c | 59 +- src/pt-tls-client/Makefile.in | 5 +- src/pt-tls-client/pt-tls-client.c | 30 +- src/scepclient/Makefile.in | 5 +- src/starter/Makefile.am | 7 +- src/starter/Makefile.in | 12 +- src/starter/confread.c | 1 + src/starter/ipsec.secrets | 1 + src/starter/starter.c | 66 - src/starter/tests/Makefile.in | 5 +- src/stroke/Makefile.in | 5 +- src/swanctl/Makefile.am | 2 + src/swanctl/Makefile.in | 12 +- src/swanctl/command.h | 2 +- src/swanctl/commands/flush_certs.c | 90 + src/swanctl/commands/load_conns.c | 2 +- src/swanctl/commands/load_creds.c | 15 +- src/swanctl/swanctl.8.in | 7 +- src/swanctl/swanctl.conf | 17 +- src/swanctl/swanctl.conf.5.main | 63 +- src/swanctl/swanctl.h | 6 + src/swanctl/swanctl.opt | 41 +- testing/Makefile.in | 5 +- testing/config/kernel/config-4.7 | 2460 +++++++++++++++++++ testing/config/kernel/config-4.8 | 2484 ++++++++++++++++++++ testing/config/kvm/winnetou.xml | 5 + testing/do-tests | 137 +- testing/hosts/default/etc/ssh/sshd_config | 1 + .../etc/apache2/sites-available/000-default.conf | 3 + testing/hosts/winnetou/etc/openssl/generate-crl | 9 + testing/hosts/winnetou/etc/openssl/index.txt | 9 +- testing/hosts/winnetou/etc/openssl/index.txt.old | 9 +- testing/hosts/winnetou/etc/openssl/newcerts/35.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/36.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/37.pem | 25 + testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- .../winnetou/etc/openssl/sha3-rsa/carolCert.pem | 28 + .../winnetou/etc/openssl/sha3-rsa/carolKey.pem | 39 + .../winnetou/etc/openssl/sha3-rsa/daveCert.pem | 28 + .../winnetou/etc/openssl/sha3-rsa/daveKey.pem | 39 + .../winnetou/etc/openssl/sha3-rsa/moonCert.pem | 28 + .../winnetou/etc/openssl/sha3-rsa/moonKey.pem | 39 + .../etc/openssl/sha3-rsa/strongswanCert.pem | 26 + .../etc/openssl/sha3-rsa/strongswanKey.pem | 39 + .../winnetou/etc/openssl/sha3-rsa/sunCert.pem | 28 + .../hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem | 39 + testing/hosts/winnetou/etc/strongswan.conf | 5 + testing/scripts/build-guestimages | 4 + testing/scripts/recipes/013_strongswan.mk | 3 +- testing/ssh_config | 1 + testing/start-testing | 5 + testing/stop-testing | 4 + testing/testing.conf | 6 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 3 +- .../rw-ntru-psk/hosts/carol/etc/strongswan.conf | 2 +- .../rw-ntru-psk/hosts/dave/etc/strongswan.conf | 2 +- .../rw-ntru-psk/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf | 1 - .../crl-from-cache/hosts/moon/etc/strongswan.conf | 2 + .../ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf | 1 - .../crl-to-cache/hosts/moon/etc/strongswan.conf | 2 + testing/tests/ikev2/default-keys/description.txt | 8 - testing/tests/ikev2/default-keys/evaltest.dat | 9 - .../ikev2/default-keys/hosts/carol/etc/ipsec.conf | 21 - .../default-keys/hosts/carol/etc/strongswan.conf | 9 - .../ikev2/default-keys/hosts/moon/etc/ipsec.conf | 21 - .../default-keys/hosts/moon/etc/iptables.rules | 30 - .../default-keys/hosts/moon/etc/strongswan.conf | 9 - testing/tests/ikev2/default-keys/posttest.dat | 8 - testing/tests/ikev2/default-keys/pretest.dat | 20 - testing/tests/ikev2/default-keys/test.conf | 21 - testing/tests/ikev2/net2net-cert-sha2/evaltest.dat | 4 +- .../tests/ikev2/net2net-multicast/description.txt | 7 + testing/tests/ikev2/net2net-multicast/evaltest.dat | 16 + .../net2net-multicast/hosts/moon/etc/ipsec.conf | 23 + .../hosts/moon/etc/strongswan.conf | 13 + .../net2net-multicast/hosts/sun/etc/ipsec.conf | 23 + .../hosts/sun/etc/strongswan.conf | 13 + testing/tests/ikev2/net2net-multicast/posttest.dat | 2 + testing/tests/ikev2/net2net-multicast/pretest.dat | 7 + testing/tests/ikev2/net2net-multicast/test.conf | 21 + .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../tests/ikev2/rw-newhope-bliss/description.txt | 15 + testing/tests/ikev2/rw-newhope-bliss/evaltest.dat | 26 + .../rw-newhope-bliss/hosts/carol/etc/ipsec.conf | 26 + .../etc/ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../hosts/carol/etc/ipsec.d/certs/carolCert.der | Bin 0 -> 2175 bytes .../hosts/carol/etc/ipsec.d/private/carolKey.der | Bin 0 -> 1182 bytes .../rw-newhope-bliss/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 7 + .../rw-newhope-bliss/hosts/dave/etc/ipsec.conf | 26 + .../etc/ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../hosts/dave/etc/ipsec.d/certs/daveCert.der | Bin 0 -> 2179 bytes .../hosts/dave/etc/ipsec.d/private/daveKey.der | Bin 0 -> 1310 bytes .../rw-newhope-bliss/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 7 + .../rw-newhope-bliss/hosts/moon/etc/ipsec.conf | 26 + .../etc/ipsec.d/cacerts/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../hosts/moon/etc/ipsec.d/certs/moonCert.der | Bin 0 -> 2200 bytes .../hosts/moon/etc/ipsec.d/private/moonKey.der | Bin 0 -> 1310 bytes .../rw-newhope-bliss/hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 7 + testing/tests/ikev2/rw-newhope-bliss/posttest.dat | 9 + testing/tests/ikev2/rw-newhope-bliss/pretest.dat | 14 + testing/tests/ikev2/rw-newhope-bliss/test.conf | 21 + .../rw-ntru-bliss/hosts/carol/etc/strongswan.conf | 2 +- .../rw-ntru-bliss/hosts/dave/etc/strongswan.conf | 2 +- .../rw-ntru-bliss/hosts/moon/etc/strongswan.conf | 2 +- .../rw-ntru-psk/hosts/carol/etc/strongswan.conf | 2 +- .../rw-ntru-psk/hosts/dave/etc/strongswan.conf | 2 +- .../rw-ntru-psk/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-sig-auth/evaltest.dat | 4 +- .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 36 +- .../carol/etc/ipsec.d/private/carolKey-aes192.pem | 52 +- .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 36 +- .../dave/etc/ipsec.d/private/daveKey-aes256.pem | 52 +- .../moon/etc/ipsec.d/certs/moonCert-sha224.pem | 36 +- .../moon/etc/ipsec.d/private/moonKey-aes128.pem | 52 +- .../rw-suite-b/hosts/carol/etc/strongswan.conf | 2 +- .../rw-suite-b/hosts/dave/etc/strongswan.conf | 2 +- .../rw-suite-b/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/swanctl/crl-to-cache/description.txt | 8 + testing/tests/swanctl/crl-to-cache/evaltest.dat | 8 + .../crl-to-cache/hosts/carol/etc/strongswan.conf | 16 + .../hosts/carol/etc/swanctl/swanctl.conf | 23 + .../hosts/carol/etc/swanctl/x509/carolCert.pem | 22 + .../crl-to-cache/hosts/moon/etc/strongswan.conf | 16 + .../hosts/moon/etc/swanctl/swanctl.conf | 21 + .../hosts/moon/etc/swanctl/x509/moonCert.pem | 22 + testing/tests/swanctl/crl-to-cache/posttest.dat | 4 + testing/tests/swanctl/crl-to-cache/pretest.dat | 5 + testing/tests/swanctl/crl-to-cache/test.conf | 24 + .../hosts/moon/etc/swanctl/swanctl.conf | 11 +- .../swanctl/net2net-multicast/description.txt | 7 + .../tests/swanctl/net2net-multicast/evaltest.dat | 14 + .../hosts/moon/etc/strongswan.conf | 22 + .../hosts/moon/etc/swanctl/swanctl.conf | 35 + .../hosts/sun/etc/strongswan.conf | 18 + .../hosts/sun/etc/swanctl/swanctl.conf | 35 + .../tests/swanctl/net2net-multicast/posttest.dat | 3 + .../tests/swanctl/net2net-multicast/pretest.dat | 7 + testing/tests/swanctl/net2net-multicast/test.conf | 25 + .../swanctl/net2net-sha3-rsa-cert/description.txt | 8 + .../swanctl/net2net-sha3-rsa-cert/evaltest.dat | 5 + .../hosts/moon/etc/strongswan.conf | 14 + .../hosts/moon/etc/swanctl/rsa/moonKey.pem | 39 + .../hosts/moon/etc/swanctl/swanctl.conf | 33 + .../hosts/moon/etc/swanctl/x509/moonCert.pem | 28 + .../moon/etc/swanctl/x509ca/strongswanCert.pem | 26 + .../hosts/sun/etc/strongswan.conf | 14 + .../hosts/sun/etc/swanctl/rsa/sunKey.pem | 39 + .../hosts/sun/etc/swanctl/swanctl.conf | 33 + .../hosts/sun/etc/swanctl/x509/sunCert.pem | 28 + .../sun/etc/swanctl/x509ca/strongswanCert.pem | 26 + .../swanctl/net2net-sha3-rsa-cert/posttest.dat | 5 + .../swanctl/net2net-sha3-rsa-cert/pretest.dat | 7 + .../tests/swanctl/net2net-sha3-rsa-cert/test.conf | 25 + .../swanctl/rw-eap-tls-sha3-rsa/description.txt | 8 + .../tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat | 10 + .../hosts/carol/etc/strongswan.conf | 18 + .../hosts/carol/etc/swanctl/rsa/carolKey.pem | 39 + .../hosts/carol/etc/swanctl/swanctl.conf | 28 + .../hosts/carol/etc/swanctl/x509/carolCert.pem | 28 + .../carol/etc/swanctl/x509ca/strongswanCert.pem | 26 + .../hosts/dave/etc/strongswan.conf | 18 + .../hosts/dave/etc/swanctl/rsa/daveKey.pem | 39 + .../hosts/dave/etc/swanctl/swanctl.conf | 28 + .../hosts/dave/etc/swanctl/x509/daveCert.pem | 28 + .../dave/etc/swanctl/x509ca/strongswanCert.pem | 26 + .../hosts/moon/etc/strongswan.conf | 14 + .../hosts/moon/etc/swanctl/rsa/moonKey.pem | 39 + .../hosts/moon/etc/swanctl/swanctl.conf | 26 + .../hosts/moon/etc/swanctl/x509/moonCert.pem | 28 + .../moon/etc/swanctl/x509ca/strongswanCert.pem | 26 + .../tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat | 8 + .../tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat | 11 + .../tests/swanctl/rw-eap-tls-sha3-rsa/test.conf | 25 + .../tests/swanctl/rw-newhope-bliss/description.txt | 14 + .../tests/swanctl/rw-newhope-bliss/evaltest.dat | 10 + .../hosts/carol/etc/strongswan.conf | 17 + .../hosts/carol/etc/swanctl/bliss/carolKey.der | Bin 0 -> 1182 bytes .../hosts/carol/etc/swanctl/swanctl.conf | 29 + .../hosts/carol/etc/swanctl/x509/carolCert.der | Bin 0 -> 2175 bytes .../etc/swanctl/x509ca/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../hosts/dave/etc/strongswan.conf | 17 + .../hosts/dave/etc/swanctl/bliss/daveKey.der | Bin 0 -> 1310 bytes .../hosts/dave/etc/swanctl/swanctl.conf | 29 + .../hosts/dave/etc/swanctl/x509/daveCert.der | Bin 0 -> 2179 bytes .../etc/swanctl/x509ca/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../hosts/moon/etc/strongswan.conf | 18 + .../hosts/moon/etc/swanctl/bliss/moonKey.der | Bin 0 -> 1310 bytes .../hosts/moon/etc/swanctl/swanctl.conf | 33 + .../hosts/moon/etc/swanctl/x509/moonCert.der | Bin 0 -> 2200 bytes .../etc/swanctl/x509ca/strongswan_blissCert.der | Bin 0 -> 2086 bytes .../tests/swanctl/rw-newhope-bliss/posttest.dat | 8 + testing/tests/swanctl/rw-newhope-bliss/pretest.dat | 14 + testing/tests/swanctl/rw-newhope-bliss/test.conf | 25 + .../rw-ntru-bliss/hosts/carol/etc/strongswan.conf | 2 +- .../rw-ntru-bliss/hosts/dave/etc/strongswan.conf | 2 +- .../rw-ntru-bliss/hosts/moon/etc/strongswan.conf | 2 +- 646 files changed, 23447 insertions(+), 6549 deletions(-) create mode 100644 conf/options/aikpub2.conf create mode 100644 conf/options/aikpub2.opt create mode 100644 conf/options/charon-nm.conf create mode 100644 conf/options/charon-nm.opt create mode 100644 src/charon-nm/nm-strongswan-service.conf delete mode 100644 src/libcharon/plugins/maemo/Makefile.am delete mode 100644 src/libcharon/plugins/maemo/Makefile.in delete mode 100644 src/libcharon/plugins/maemo/maemo_plugin.c delete mode 100644 src/libcharon/plugins/maemo/maemo_plugin.h delete mode 100644 src/libcharon/plugins/maemo/maemo_service.c delete mode 100644 src/libcharon/plugins/maemo/maemo_service.h delete mode 100644 src/libcharon/plugins/maemo/org.strongswan.charon.service.in delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1.c delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1.h delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1_bitspender.c delete mode 100644 src/libstrongswan/crypto/mgf1/mgf1_bitspender.h create mode 100644 src/libstrongswan/crypto/xofs/mgf1.h create mode 100644 src/libstrongswan/crypto/xofs/xof.c create mode 100644 src/libstrongswan/crypto/xofs/xof.h create mode 100644 src/libstrongswan/crypto/xofs/xof_bitspender.c create mode 100644 src/libstrongswan/crypto/xofs/xof_bitspender.h create mode 100644 src/libstrongswan/math/libnttfft/Makefile.am create mode 100644 src/libstrongswan/math/libnttfft/Makefile.in create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft.c create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft.h create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_params.c create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_params.h create mode 100644 src/libstrongswan/math/libnttfft/ntt_fft_reduce.h create mode 100644 src/libstrongswan/math/libnttfft/tests/Makefile.am create mode 100644 src/libstrongswan/math/libnttfft/tests/Makefile.in create mode 100644 src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c create mode 100644 src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h create mode 100644 src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft.c delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft.h delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft_params.c delete mode 100644 src/libstrongswan/plugins/bliss/bliss_fft_params.h delete mode 100644 src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c create mode 100644 src/libstrongswan/plugins/chapoly/chapoly_xof.c create mode 100644 src/libstrongswan/plugins/chapoly/chapoly_xof.h create mode 100644 src/libstrongswan/plugins/mgf1/Makefile.am create mode 100644 src/libstrongswan/plugins/mgf1/Makefile.in create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_plugin.c create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_plugin.h create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_xof.c create mode 100644 src/libstrongswan/plugins/mgf1/mgf1_xof.h create mode 100644 src/libstrongswan/plugins/newhope/Makefile.am create mode 100644 src/libstrongswan/plugins/newhope/Makefile.in create mode 100644 src/libstrongswan/plugins/newhope/newhope_ke.c create mode 100644 src/libstrongswan/plugins/newhope/newhope_ke.h create mode 100644 src/libstrongswan/plugins/newhope/newhope_noise.c create mode 100644 src/libstrongswan/plugins/newhope/newhope_noise.h create mode 100644 src/libstrongswan/plugins/newhope/newhope_plugin.c create mode 100644 src/libstrongswan/plugins/newhope/newhope_plugin.h create mode 100644 src/libstrongswan/plugins/newhope/newhope_reconciliation.c create mode 100644 src/libstrongswan/plugins/newhope/newhope_reconciliation.h create mode 100644 src/libstrongswan/plugins/newhope/tests/Makefile.am create mode 100644 src/libstrongswan/plugins/newhope/tests/Makefile.in create mode 100644 src/libstrongswan/plugins/newhope/tests/newhope_tests.c create mode 100644 src/libstrongswan/plugins/newhope/tests/newhope_tests.h create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c create mode 100644 src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c create mode 100644 src/libstrongswan/plugins/sha3/sha3_keccak.c create mode 100644 src/libstrongswan/plugins/sha3/sha3_keccak.h create mode 100644 src/libstrongswan/plugins/sha3/sha3_shake.c create mode 100644 src/libstrongswan/plugins/sha3/sha3_shake.h create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c create mode 100644 src/starter/ipsec.secrets create mode 100644 src/swanctl/commands/flush_certs.c create mode 100644 testing/config/kernel/config-4.7 create mode 100644 testing/config/kernel/config-4.8 create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/35.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/36.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/37.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/carolCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/carolKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/daveCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/daveKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/moonCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/moonKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/sunCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem create mode 100644 testing/hosts/winnetou/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/default-keys/description.txt delete mode 100644 testing/tests/ikev2/default-keys/evaltest.dat delete mode 100644 testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules delete mode 100644 testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/default-keys/posttest.dat delete mode 100644 testing/tests/ikev2/default-keys/pretest.dat delete mode 100644 testing/tests/ikev2/default-keys/test.conf create mode 100644 testing/tests/ikev2/net2net-multicast/description.txt create mode 100644 testing/tests/ikev2/net2net-multicast/evaltest.dat create mode 100644 testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-multicast/posttest.dat create mode 100644 testing/tests/ikev2/net2net-multicast/pretest.dat create mode 100644 testing/tests/ikev2/net2net-multicast/test.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/description.txt create mode 100644 testing/tests/ikev2/rw-newhope-bliss/evaltest.dat create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-newhope-bliss/posttest.dat create mode 100644 testing/tests/ikev2/rw-newhope-bliss/pretest.dat create mode 100644 testing/tests/ikev2/rw-newhope-bliss/test.conf create mode 100644 testing/tests/swanctl/crl-to-cache/description.txt create mode 100644 testing/tests/swanctl/crl-to-cache/evaltest.dat create mode 100644 testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/x509/carolCert.pem create mode 100644 testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/x509/moonCert.pem create mode 100644 testing/tests/swanctl/crl-to-cache/posttest.dat create mode 100644 testing/tests/swanctl/crl-to-cache/pretest.dat create mode 100644 testing/tests/swanctl/crl-to-cache/test.conf create mode 100644 testing/tests/swanctl/net2net-multicast/description.txt create mode 100644 testing/tests/swanctl/net2net-multicast/evaltest.dat create mode 100644 testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf create mode 100755 testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/net2net-multicast/posttest.dat create mode 100644 testing/tests/swanctl/net2net-multicast/pretest.dat create mode 100644 testing/tests/swanctl/net2net-multicast/test.conf create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/description.txt create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/rsa/moonKey.pem create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509/moonCert.pem create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/rsa/sunKey.pem create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509/sunCert.pem create mode 100644 testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat create mode 100755 testing/tests/swanctl/net2net-sha3-rsa-cert/test.conf create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem create mode 100644 testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat create mode 100755 testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf create mode 100755 testing/tests/swanctl/rw-newhope-bliss/description.txt create mode 100755 testing/tests/swanctl/rw-newhope-bliss/evaltest.dat create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/bliss/carolKey.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509/carolCert.der create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509ca/strongswan_blissCert.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/bliss/daveKey.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509/daveCert.der create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509ca/strongswan_blissCert.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/bliss/moonKey.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509/moonCert.der create mode 100644 testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509ca/strongswan_blissCert.der create mode 100755 testing/tests/swanctl/rw-newhope-bliss/posttest.dat create mode 100755 testing/tests/swanctl/rw-newhope-bliss/pretest.dat create mode 100755 testing/tests/swanctl/rw-newhope-bliss/test.conf diff --git a/Android.common.mk b/Android.common.mk index 1c12487b8..3447d5bcc 100644 --- a/Android.common.mk +++ b/Android.common.mk @@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \ ) # strongSwan version, replaced by top Makefile -strongswan_VERSION := "5.5.0" +strongswan_VERSION := "5.5.1" diff --git a/Makefile.am b/Makefile.am index 898b26205..64b858d5e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,7 +21,7 @@ nodist_config_include_HEADERS = config.h endif # we leave config files behind intentionally so prevent distcheck from complaining -distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print +distuninstallcheck_listfiles = find . -type f \! -name '*.conf' \! -name '*.secrets' -print Android.common.mk : Android.common.mk.in configure.ac $(AM_V_GEN) \ diff --git a/Makefile.in b/Makefile.in index 2df942a8b..c85aa442d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -381,7 +381,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -415,8 +414,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -470,6 +467,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -484,7 +483,7 @@ MAINTAINERCLEANFILES = Android.common.mk @USE_DEV_HEADERS_TRUE@nodist_config_include_HEADERS = config.h # we leave config files behind intentionally so prevent distcheck from complaining -distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print +distuninstallcheck_listfiles = find . -type f \! -name '*.conf' \! -name '*.secrets' -print all: $(BUILT_SOURCES) config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/NEWS b/NEWS index db30df1d2..3a7aba883 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,39 @@ +strongswan-5.5.1 +---------------- + +- The newhope plugin implements the post-quantum NewHope key exchange algorithm + proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and + Peter Schwabe. + +- The libstrongswan crypto factory now offers the registration of Extended + Output Functions (XOFs). Currently supported XOFs are SHAKE128 and SHAKE256 + implemented by the sha3 plugin, ChaCHa20 implemented by the chapoly plugin + and the more traditional MGF1 Mask Generation Functions based on the SHA-1, + SHA-256 and SHA-512 hash algorithms implemented by the new mgf1 plugin. + +- The pki tool, with help of the pkcs1 or openssl plugins, can parse private + keys in any of the supported formats without having to know the exact type. + So instead of having to specify rsa or ecdsa explicitly the keyword priv may + be used to indicate a private key of any type. Similarly, swanctl can load + any type of private key from the swanctl/private directory. + +- The pki tool can handle RSASSA-PKCS1v1.5-with-SHA-3 signatures using the + sha3 and gmp plugins. + +- The VICI flush-certs command flushes certificates from the volatile + certificate cache. Optionally the type of the certificates to be + flushed (e.g. type = x509_crl) can be specified. + +- Setting cache_crls = yes in strongswan.conf the vici plugin saves regular, + base and delta CRLs to disk. + +- IKE fragmentation is now enabled by default with the default fragment size + set to 1280 bytes for both IP address families. + +- libtpmtss: In the TSS2 API the function TeardownSocketTcti() was replaced by + tss2_tcti_finalize(). + + strongswan-5.5.0 ---------------- diff --git a/conf/Makefile.am b/conf/Makefile.am index b7edaa8ee..4588b0999 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -9,9 +9,11 @@ pluginstemplatedir = $(templatesdir)/plugins options = \ options/aikgen.opt \ + options/aikpub2.opt \ options/attest.opt \ options/charon.opt \ options/charon-logging.opt \ + options/charon-nm.opt \ options/charon-systemd.opt \ options/imcv.opt \ options/imv_policy_manager.opt \ diff --git a/conf/Makefile.in b/conf/Makefile.in index 6804d91e0..e6d66a25a 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -305,7 +305,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -339,8 +338,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -394,6 +391,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -408,9 +407,11 @@ optionstemplatedir = $(templatesdir)/strongswan.d pluginstemplatedir = $(templatesdir)/plugins options = \ options/aikgen.opt \ + options/aikpub2.opt \ options/attest.opt \ options/charon.opt \ options/charon-logging.opt \ + options/charon-nm.opt \ options/charon-systemd.opt \ options/imcv.opt \ options/imv_policy_manager.opt \ diff --git a/conf/options/aikpub2.conf b/conf/options/aikpub2.conf new file mode 100644 index 000000000..fd48f2c7a --- /dev/null +++ b/conf/options/aikpub2.conf @@ -0,0 +1,7 @@ +aikpub2 { + + # Plugins to load in aikpub2 tool. + # load = + +} + diff --git a/conf/options/aikpub2.opt b/conf/options/aikpub2.opt new file mode 100644 index 000000000..6a755d211 --- /dev/null +++ b/conf/options/aikpub2.opt @@ -0,0 +1,2 @@ +aikpub2.load = + Plugins to load in aikpub2 tool. diff --git a/conf/options/charon-nm.conf b/conf/options/charon-nm.conf new file mode 100644 index 000000000..85d64480d --- /dev/null +++ b/conf/options/charon-nm.conf @@ -0,0 +1,8 @@ +charon-nm { + + # Directory from which to load CA certificates if no certificate is + # configured. + # ca_dir = + +} + diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt new file mode 100644 index 000000000..6372934bd --- /dev/null +++ b/conf/options/charon-nm.opt @@ -0,0 +1,3 @@ +charon-nm.ca_dir = + Directory from which to load CA certificates if no certificate is + configured. diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 78411250e..f72041e6a 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -7,6 +7,12 @@ charon { # Maximum number of half-open IKE_SAs for a single peer IP. # block_threshold = 5 + # Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should + # be saved under a unique file name derived from the public key of the + # Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or + # /etc/swanctl/x509crl (vici), respectively. + # cache_crls = no + # Whether relations in validated certificate chains should be cached in # memory. # cert_cache = yes @@ -51,10 +57,11 @@ charon { # follow_redirects = yes # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment - # when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for - # address family specific default values). If specified this limit is - # used for both IPv4 and IPv6. - # fragment_size = 0 + # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults + # to 1280 (use 0 for address family specific default values, which uses a + # lower value for IPv4). If specified this limit is used for both IPv4 and + # IPv6. + # fragment_size = 1280 # Name of the group the daemon changes to after startup. # group = diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 3970012d2..6e0b37c57 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -30,6 +30,12 @@ charon.cert_cache = yes Whether relations in validated certificate chains should be cached in memory. +charon.cache_crls = no + Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should + be saved under a unique file name derived from the public key of the + Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or + **/etc/swanctl/x509crl** (vici), respectively. + charon.cisco_unity = no Send Cisco Unity vendor ID payload (IKEv1 only). @@ -100,11 +106,12 @@ charon.flush_auth_cfg = no charon.follow_redirects = yes Whether to follow IKEv2 redirects (RFC 5685). -charon.fragment_size = 0 +charon.fragment_size = 1280 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment - when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for - address family specific default values). If specified this limit is used - for both IPv4 and IPv6. + when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults + to 1280 (use 0 for address family specific default values, which uses a + lower value for IPv4). If specified this limit is used for both IPv4 and + IPv6. charon.group Name of the group the daemon changes to after startup. diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf index 3997dc7d9..47f7d58bc 100644 --- a/conf/plugins/kernel-netlink.conf +++ b/conf/plugins/kernel-netlink.conf @@ -46,8 +46,33 @@ kernel-netlink { # Netlink message retransmission timeout, 0 to disable retransmissions. # timeout = 0 - # Lifetime of XFRM acquire state in kernel. + # Lifetime of XFRM acquire state and allocated SPIs in kernel. # xfrm_acq_expires = 165 + # XFRM policy hashing threshold configuration for IPv4 and IPv6. + spdh_thresh { + + ipv4 { + + # Local subnet XFRM policy hashing threshold for IPv4. + # lbits = 32 + + # Remote subnet XFRM policy hashing threshold for IPv4. + # rbits = 32 + + } + + ipv6 { + + # Local subnet XFRM policy hashing threshold for IPv6. + # lbits = 128 + + # Remote subnet XFRM policy hashing threshold for IPv6. + # rbits = 128 + + } + + } + } diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt index 6adefd8de..77ba6ea97 100644 --- a/conf/plugins/kernel-netlink.opt +++ b/conf/plugins/kernel-netlink.opt @@ -51,6 +51,35 @@ charon.plugins.kernel-netlink.set_proto_port_transport_sa = no traffic, it also prevents the use of a single IPsec SA by more than one traffic selector. +charon.plugins.kernel-netlink.spdh_thresh {} + XFRM policy hashing threshold configuration for IPv4 and IPv6. + + XFRM policy hashing threshold configuration for IPv4 and IPv6. + + The section defines hashing thresholds to configure in the kernel during + daemon startup. Each address family takes a threshold for the local subnet + of an IPsec policy (src in out-policies, dst in in- and forward-policies) + and the remote subnet (dst in out-policies, src in in- and + forward-policies). + + If the subnet has more or equal net bits than the threshold, the first + threshold bits are used to calculate a hash to lookup the policy. + + Policy hashing thresholds are not supported before Linux 3.18 and might + conflict with socket policies before Linux 4.8. + +charon.plugins.kernel-netlink.spdh_thresh.ipv4.lbits = 32 + Local subnet XFRM policy hashing threshold for IPv4. + +charon.plugins.kernel-netlink.spdh_thresh.ipv4.rbits = 32 + Remote subnet XFRM policy hashing threshold for IPv4. + +charon.plugins.kernel-netlink.spdh_thresh.ipv6.lbits = 128 + Local subnet XFRM policy hashing threshold for IPv6. + +charon.plugins.kernel-netlink.spdh_thresh.ipv6.rbits = 128 + Remote subnet XFRM policy hashing threshold for IPv6. + charon.plugins.kernel-netlink.retries = 0 Number of Netlink message retransmissions to send on timeout. @@ -61,8 +90,12 @@ charon.plugins.kernel-netlink.ignore_retransmit_errors = no Whether to ignore errors potentially resulting from a retransmission. charon.plugins.kernel-netlink.xfrm_acq_expires = 165 - Lifetime of XFRM acquire state in kernel. - - Lifetime of XFRM acquire state in kernel. The value gets written to - /proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM - acquire messages sent. + Lifetime of XFRM acquire state and allocated SPIs in kernel. + + Lifetime of XFRM acquire state created by the kernel when traffic matches a + trap policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires. + Indirectly controls the delay between XFRM acquire messages triggered by the + kernel for a trap policy. The same value is used as timeout for SPIs + allocated by the kernel. The default value equals the default total + retransmission timeout for IKE messages, see IKEv2 RETRANSMISSION + in **strongswan.conf**(5). diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 3d03f2058..c0ecbb7ce 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -2,6 +2,10 @@ .BR aikgen.load " []" Plugins to load in ipsec aikgen tool. +.TP +.BR aikpub2.load " []" +Plugins to load in aikpub2 tool. + .TP .BR attest.database " []" File measurement information database URI. If it contains a password, make sure @@ -49,6 +53,16 @@ SonicWall boxes). .BR charon.block_threshold " [5]" Maximum number of half\-open IKE_SAs for a single peer IP. +.TP +.BR charon.cache_crls " [no]" +Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should be +saved under a unique file name derived from the public key of the Certification +Authority (CA) to +.RB "" "/etc/ipsec.d/crls" "" +(stroke) or +.RB "" "/etc/swanctl/x509crl" "" +(vici), respectively. + .TP .BR charon.cert_cache " [yes]" Whether relations in validated certificate chains should be cached in memory. @@ -188,11 +202,11 @@ conflict with plugins that later need access to e.g. the used certificates. Whether to follow IKEv2 redirects (RFC 5685). .TP -.BR charon.fragment_size " [0]" +.BR charon.fragment_size " [1280]" Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when -using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for address -family specific default values). If specified this limit is used for both -IPv4 and IPv6. +using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults to 1280 +(use 0 for address family specific default values, which uses a lower value for +IPv4). If specified this limit is used for both IPv4 and IPv6. .TP .BR charon.group " []" @@ -961,15 +975,52 @@ Whether to set protocol and ports in the selector installed on transport mode IPsec SAs in the kernel. While doing so enforces policies for inbound traffic, it also prevents the use of a single IPsec SA by more than one traffic selector. +.TP +.B charon.plugins.kernel-netlink.spdh_thresh +.br +XFRM policy hashing threshold configuration for IPv4 and IPv6. + +The section defines hashing thresholds to configure in the kernel during daemon +startup. Each address family takes a threshold for the local subnet of an IPsec +policy (src in out\-policies, dst in in\- and forward\-policies) and the remote +subnet (dst in out\-policies, src in in\- and forward\-policies). + +If the subnet has more or equal net bits than the threshold, the first threshold +bits are used to calculate a hash to lookup the policy. + +Policy hashing thresholds are not supported before Linux 3.18 and might conflict +with socket policies before Linux 4.8. + +.TP +.BR charon.plugins.kernel-netlink.spdh_thresh.ipv4.lbits " [32]" +Local subnet XFRM policy hashing threshold for IPv4. + +.TP +.BR charon.plugins.kernel-netlink.spdh_thresh.ipv4.rbits " [32]" +Remote subnet XFRM policy hashing threshold for IPv4. + +.TP +.BR charon.plugins.kernel-netlink.spdh_thresh.ipv6.lbits " [128]" +Local subnet XFRM policy hashing threshold for IPv6. + +.TP +.BR charon.plugins.kernel-netlink.spdh_thresh.ipv6.rbits " [128]" +Remote subnet XFRM policy hashing threshold for IPv6. + .TP .BR charon.plugins.kernel-netlink.timeout " [0]" Netlink message retransmission timeout, 0 to disable retransmissions. .TP .BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]" -Lifetime of XFRM acquire state in kernel. The value gets written to -/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM -acquire messages sent. +Lifetime of XFRM acquire state created by the kernel when traffic matches a trap +policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires. +Indirectly controls the delay between XFRM acquire messages triggered by the +kernel for a trap policy. The same value is used as timeout for SPIs allocated +by the kernel. The default value equals the default total retransmission timeout +for IKE messages, see IKEv2 RETRANSMISSION in +.RB "" "strongswan.conf" "(5)." + .TP .BR charon.plugins.kernel-pfkey.events_buffer_size " [0]" @@ -1730,6 +1781,10 @@ Name of the user the daemon changes to after startup. .BR charon.x509.enforce_critical " [yes]" Discard certificates with unsupported or unknown critical extensions. +.TP +.BR charon-nm.ca_dir " []" +Directory from which to load CA certificates if no certificate is configured. + .TP .B charon-systemd.journal .br diff --git a/config.h.in b/config.h.in index 1e513da30..477cc2b5c 100644 --- a/config.h.in +++ b/config.h.in @@ -248,6 +248,9 @@ /* have syscall(SYS_gettid) */ #undef HAVE_SYS_GETTID +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PARAM_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKIO_H @@ -319,7 +322,7 @@ /* use TrouSerS library libtspi */ #undef TSS_TROUSERS -/* use TSS 2.0 library libtss2 */ +/* use TSS 2.0 libraries */ #undef TSS_TSS2 /* using builtin printf for printf hooks */ diff --git a/configure b/configure index be9df9705..52a197164 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for strongSwan 5.5.0. +# Generated by GNU Autoconf 2.69 for strongSwan 5.5.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='5.5.0' -PACKAGE_STRING='strongSwan 5.5.0' +PACKAGE_VERSION='5.5.1' +PACKAGE_STRING='strongSwan 5.5.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -695,6 +695,8 @@ USE_LIBTNCCS_FALSE USE_LIBTNCCS_TRUE USE_LIBTNCIF_FALSE USE_LIBTNCIF_TRUE +USE_LIBNTTFFT_FALSE +USE_LIBNTTFFT_TRUE USE_LIBIPSEC_FALSE USE_LIBIPSEC_TRUE USE_LIBCHARON_FALSE @@ -891,8 +893,6 @@ USE_SQL_FALSE USE_SQL_TRUE USE_SMP_FALSE USE_SMP_TRUE -USE_MAEMO_FALSE -USE_MAEMO_TRUE USE_ANDROID_LOG_FALSE USE_ANDROID_LOG_TRUE USE_ANDROID_DNS_FALSE @@ -913,6 +913,8 @@ USE_STROKE_FALSE USE_STROKE_TRUE USE_BLISS_FALSE USE_BLISS_TRUE +USE_NEWHOPE_FALSE +USE_NEWHOPE_TRUE USE_NTRU_FALSE USE_NTRU_TRUE USE_AF_ALG_FALSE @@ -985,6 +987,8 @@ USE_GMP_FALSE USE_GMP_TRUE USE_FIPS_PRF_FALSE USE_FIPS_PRF_TRUE +USE_MGF1_FALSE +USE_MGF1_TRUE USE_SHA3_FALSE USE_SHA3_TRUE USE_SHA2_FALSE @@ -1061,9 +1065,6 @@ nm_LIBS nm_CFLAGS pcsclite_LIBS pcsclite_CFLAGS -dbusservicedir -maemo_LIBS -maemo_CFLAGS MYSQLCFLAG MYSQLCONFIG MYSQLLIB @@ -1075,6 +1076,8 @@ gtk_LIBS gtk_CFLAGS json_LIBS json_CFLAGS +tss2_LIBS +tss2_CFLAGS systemd_journal_LIBS systemd_journal_CFLAGS systemd_daemon_LIBS @@ -1306,6 +1309,8 @@ enable_gmp enable_hmac enable_md4 enable_md5 +enable_mgf1 +enable_newhope enable_nonce enable_ntru enable_openssl @@ -1422,7 +1427,6 @@ enable_ha enable_led enable_load_tester enable_lookip -enable_maemo enable_radattr enable_systime_fix enable_test_vectors @@ -1506,12 +1510,12 @@ systemd_daemon_CFLAGS systemd_daemon_LIBS systemd_journal_CFLAGS systemd_journal_LIBS +tss2_CFLAGS +tss2_LIBS json_CFLAGS json_LIBS gtk_CFLAGS gtk_LIBS -maemo_CFLAGS -maemo_LIBS pcsclite_CFLAGS pcsclite_LIBS nm_CFLAGS @@ -2068,7 +2072,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 5.5.0 to adapt to many kinds of systems. +\`configure' configures strongSwan 5.5.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2139,7 +2143,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 5.5.0:";; + short | recursive ) echo "Configuration of strongSwan 5.5.1:";; esac cat <<\_ACEOF @@ -2166,6 +2170,8 @@ Optional Features: --disable-hmac disable HMAC crypto implementation plugin. --enable-md4 enable MD4 software implementation plugin. --disable-md5 disable MD5 software implementation plugin. + --enable-mgf1 enable the MGF1 software implementation plugin. + --enable-newhope enable New Hope crypto plugin. --disable-nonce disable nonce generation plugin. --enable-ntru enables the NTRU crypto plugin. --enable-openssl enables the OpenSSL crypto plugin. @@ -2317,7 +2323,6 @@ Optional Features: --enable-load-tester enable load testing plugin for IKEv2 daemon. --enable-lookip enable fast virtual IP lookup and notification plugin. - --enable-maemo enable Maemo specific plugin. --enable-radattr enable plugin to inject and process custom RADIUS attributes as IKEv2 client. --enable-systime-fix enable plugin to handle cert lifetimes with invalid @@ -2516,13 +2521,12 @@ Some influential environment variables: C compiler flags for systemd_journal, overriding pkg-config systemd_journal_LIBS linker flags for systemd_journal, overriding pkg-config + tss2_CFLAGS C compiler flags for tss2, overriding pkg-config + tss2_LIBS linker flags for tss2, overriding pkg-config json_CFLAGS C compiler flags for json, overriding pkg-config json_LIBS linker flags for json, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config - maemo_CFLAGS - C compiler flags for maemo, overriding pkg-config - maemo_LIBS linker flags for maemo, overriding pkg-config pcsclite_CFLAGS C compiler flags for pcsclite, overriding pkg-config pcsclite_LIBS @@ -2600,7 +2604,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 5.5.0 +strongSwan configure 5.5.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3122,7 +3126,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 5.5.0, which was +It was created by strongSwan $as_me 5.5.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3985,7 +3989,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='5.5.0' + VERSION='5.5.1' cat >>confdefs.h <<_ACEOF @@ -5084,6 +5088,38 @@ fi enabled_by_default=${enabled_by_default}" md5" +# Check whether --enable-mgf1 was given. +if test "${enable_mgf1+set}" = set; then : + enableval=$enable_mgf1; mgf1_given=true + if test x$enableval = xyes; then + mgf1=true + else + mgf1=false + fi +else + mgf1=false + mgf1_given=false + +fi + + disabled_by_default=${disabled_by_default}" mgf1" + +# Check whether --enable-newhope was given. +if test "${enable_newhope+set}" = set; then : + enableval=$enable_newhope; newhope_given=true + if test x$enableval = xyes; then + newhope=true + else + newhope=false + fi +else + newhope=false + newhope_given=false + +fi + + disabled_by_default=${disabled_by_default}" newhope" + # Check whether --enable-nonce was given. if test "${enable_nonce+set}" = set; then : enableval=$enable_nonce; nonce_given=true @@ -6949,22 +6985,6 @@ fi disabled_by_default=${disabled_by_default}" lookip" -# Check whether --enable-maemo was given. -if test "${enable_maemo+set}" = set; then : - enableval=$enable_maemo; maemo_given=true - if test x$enableval = xyes; then - maemo=true - else - maemo=false - fi -else - maemo=false - maemo_given=false - -fi - - disabled_by_default=${disabled_by_default}" maemo" - # Check whether --enable-radattr was given. if test "${enable_radattr+set}" = set; then : enableval=$enable_radattr; radattr_given=true @@ -17992,6 +18012,10 @@ if test x$aikpub2 = xtrue; then tss_tss2=true fi +if test x$ntru = xtrue -o x$bliss = xtrue; then + mgf1=true +fi + # =========================================== # check required libraries and header files # =========================================== @@ -18676,64 +18700,52 @@ fi -# uClibc requires explicit -latomic for __atomic_* operations +# Some architectures require explicit -latomic for __atomic_* operations +# AC_SEARCH_LIBS() does not work when checking built-ins due to conflicting types LIBS="" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_load" >&5 -$as_echo_n "checking for library containing __atomic_load... " >&6; } -if ${ac_cv_search___atomic_load+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_and_fetch" >&5 +$as_echo_n "checking for library containing __atomic_and_fetch... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char __atomic_load (); int main () { -return __atomic_load (); +int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED); ; return 0; } _ACEOF -for ac_lib in '' atomic; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search___atomic_load=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search___atomic_load+:} false; then : - break -fi -done -if ${ac_cv_search___atomic_load+:} false; then : +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none required" >&5 +$as_echo "none required" >&6; } +else + LIBS="-latomic"; + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int +main () +{ +int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: -latomic" >&5 +$as_echo "-latomic" >&6; }; ATOMICLIB=$LIBS else - ac_cv_search___atomic_load=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___atomic_load" >&5 -$as_echo "$ac_cv_search___atomic_load" >&6; } -ac_res=$ac_cv_search___atomic_load -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - ATOMICLIB=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$saved_LIBS @@ -19046,7 +19058,7 @@ else fi -for ac_header in sys/sockio.h sys/syscall.h glob.h net/if_tun.h +for ac_header in sys/sockio.h sys/syscall.h sys/param.h glob.h net/if_tun.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -20715,54 +20727,103 @@ $as_echo "#define TSS_TROUSERS /**/" >>confdefs.h fi if test x$tss_tss2 = xtrue; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltss2" >&5 -$as_echo_n "checking for main in -ltss2... " >&6; } -if ${ac_cv_lib_tss2_main+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ltss2 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2" >&5 +$as_echo_n "checking for tss2... " >&6; } -int -main () -{ -return main (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_tss2_main=yes +if test -n "$tss2_CFLAGS"; then + pkg_cv_tss2_CFLAGS="$tss2_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-socket") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - ac_cv_lib_tss2_main=no + pkg_failed=yes fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + else + pkg_failed=untried fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tss2_main" >&5 -$as_echo "$ac_cv_lib_tss2_main" >&6; } -if test "x$ac_cv_lib_tss2_main" = xyes; then : - LIBS="$LIBS" +if test -n "$tss2_LIBS"; then + pkg_cv_tss2_LIBS="$tss2_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tcti-socket") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_tss2_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - as_fn_error $? "TTS 2.0 library libtss2 not found" "$LINENO" 5 + pkg_failed=yes fi + else + pkg_failed=untried +fi + - ac_fn_c_check_header_mongrel "$LINENO" "tss2/tpm20.h" "ac_cv_header_tss2_tpm20_h" "$ac_includes_default" -if test "x$ac_cv_header_tss2_tpm20_h" = xyes; then : +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes else - as_fn_error $? "TSS 2.0 header tss2/tpm20.h not found!" "$LINENO" 5 + _pkg_short_errors_supported=no fi + if test $_pkg_short_errors_supported = yes; then + tss2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1` + else + tss2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$tss2_PKG_ERRORS" >&5 + as_fn_error $? "Package requirements (tcti-socket) were not met: +$tss2_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables tss2_CFLAGS +and tss2_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables tss2_CFLAGS +and tss2_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + tss2_CFLAGS=$pkg_cv_tss2_CFLAGS + tss2_LIBS=$pkg_cv_tss2_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } $as_echo "#define TSS_TSS2 /**/" >>confdefs.h fi + + +fi + if test x$imv_swid = xtrue; then pkg_failed=no @@ -21795,104 +21856,6 @@ fi fi -if test x$maemo = xtrue; then - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for maemo" >&5 -$as_echo_n "checking for maemo... " >&6; } - -if test -n "$maemo_CFLAGS"; then - pkg_cv_maemo_CFLAGS="$maemo_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 - ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_maemo_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$maemo_LIBS"; then - pkg_cv_maemo_LIBS="$maemo_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 - ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_maemo_LIBS=`$PKG_CONFIG --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - maemo_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` - else - maemo_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$maemo_PKG_ERRORS" >&5 - - as_fn_error $? "Package requirements (glib-2.0 gthread-2.0 libosso osso-af-settings) were not met: - -$maemo_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables maemo_CFLAGS -and maemo_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details." "$LINENO" 5 -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables maemo_CFLAGS -and maemo_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } -else - maemo_CFLAGS=$pkg_cv_maemo_CFLAGS - maemo_LIBS=$pkg_cv_maemo_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -fi - - - dbusservicedir="/usr/share/dbus-1/system-services" - -fi - if test x$eap_sim_pcsc = xtrue; then pkg_failed=no @@ -23088,6 +23051,20 @@ if test x$md5 = xtrue; then fi +if test x$mgf1 = xtrue; then + s_plugins=${s_plugins}" mgf1" + charon_plugins=${charon_plugins}" mgf1" + scepclient_plugins=${scepclient_plugins}" mgf1" + pki_plugins=${pki_plugins}" mgf1" + scripts_plugins=${scripts_plugins}" mgf1" + medsrv_plugins=${medsrv_plugins}" mgf1" + attest_plugins=${attest_plugins}" mgf1" + nm_plugins=${nm_plugins}" mgf1" + cmd_plugins=${cmd_plugins}" mgf1" + aikgen_plugins=${aikgen_plugins}" mgf1" + + fi + if test x$rdrand = xtrue; then s_plugins=${s_plugins}" rdrand" charon_plugins=${charon_plugins}" rdrand" @@ -23428,6 +23405,15 @@ if test x$ntru = xtrue; then fi +if test x$newhope = xtrue; then + s_plugins=${s_plugins}" newhope" + charon_plugins=${charon_plugins}" newhope" + scripts_plugins=${scripts_plugins}" newhope" + nm_plugins=${nm_plugins}" newhope" + cmd_plugins=${cmd_plugins}" newhope" + + fi + if test x$bliss = xtrue; then s_plugins=${s_plugins}" bliss" charon_plugins=${charon_plugins}" bliss" @@ -23943,12 +23929,6 @@ if test x$radattr = xtrue; then fi -if test x$maemo = xtrue; then - c_plugins=${c_plugins}" maemo" - charon_plugins=${charon_plugins}" maemo" - - fi - if test x$uci = xtrue; then c_plugins=${c_plugins}" uci" charon_plugins=${charon_plugins}" uci" @@ -24120,6 +24100,14 @@ else USE_SHA3_FALSE= fi + if test x$mgf1 = xtrue; then + USE_MGF1_TRUE= + USE_MGF1_FALSE='#' +else + USE_MGF1_TRUE='#' + USE_MGF1_FALSE= +fi + if test x$fips_prf = xtrue; then USE_FIPS_PRF_TRUE= USE_FIPS_PRF_FALSE='#' @@ -24408,6 +24396,14 @@ else USE_NTRU_FALSE= fi + if test x$newhope = xtrue; then + USE_NEWHOPE_TRUE= + USE_NEWHOPE_FALSE='#' +else + USE_NEWHOPE_TRUE='#' + USE_NEWHOPE_FALSE= +fi + if test x$bliss = xtrue; then USE_BLISS_TRUE= USE_BLISS_FALSE='#' @@ -24491,14 +24487,6 @@ else USE_ANDROID_LOG_FALSE= fi - if test x$maemo = xtrue; then - USE_MAEMO_TRUE= - USE_MAEMO_FALSE='#' -else - USE_MAEMO_TRUE='#' - USE_MAEMO_FALSE= -fi - if test x$smp = xtrue; then USE_SMP_TRUE= USE_SMP_FALSE='#' @@ -25286,6 +25274,14 @@ else USE_LIBIPSEC_FALSE= fi + if test x$bliss = xtrue -o x$newhope = xtrue; then + USE_LIBNTTFFT_TRUE= + USE_LIBNTTFFT_FALSE='#' +else + USE_LIBNTTFFT_TRUE='#' + USE_LIBNTTFFT_FALSE= +fi + if test x$tnc_tnccs = xtrue -o x$imcv = xtrue; then USE_LIBTNCIF_TRUE= USE_LIBTNCIF_FALSE='#' @@ -25625,7 +25621,7 @@ fi # build Makefiles # ================= -ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/aikpub2/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/aikpub2/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile" # ================= @@ -25861,6 +25857,10 @@ if test -z "${USE_SHA3_TRUE}" && test -z "${USE_SHA3_FALSE}"; then as_fn_error $? "conditional \"USE_SHA3\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_MGF1_TRUE}" && test -z "${USE_MGF1_FALSE}"; then + as_fn_error $? "conditional \"USE_MGF1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_FIPS_PRF_TRUE}" && test -z "${USE_FIPS_PRF_FALSE}"; then as_fn_error $? "conditional \"USE_FIPS_PRF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26005,6 +26005,10 @@ if test -z "${USE_NTRU_TRUE}" && test -z "${USE_NTRU_FALSE}"; then as_fn_error $? "conditional \"USE_NTRU\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_NEWHOPE_TRUE}" && test -z "${USE_NEWHOPE_FALSE}"; then + as_fn_error $? "conditional \"USE_NEWHOPE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_BLISS_TRUE}" && test -z "${USE_BLISS_FALSE}"; then as_fn_error $? "conditional \"USE_BLISS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26045,10 +26049,6 @@ if test -z "${USE_ANDROID_LOG_TRUE}" && test -z "${USE_ANDROID_LOG_FALSE}"; then as_fn_error $? "conditional \"USE_ANDROID_LOG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_MAEMO_TRUE}" && test -z "${USE_MAEMO_FALSE}"; then - as_fn_error $? "conditional \"USE_MAEMO\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then as_fn_error $? "conditional \"USE_SMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26441,6 +26441,10 @@ if test -z "${USE_LIBIPSEC_TRUE}" && test -z "${USE_LIBIPSEC_FALSE}"; then as_fn_error $? "conditional \"USE_LIBIPSEC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_LIBNTTFFT_TRUE}" && test -z "${USE_LIBNTTFFT_FALSE}"; then + as_fn_error $? "conditional \"USE_LIBNTTFFT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_LIBTNCIF_TRUE}" && test -z "${USE_LIBTNCIF_FALSE}"; then as_fn_error $? "conditional \"USE_LIBTNCIF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -26962,7 +26966,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 5.5.0, which was +This file was extended by strongSwan $as_me 5.5.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -27028,7 +27032,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 5.5.0 +strongSwan config.status 5.5.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -27452,6 +27456,8 @@ do "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;; + "src/libstrongswan/math/libnttfft/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/math/libnttfft/Makefile" ;; + "src/libstrongswan/math/libnttfft/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/math/libnttfft/tests/Makefile" ;; "src/libstrongswan/plugins/aes/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/aes/Makefile" ;; "src/libstrongswan/plugins/cmac/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/cmac/Makefile" ;; "src/libstrongswan/plugins/des/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/des/Makefile" ;; @@ -27462,6 +27468,7 @@ do "src/libstrongswan/plugins/sha1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha1/Makefile" ;; "src/libstrongswan/plugins/sha2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha2/Makefile" ;; "src/libstrongswan/plugins/sha3/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha3/Makefile" ;; + "src/libstrongswan/plugins/mgf1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mgf1/Makefile" ;; "src/libstrongswan/plugins/fips_prf/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/fips_prf/Makefile" ;; "src/libstrongswan/plugins/gmp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gmp/Makefile" ;; "src/libstrongswan/plugins/rdrand/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/rdrand/Makefile" ;; @@ -27505,6 +27512,8 @@ do "src/libstrongswan/plugins/ntru/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ntru/Makefile" ;; "src/libstrongswan/plugins/bliss/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/bliss/Makefile" ;; "src/libstrongswan/plugins/bliss/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/bliss/tests/Makefile" ;; + "src/libstrongswan/plugins/newhope/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/newhope/Makefile" ;; + "src/libstrongswan/plugins/newhope/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/newhope/tests/Makefile" ;; "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;; "src/libstrongswan/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/tests/Makefile" ;; "src/libipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/libipsec/Makefile" ;; @@ -27602,7 +27611,6 @@ do "src/libcharon/plugins/p_cscf/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/p_cscf/Makefile" ;; "src/libcharon/plugins/android_dns/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android_dns/Makefile" ;; "src/libcharon/plugins/android_log/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android_log/Makefile" ;; - "src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;; "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;; "src/libcharon/plugins/vici/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/Makefile" ;; "src/libcharon/plugins/vici/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/ruby/Makefile" ;; diff --git a/configure.ac b/configure.ac index 3aa7d919e..622c79a10 100644 --- a/configure.ac +++ b/configure.ac @@ -19,7 +19,7 @@ # initialize & set some vars # ============================ -AC_INIT([strongSwan],[5.5.0]) +AC_INIT([strongSwan],[5.5.1]) AM_INIT_AUTOMAKE(m4_esyscmd([ echo tar-ustar echo subdir-objects @@ -136,6 +136,8 @@ ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementa ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.]) +ARG_ENABL_SET([mgf1], [enable the MGF1 software implementation plugin.]) +ARG_ENABL_SET([newhope], [enable New Hope crypto plugin.]) ARG_DISBL_SET([nonce], [disable nonce generation plugin.]) ARG_ENABL_SET([ntru], [enables the NTRU crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) @@ -261,7 +263,6 @@ ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.]) ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.]) -ARG_ENABL_SET([maemo], [enable Maemo specific plugin.]) ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.]) ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.]) ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) @@ -465,6 +466,10 @@ if test x$aikpub2 = xtrue; then tss_tss2=true fi +if test x$ntru = xtrue -o x$bliss = xtrue; then + mgf1=true +fi + # =========================================== # check required libraries and header files # =========================================== @@ -500,9 +505,20 @@ LIBS=$DLLIB AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS]) AC_SUBST(PTHREADLIB) -# uClibc requires explicit -latomic for __atomic_* operations +# Some architectures require explicit -latomic for __atomic_* operations +# AC_SEARCH_LIBS() does not work when checking built-ins due to conflicting types LIBS="" -AC_SEARCH_LIBS(__atomic_load, atomic, [ATOMICLIB=$LIBS]) +AC_MSG_CHECKING(for library containing __atomic_and_fetch) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])], + [AC_MSG_RESULT([none required])], + [LIBS="-latomic"; + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])], + [AC_MSG_RESULT([-latomic]); ATOMICLIB=$LIBS], + [AC_MSG_RESULT([no])]) + ] +) AC_SUBST(ATOMICLIB) LIBS=$saved_LIBS @@ -617,7 +633,7 @@ AC_CHECK_FUNC([syslog], [ ]) AM_CONDITIONAL(USE_SYSLOG, [test "x$syslog" = xtrue]) -AC_CHECK_HEADERS(sys/sockio.h sys/syscall.h glob.h net/if_tun.h) +AC_CHECK_HEADERS(sys/sockio.h sys/syscall.h sys/param.h glob.h net/if_tun.h) AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h) AC_CHECK_HEADERS([netinet/ip6.h linux/fib_rules.h], [], [], [ @@ -977,10 +993,11 @@ if test x$tss_trousers = xtrue; then fi if test x$tss_tss2 = xtrue; then - AC_CHECK_LIB([tss2],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TTS 2.0 library libtss2 not found])],[]) - AC_CHECK_HEADER([tss2/tpm20.h],,[AC_MSG_ERROR([TSS 2.0 header tss2/tpm20.h not found!])]) - AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 library libtss2]) + PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])]) + AC_SUBST(tss2_CFLAGS) + AC_SUBST(tss2_LIBS) fi + if test x$imv_swid = xtrue; then PKG_CHECK_MODULES(json, [json-c], [], [PKG_CHECK_MODULES(json, [json])]) @@ -1127,14 +1144,6 @@ if test x$android_dns = xtrue; then AC_SUBST(DLLIB) fi -if test x$maemo = xtrue; then - PKG_CHECK_MODULES(maemo, [glib-2.0 gthread-2.0 libosso osso-af-settings]) - AC_SUBST(maemo_CFLAGS) - AC_SUBST(maemo_LIBS) - dbusservicedir="/usr/share/dbus-1/system-services" - AC_SUBST(dbusservicedir) -fi - if test x$eap_sim_pcsc = xtrue; then PKG_CHECK_MODULES(pcsclite, [libpcsclite]) AC_SUBST(pcsclite_CFLAGS) @@ -1323,6 +1332,7 @@ ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attes ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([md4], [s charon scepclient pki nm cmd]) ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen]) +ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([nonce], [s charon nm cmd aikgen]) @@ -1357,6 +1367,7 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd]) ADD_PLUGIN([ccm], [s charon scripts nm cmd]) ADD_PLUGIN([gcm], [s charon scripts nm cmd]) ADD_PLUGIN([ntru], [s charon scripts nm cmd]) +ADD_PLUGIN([newhope], [s charon scripts nm cmd]) ADD_PLUGIN([bliss], [s charon pki scripts nm cmd]) ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([files], [s charon scepclient pki scripts nm cmd]) @@ -1433,7 +1444,6 @@ ADD_PLUGIN([led], [c charon]) ADD_PLUGIN([duplicheck], [c charon]) ADD_PLUGIN([coupling], [c charon]) ADD_PLUGIN([radattr], [c charon]) -ADD_PLUGIN([maemo], [c charon]) ADD_PLUGIN([uci], [c charon]) ADD_PLUGIN([addrblock], [c charon]) ADD_PLUGIN([unity], [c charon]) @@ -1478,6 +1488,7 @@ AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue) AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue) AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue) AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue) +AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue) AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue) AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue) AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue) @@ -1514,6 +1525,7 @@ AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue) AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue) AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue) AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue) +AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue) AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue) # charon plugins @@ -1527,7 +1539,6 @@ AM_CONDITIONAL(USE_OSX_ATTR, test x$osx_attr = xtrue) AM_CONDITIONAL(USE_P_CSCF, test x$p_cscf = xtrue) AM_CONDITIONAL(USE_ANDROID_DNS, test x$android_dns = xtrue) AM_CONDITIONAL(USE_ANDROID_LOG, test x$android_log = xtrue) -AM_CONDITIONAL(USE_MAEMO, test x$maemo = xtrue) AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_DNSCERT, test x$dnscert = xtrue) @@ -1629,6 +1640,7 @@ AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) +AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue) AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue) @@ -1721,6 +1733,8 @@ AC_CONFIG_FILES([ src/Makefile src/include/Makefile src/libstrongswan/Makefile + src/libstrongswan/math/libnttfft/Makefile + src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile @@ -1731,6 +1745,7 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile + src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/rdrand/Makefile @@ -1774,6 +1789,8 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile + src/libstrongswan/plugins/newhope/Makefile + src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile @@ -1871,7 +1888,6 @@ AC_CONFIG_FILES([ src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile - src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile diff --git a/init/Makefile.in b/init/Makefile.in index a7c723a81..9ae5e47a2 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -329,7 +329,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -363,8 +362,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -418,6 +415,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in index ceb056333..190eb8f6a 100644 --- a/init/systemd-swanctl/Makefile.in +++ b/init/systemd-swanctl/Makefile.in @@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -386,6 +383,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index a3a796327..325a4e343 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -386,6 +383,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/Makefile.in b/man/Makefile.in index a473efdfb..4d04d25c6 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -303,7 +303,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -337,8 +336,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -392,6 +389,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 54440c0c7..6f80709a6 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -247,7 +247,9 @@ can be added at the end. If .B dh-group is specified, CHILD_SA/Quick Mode setup and rekeying include a separate -Diffie-Hellman exchange. +Diffie-Hellman exchange (refer to the +.B esp +keyword for details). .TP .BR also " = " includes conn section @@ -410,18 +412,27 @@ exclamation mark can be added at the end. .BR Note : -As a responder the daemon accepts the first supported proposal received from -the peer. In order to restrict a responder to only accept specific cipher -suites, the strict flag +As a responder, the daemon defaults to selecting the first configured proposal +that's also supported by the peer. This may be changed via +.BR strongswan.conf (5) +to selecting the first acceptable proposal sent by the peer instead. In order to +restrict a responder to only accept specific cipher suites, the strict flag .RB ( ! , exclamation mark) can be used, e.g: aes256-sha512-modp4096! -.br + If .B dh-group -is specified, CHILD_SA/Quick Mode setup and rekeying include a separate -Diffie-Hellman exchange. Valid values for +is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a +separate Diffie-Hellman exchange using the specified group. However, for IKEv2, +the keys of the CHILD_SA created implicitly with the IKE_SA will always be +derived from the IKE_SA's key material. So any DH group specified here will only +apply when the CHILD_SA is later rekeyed or is created with a separate +CREATE_CHILD_SA exchange. Therefore, a proposal mismatch might not immediately +be noticed when the SA is established, but may later cause rekeying to fail. + +Valid values for .B esnmode -(IKEv2 only) are +are .B esn and .BR noesn . @@ -434,14 +445,15 @@ force UDP encapsulation for ESP packets even if no NAT situation is detected. This may help to surmount restrictive firewalls. In order to force the peer to encapsulate packets, NAT detection payloads are faked. .TP -.BR fragmentation " = yes | force | " no +.BR fragmentation " = " yes " | force | no" whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per RFC 7383). Acceptable values are -.BR yes , +.B yes +(the default), .B force and -.B no -(the default). Fragmented IKE messages sent by a peer are always accepted +.BR no . +Fragmented IKE messages sent by a peer are always accepted irrespective of the value of this option. If set to .BR yes , and the peer supports it, larger IKE messages will be sent in fragments. diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 0c73dfac9..606efcf41 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -411,7 +411,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -445,8 +444,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -500,6 +497,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/Makefile.in b/src/Makefile.in index 51317383f..16b1d2834 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -367,7 +367,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -401,8 +400,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -456,6 +453,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 5f7d50fd9..ce9ce1fa4 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -319,7 +319,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -353,8 +352,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -408,6 +405,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 1d15c0c93..37a57af0d 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -386,6 +383,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 1e2b7dd8b..149e739a7 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -409,6 +406,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/aikpub2/Makefile.in b/src/aikpub2/Makefile.in index adb40e415..62be867c5 100644 --- a/src/aikpub2/Makefile.in +++ b/src/aikpub2/Makefile.in @@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -409,6 +406,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index 098eb9474..fb43e4e02 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -446,6 +443,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am index 6ab7f27c5..4abfc743a 100644 --- a/src/charon-nm/Makefile.am +++ b/src/charon-nm/Makefile.am @@ -22,3 +22,8 @@ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} + +dbusservicedir = $(sysconfdir)/dbus-1/system.d +dbusservice_DATA = nm-strongswan-service.conf + +EXTRA_DIST = $(dbusservice_DATA) diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 715412ad2..7f05b359c 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -14,6 +14,7 @@ @SET_MAKE@ + VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -108,7 +109,8 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" +am__installdirs = "$(DESTDIR)$(ipsecdir)" \ + "$(DESTDIR)$(dbusservicedir)" PROGRAMS = $(ipsec_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp am_charon_nm_OBJECTS = charon-nm.$(OBJEXT) nm/nm_backend.$(OBJEXT) \ @@ -166,6 +168,34 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +DATA = $(dbusservice_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -326,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -360,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -415,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -441,6 +470,9 @@ charon_nm_LDADD = \ $(top_builddir)/src/libcharon/libcharon.la \ -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} +dbusservicedir = $(sysconfdir)/dbus-1/system.d +dbusservice_DATA = nm-strongswan-service.conf +EXTRA_DIST = $(dbusservice_DATA) all: all-am .SUFFIXES: @@ -583,6 +615,27 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-dbusserviceDATA: $(dbusservice_DATA) + @$(NORMAL_INSTALL) + @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \ + done + +uninstall-dbusserviceDATA: + @$(NORMAL_UNINSTALL) + @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -668,9 +721,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) +all-am: Makefile $(PROGRAMS) $(DATA) installdirs: - for dir in "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(dbusservicedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -728,7 +781,7 @@ info: info-am info-am: -install-data-am: install-ipsecPROGRAMS +install-data-am: install-dbusserviceDATA install-ipsecPROGRAMS install-dvi: install-dvi-am @@ -774,7 +827,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS +uninstall-am: uninstall-dbusserviceDATA uninstall-ipsecPROGRAMS .MAKE: install-am install-strip @@ -783,14 +836,16 @@ uninstall-am: uninstall-ipsecPROGRAMS distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-dbusserviceDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS + tags tags-am uninstall uninstall-am uninstall-dbusserviceDATA \ + uninstall-ipsecPROGRAMS .PRECIOUS: Makefile diff --git a/src/charon-nm/nm-strongswan-service.conf b/src/charon-nm/nm-strongswan-service.conf new file mode 100644 index 000000000..a630f3407 --- /dev/null +++ b/src/charon-nm/nm-strongswan-service.conf @@ -0,0 +1,15 @@ + + + + + + + + + + + + + diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 5991c2465..571c0edba 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -23,7 +23,6 @@ #include #include #include -#include #include @@ -43,8 +42,6 @@ typedef struct { nm_creds_t *creds; /* attribute handler for DNS/NBNS server information */ nm_handler_t *handler; - /* dummy TUN device */ - tun_device_t *tun; /* name of the connection */ char *name; } NMStrongswanPluginPrivate; @@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GValue *val; GHashTable *config; enumerator_t *enumerator; - host_t *me; + host_t *me, *other; nm_handler_t *handler; config = g_hash_table_new(g_str_hash, g_str_equal); handler = priv->handler; - /* NM requires a tundev, but netkey does not use one. Passing the physical - * interface does not work, as NM fiddles around with it. So we pass a dummy - * TUN device along for NM to play with... */ + /* NM apparently requires to know the gateway */ val = g_slice_new0 (GValue); - g_value_init (val, G_TYPE_STRING); - g_value_set_string (val, priv->tun->get_name(priv->tun)); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + g_value_init (val, G_TYPE_UINT); + other = ike_sa->get_other_host(ike_sa); + g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr); + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); /* NM installs this IP address on the interface above, so we use the VIP if * we got one. @@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->name); DBG4(DBG_CFG, "%s", nm_setting_to_string(NM_SETTING(vpn))); - if (!priv->tun) - { - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, - "Failed to create dummy TUN device."); - return FALSE; - } address = nm_setting_vpn_get_data_item(vpn, "address"); if (!address || !*address) { @@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, else { /* no certificate defined, fall back to system-wide CA certificates */ - priv->creds->load_ca_dir(priv->creds, NM_CA_DIR); + priv->creds->load_ca_dir(priv->creds, lib->settings->get_str( + lib->settings, "charon-nm.ca_dir", NM_CA_DIR)); } if (!gateway) { @@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { user = identification_create_from_string((char*)str); str = nm_setting_vpn_get_secret(vpn, "password"); + if (auth_class == AUTH_CLASS_PSK && + strlen(str) < 20) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "pre-shared key is too short."); + gateway->destroy(gateway); + user->destroy(user); + return FALSE; + } priv->creds->set_username_password(priv->creds, user, (char*)str); } } @@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", charon->socket->get_port(charon->socket, FALSE), (char*)address, IKEV2_UDP_PORT, - FRAGMENTATION_NO, 0); + FRAGMENTATION_YES, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); @@ -722,27 +723,9 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) memset(&priv->listener, 0, sizeof(listener_t)); priv->listener.child_updown = child_updown; priv->listener.ike_rekey = ike_rekey; - priv->tun = tun_device_create(NULL); priv->name = NULL; } -/** - * Destructor - */ -static void nm_strongswan_plugin_dispose(GObject *obj) -{ - NMStrongswanPlugin *plugin; - NMStrongswanPluginPrivate *priv; - - plugin = NM_STRONGSWAN_PLUGIN(obj); - priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); - if (priv->tun) - { - priv->tun->destroy(priv->tun); - priv->tun = NULL; - } -} - /** * Class constructor */ @@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init( parent_class->connect = connect_; parent_class->need_secrets = need_secrets; parent_class->disconnect = disconnect; - G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose; } /** diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 4afa62507..e9cb26620 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -409,6 +406,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index 3dcf3d75a..c1aa833b0 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -324,7 +324,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -358,8 +357,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -413,6 +410,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 1eaf46a89..30a3ac86d 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -356,6 +353,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr index 102f6b7a2..459519564 100644 --- a/src/charon-tkm/build_common.gpr +++ b/src/charon-tkm/build_common.gpr @@ -9,7 +9,8 @@ project Build_Common is C_Compiler_Switches := ("-W", "-Wall", - "-Wno-unused-parameter"); + "-Wno-unused-parameter", + "-g"); Ada_Compiler_Switches := ("-gnatwale", "-gnatygAdISuxo", "-gnata", diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 13352e55a..4a6d2aed6 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -286,7 +286,7 @@ int main(int argc, char *argv[]) PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), PLUGIN_CALLBACK(tkm_spi_generator_register, NULL), @@ -373,6 +373,7 @@ int main(int argc, char *argv[]) run(); unlink_pidfile(); + free(pidfile_name); status = 0; charon->bus->remove_listener(charon->bus, &listener->listener); listener->destroy(listener); @@ -382,7 +383,7 @@ int main(int argc, char *argv[]) deinit: destroy_dh_mapping(); libcharon_deinit(); - library_deinit(); tkm_deinit(); + library_deinit(); return status; } diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 51f62fc37..d07ea5c48 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -323,7 +323,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -357,8 +356,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -412,6 +409,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 87bbf9f28..88210908a 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -48,6 +48,11 @@ if USE_RADIUS libs += $(DESTDIR)$(ipseclibdir)/libradius.so endif +if USE_LIBNTTFFT + deps += $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la + libs += $(DESTDIR)$(ipseclibdir)/libnttfft.so +endif + if USE_LIBPTTLS deps += $(top_builddir)/src/libpttls/libpttls.la libs += $(DESTDIR)$(ipseclibdir)/libpttls.so @@ -89,6 +94,10 @@ if USE_CMD exes += $(DESTDIR)$(sbindir)/charon-cmd endif +if USE_SYSTEMD + exes += $(DESTDIR)$(sbindir)/charon-systemd +endif + if USE_SCEPCLIENT exes += $(DESTDIR)$(ipsecdir)/scepclient endif diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index ef14d1236..7644e1b2b 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -96,27 +96,30 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_TLS_TRUE@am__append_5 = $(DESTDIR)$(ipseclibdir)/libtls.so @USE_RADIUS_TRUE@am__append_6 = $(top_builddir)/src/libradius/libradius.la @USE_RADIUS_TRUE@am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so -@USE_LIBPTTLS_TRUE@am__append_8 = $(top_builddir)/src/libpttls/libpttls.la -@USE_LIBPTTLS_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so -@USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la -@USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so -@USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so -@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_14 = -DT_PLUGINS=\""${t_plugins}\"" -@USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so -@USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la -@USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so -@USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la -@USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so -@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon -@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_22 = -DC_PLUGINS=\""${c_plugins}\"" -@USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd -@USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient -@USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki -@USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl -@USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool -@USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest +@USE_LIBNTTFFT_TRUE@am__append_8 = $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la +@USE_LIBNTTFFT_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libnttfft.so +@USE_LIBPTTLS_TRUE@am__append_10 = $(top_builddir)/src/libpttls/libpttls.la +@USE_LIBPTTLS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libpttls.so +@USE_LIBTPMTSS_TRUE@am__append_12 = $(top_builddir)/src/libtpmtss/libtpmtss.la +@USE_LIBTPMTSS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so +@USE_LIBTNCCS_TRUE@am__append_14 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_LIBTNCCS_TRUE@am__append_15 = $(DESTDIR)$(ipseclibdir)/libtnccs.so +@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_16 = -DT_PLUGINS=\""${t_plugins}\"" +@USE_SIMAKA_TRUE@am__append_17 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_SIMAKA_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libsimaka.so +@USE_IMCV_TRUE@am__append_19 = $(top_builddir)/src/libimcv/libimcv.la +@USE_IMCV_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libimcv.so +@USE_CHARON_TRUE@am__append_21 = $(top_builddir)/src/libcharon/libcharon.la +@USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipseclibdir)/libcharon.so +@USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipsecdir)/charon +@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_24 = -DC_PLUGINS=\""${c_plugins}\"" +@USE_CMD_TRUE@am__append_25 = $(DESTDIR)$(sbindir)/charon-cmd +@USE_SYSTEMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-systemd +@USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient +@USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki +@USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl +@USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool +@USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest subdir = src/checksum ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -388,7 +391,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -422,8 +424,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -477,6 +477,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -497,7 +499,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libcharon \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \ - $(am__append_14) $(am__append_22) + $(am__append_16) $(am__append_24) AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -508,14 +510,15 @@ AM_CFLAGS = \ deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__append_2) $(am__append_4) $(am__append_6) \ $(am__append_8) $(am__append_10) $(am__append_12) \ - $(am__append_15) $(am__append_17) $(am__append_19) + $(am__append_14) $(am__append_17) $(am__append_19) \ + $(am__append_21) libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_5) $(am__append_7) $(am__append_9) \ - $(am__append_11) $(am__append_13) $(am__append_16) \ - $(am__append_18) $(am__append_20) -exes = $(am__append_21) $(am__append_23) $(am__append_24) \ - $(am__append_25) $(am__append_26) $(am__append_27) \ - $(am__append_28) + $(am__append_11) $(am__append_13) $(am__append_15) \ + $(am__append_18) $(am__append_20) $(am__append_22) +exes = $(am__append_23) $(am__append_25) $(am__append_26) \ + $(am__append_27) $(am__append_28) $(am__append_29) \ + $(am__append_30) $(am__append_31) all: all-am .SUFFIXES: diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 7b499897c..9c55b503e 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -337,7 +337,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -371,8 +370,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -426,6 +423,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index d3bb11f61..38681f44b 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -358,7 +358,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -392,8 +391,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -447,6 +444,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/include/Makefile.in b/src/include/Makefile.in index c909af9a1..4fa90fda5 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -356,6 +353,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index 22e61fdf7..02d5125a5 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -84,6 +84,8 @@ struct xfrm_replay_state { __u32 bitmap; }; +#define XFRMA_REPLAY_ESN_MAX 4096 + struct xfrm_replay_state_esn { unsigned int bmp_len; __u32 oseq; @@ -295,6 +297,9 @@ enum xfrm_attr_type_t { XFRMA_MARK, /* struct xfrm_mark */ XFRMA_TFCPAD, /* __u32 */ XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ + XFRMA_SA_EXTRA_FLAGS, /* __u32 */ + XFRMA_PROTO, /* __u8 */ + XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) @@ -323,6 +328,8 @@ enum xfrm_spdattr_type_t { XFRMA_SPD_UNSPEC, XFRMA_SPD_INFO, XFRMA_SPD_HINFO, + XFRMA_SPD_IPV4_HTHRESH, + XFRMA_SPD_IPV6_HTHRESH, __XFRMA_SPD_MAX #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) @@ -342,6 +349,11 @@ struct xfrmu_spdhinfo { __u32 spdhmcnt; }; +struct xfrmu_spdhthresh { + __u8 lbits; + __u8 rbits; +}; + struct xfrm_usersa_info { struct xfrm_selector sel; struct xfrm_id id; @@ -365,6 +377,8 @@ struct xfrm_usersa_info { #define XFRM_STATE_ESN 128 }; +#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1 + struct xfrm_usersa_id { xfrm_address_t daddr; __be32 spi; @@ -469,6 +483,14 @@ struct xfrm_user_mapping { __be16 new_sport; }; +struct xfrm_address_filter { + xfrm_address_t saddr; + xfrm_address_t daddr; + __u16 family; + __u8 splen; + __u8 dplen; +}; + #ifndef __KERNEL__ /* backwards compatibility for userspace */ #define XFRMGRP_ACQUIRE 1 diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index c4cb5af4c..7512472cd 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -300,7 +300,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -334,8 +333,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -389,6 +386,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index b0acc6c0c..388a49246 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.5.1dr3" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 550f6eb9c..e530205e8 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -513,13 +513,6 @@ if MONOLITHIC endif endif -if USE_MAEMO - SUBDIRS += plugins/maemo -if MONOLITHIC - libcharon_la_LIBADD += plugins/maemo/libstrongswan-maemo.la -endif -endif - if USE_HA SUBDIRS += plugins/ha if MONOLITHIC diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 3ea9b8089..e82e67b8f 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -239,60 +239,58 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_91 = plugins/android_dns/libstrongswan-android-dns.la @USE_ANDROID_LOG_TRUE@am__append_92 = plugins/android_log @MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_93 = plugins/android_log/libstrongswan-android-log.la -@USE_MAEMO_TRUE@am__append_94 = plugins/maemo -@MONOLITHIC_TRUE@@USE_MAEMO_TRUE@am__append_95 = plugins/maemo/libstrongswan-maemo.la -@USE_HA_TRUE@am__append_96 = plugins/ha -@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_97 = plugins/ha/libstrongswan-ha.la -@USE_KERNEL_PFKEY_TRUE@am__append_98 = plugins/kernel_pfkey -@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_99 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la -@USE_KERNEL_PFROUTE_TRUE@am__append_100 = plugins/kernel_pfroute -@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_101 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la -@USE_KERNEL_NETLINK_TRUE@am__append_102 = plugins/kernel_netlink -@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_103 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la -@USE_KERNEL_LIBIPSEC_TRUE@am__append_104 = plugins/kernel_libipsec -@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_105 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la -@USE_KERNEL_WFP_TRUE@am__append_106 = plugins/kernel_wfp -@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_107 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la -@USE_KERNEL_IPH_TRUE@am__append_108 = plugins/kernel_iph -@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_109 = plugins/kernel_iph/libstrongswan-kernel-iph.la -@USE_WHITELIST_TRUE@am__append_110 = plugins/whitelist -@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_111 = plugins/whitelist/libstrongswan-whitelist.la -@USE_LOOKIP_TRUE@am__append_112 = plugins/lookip -@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_113 = plugins/lookip/libstrongswan-lookip.la -@USE_ERROR_NOTIFY_TRUE@am__append_114 = plugins/error_notify -@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_115 = plugins/error_notify/libstrongswan-error-notify.la -@USE_CERTEXPIRE_TRUE@am__append_116 = plugins/certexpire -@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_117 = plugins/certexpire/libstrongswan-certexpire.la -@USE_SYSTIME_FIX_TRUE@am__append_118 = plugins/systime_fix -@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_119 = plugins/systime_fix/libstrongswan-systime-fix.la -@USE_LED_TRUE@am__append_120 = plugins/led -@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_121 = plugins/led/libstrongswan-led.la -@USE_DUPLICHECK_TRUE@am__append_122 = plugins/duplicheck -@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_123 = plugins/duplicheck/libstrongswan-duplicheck.la -@USE_COUPLING_TRUE@am__append_124 = plugins/coupling -@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_125 = plugins/coupling/libstrongswan-coupling.la -@USE_RADATTR_TRUE@am__append_126 = plugins/radattr -@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_127 = plugins/radattr/libstrongswan-radattr.la -@USE_UCI_TRUE@am__append_128 = plugins/uci -@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_129 = plugins/uci/libstrongswan-uci.la -@USE_ADDRBLOCK_TRUE@am__append_130 = plugins/addrblock -@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_131 = plugins/addrblock/libstrongswan-addrblock.la -@USE_UNITY_TRUE@am__append_132 = plugins/unity -@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_133 = plugins/unity/libstrongswan-unity.la -@USE_XAUTH_GENERIC_TRUE@am__append_134 = plugins/xauth_generic -@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_135 = plugins/xauth_generic/libstrongswan-xauth-generic.la -@USE_XAUTH_EAP_TRUE@am__append_136 = plugins/xauth_eap -@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_137 = plugins/xauth_eap/libstrongswan-xauth-eap.la -@USE_XAUTH_PAM_TRUE@am__append_138 = plugins/xauth_pam -@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_139 = plugins/xauth_pam/libstrongswan-xauth-pam.la -@USE_XAUTH_NOAUTH_TRUE@am__append_140 = plugins/xauth_noauth -@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_141 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la -@USE_RESOLVE_TRUE@am__append_142 = plugins/resolve -@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_143 = plugins/resolve/libstrongswan-resolve.la -@USE_ATTR_TRUE@am__append_144 = plugins/attr -@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_145 = plugins/attr/libstrongswan-attr.la -@USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql -@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la +@USE_HA_TRUE@am__append_94 = plugins/ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_95 = plugins/ha/libstrongswan-ha.la +@USE_KERNEL_PFKEY_TRUE@am__append_96 = plugins/kernel_pfkey +@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_97 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +@USE_KERNEL_PFROUTE_TRUE@am__append_98 = plugins/kernel_pfroute +@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_99 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +@USE_KERNEL_NETLINK_TRUE@am__append_100 = plugins/kernel_netlink +@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_101 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la +@USE_KERNEL_LIBIPSEC_TRUE@am__append_102 = plugins/kernel_libipsec +@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_103 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la +@USE_KERNEL_WFP_TRUE@am__append_104 = plugins/kernel_wfp +@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_105 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la +@USE_KERNEL_IPH_TRUE@am__append_106 = plugins/kernel_iph +@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_107 = plugins/kernel_iph/libstrongswan-kernel-iph.la +@USE_WHITELIST_TRUE@am__append_108 = plugins/whitelist +@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_109 = plugins/whitelist/libstrongswan-whitelist.la +@USE_LOOKIP_TRUE@am__append_110 = plugins/lookip +@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_111 = plugins/lookip/libstrongswan-lookip.la +@USE_ERROR_NOTIFY_TRUE@am__append_112 = plugins/error_notify +@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_113 = plugins/error_notify/libstrongswan-error-notify.la +@USE_CERTEXPIRE_TRUE@am__append_114 = plugins/certexpire +@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_115 = plugins/certexpire/libstrongswan-certexpire.la +@USE_SYSTIME_FIX_TRUE@am__append_116 = plugins/systime_fix +@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_117 = plugins/systime_fix/libstrongswan-systime-fix.la +@USE_LED_TRUE@am__append_118 = plugins/led +@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_119 = plugins/led/libstrongswan-led.la +@USE_DUPLICHECK_TRUE@am__append_120 = plugins/duplicheck +@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_121 = plugins/duplicheck/libstrongswan-duplicheck.la +@USE_COUPLING_TRUE@am__append_122 = plugins/coupling +@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_123 = plugins/coupling/libstrongswan-coupling.la +@USE_RADATTR_TRUE@am__append_124 = plugins/radattr +@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_125 = plugins/radattr/libstrongswan-radattr.la +@USE_UCI_TRUE@am__append_126 = plugins/uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_127 = plugins/uci/libstrongswan-uci.la +@USE_ADDRBLOCK_TRUE@am__append_128 = plugins/addrblock +@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_129 = plugins/addrblock/libstrongswan-addrblock.la +@USE_UNITY_TRUE@am__append_130 = plugins/unity +@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_131 = plugins/unity/libstrongswan-unity.la +@USE_XAUTH_GENERIC_TRUE@am__append_132 = plugins/xauth_generic +@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_133 = plugins/xauth_generic/libstrongswan-xauth-generic.la +@USE_XAUTH_EAP_TRUE@am__append_134 = plugins/xauth_eap +@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_135 = plugins/xauth_eap/libstrongswan-xauth-eap.la +@USE_XAUTH_PAM_TRUE@am__append_136 = plugins/xauth_pam +@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_137 = plugins/xauth_pam/libstrongswan-xauth-pam.la +@USE_XAUTH_NOAUTH_TRUE@am__append_138 = plugins/xauth_noauth +@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_139 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la +@USE_RESOLVE_TRUE@am__append_140 = plugins/resolve +@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_141 = plugins/resolve/libstrongswan-resolve.la +@USE_ATTR_TRUE@am__append_142 = plugins/attr +@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_143 = plugins/attr/libstrongswan-attr.la +@USE_ATTR_SQL_TRUE@am__append_144 = plugins/attr_sql +@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_145 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -370,7 +368,7 @@ libcharon_la_DEPENDENCIES = \ $(am__append_127) $(am__append_129) $(am__append_131) \ $(am__append_133) $(am__append_135) $(am__append_137) \ $(am__append_139) $(am__append_141) $(am__append_143) \ - $(am__append_145) $(am__append_147) + $(am__append_145) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -747,16 +745,15 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \ plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \ plugins/p_cscf plugins/android_dns plugins/android_log \ - plugins/maemo plugins/ha plugins/kernel_pfkey \ - plugins/kernel_pfroute plugins/kernel_netlink \ - plugins/kernel_libipsec plugins/kernel_wfp plugins/kernel_iph \ - plugins/whitelist plugins/lookip plugins/error_notify \ - plugins/certexpire plugins/systime_fix plugins/led \ - plugins/duplicheck plugins/coupling plugins/radattr \ - plugins/uci plugins/addrblock plugins/unity \ - plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \ - plugins/xauth_noauth plugins/resolve plugins/attr \ - plugins/attr_sql tests + plugins/ha plugins/kernel_pfkey plugins/kernel_pfroute \ + plugins/kernel_netlink plugins/kernel_libipsec \ + plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \ + plugins/lookip plugins/error_notify plugins/certexpire \ + plugins/systime_fix plugins/led plugins/duplicheck \ + plugins/coupling plugins/radattr plugins/uci plugins/addrblock \ + plugins/unity plugins/xauth_generic plugins/xauth_eap \ + plugins/xauth_pam plugins/xauth_noauth plugins/resolve \ + plugins/attr plugins/attr_sql tests am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ @@ -923,7 +920,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -957,8 +953,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -1012,6 +1006,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -1159,8 +1155,7 @@ libcharon_la_LIBADD = \ $(am__append_123) $(am__append_125) $(am__append_127) \ $(am__append_129) $(am__append_131) $(am__append_133) \ $(am__append_135) $(am__append_137) $(am__append_139) \ - $(am__append_141) $(am__append_143) $(am__append_145) \ - $(am__append_147) + $(am__append_141) $(am__append_143) $(am__append_145) EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \ @MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \ @@ -1195,8 +1190,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_FALSE@ $(am__append_130) $(am__append_132) \ @MONOLITHIC_FALSE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \ -@MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_FALSE@ $(am__append_146) tests +@MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) tests # build optional plugins ######################## @@ -1233,8 +1227,7 @@ EXTRA_DIST = Android.mk @MONOLITHIC_TRUE@ $(am__append_130) $(am__append_132) \ @MONOLITHIC_TRUE@ $(am__append_134) $(am__append_136) \ @MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \ -@MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \ -@MONOLITHIC_TRUE@ $(am__append_146) . tests +@MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) . tests all: all-recursive .SUFFIXES: diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index e17d629d2..6b3cea880 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Tobias Brunner + * Copyright (C) 2011-2016 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -207,6 +207,24 @@ static inline void register_logger(private_bus_t *this, debug_t group, } } +/** + * Find the log level of the first registered logger that implements log or + * vlog (or both). + */ +static bool find_max_levels(log_entry_t *entry, debug_t *group, level_t *level, + level_t *vlevel) +{ + if (entry->logger->log && *level == LEVEL_SILENT) + { + *level = entry->levels[*group]; + } + if (entry->logger->vlog && *vlevel == LEVEL_SILENT) + { + *vlevel = entry->levels[*group]; + } + return *level > LEVEL_SILENT && *vlevel > LEVEL_SILENT; +} + /** * Unregister a logger from all log groups (destroys the log_entry_t) */ @@ -240,18 +258,8 @@ static inline void unregister_logger(private_bus_t *this, logger_t *logger) { loggers = this->loggers[group]; loggers->remove(loggers, found, NULL); - - if (loggers->get_first(loggers, (void**)&entry) == SUCCESS) - { - if (entry->logger->log) - { - level = entry->levels[group]; - } - if (entry->logger->vlog) - { - vlevel = entry->levels[group]; - } - } + loggers->find_first(loggers, (linked_list_match_t)find_max_levels, NULL, + &group, &level, &vlevel); set_level(&this->max_level[group], level); set_level(&this->max_vlevel[group], vlevel); } @@ -593,6 +601,38 @@ METHOD(bus_t, ike_keys, void, this->mutex->unlock(this->mutex); } +METHOD(bus_t, ike_derived_keys, void, + private_bus_t *this, chunk_t sk_ei, chunk_t sk_er, chunk_t sk_ai, + chunk_t sk_ar) +{ + enumerator_t *enumerator; + ike_sa_t *ike_sa; + entry_t *entry; + bool keep; + + ike_sa = this->thread_sa->get(this->thread_sa); + + this->mutex->lock(this->mutex); + enumerator = this->listeners->create_enumerator(this->listeners); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->calling || !entry->listener->ike_derived_keys) + { + continue; + } + entry->calling++; + keep = entry->listener->ike_derived_keys(entry->listener, ike_sa, sk_ei, + sk_er, sk_ai, sk_ar); + entry->calling--; + if (!keep) + { + unregister_listener(this, entry, enumerator); + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); +} + METHOD(bus_t, child_keys, void, private_bus_t *this, child_sa_t *child_sa, bool initiator, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r) @@ -625,6 +665,39 @@ METHOD(bus_t, child_keys, void, this->mutex->unlock(this->mutex); } +METHOD(bus_t, child_derived_keys, void, + private_bus_t *this, child_sa_t *child_sa, bool initiator, + chunk_t encr_i, chunk_t encr_r, chunk_t integ_i, chunk_t integ_r) +{ + enumerator_t *enumerator; + ike_sa_t *ike_sa; + entry_t *entry; + bool keep; + + ike_sa = this->thread_sa->get(this->thread_sa); + + this->mutex->lock(this->mutex); + enumerator = this->listeners->create_enumerator(this->listeners); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->calling || !entry->listener->child_derived_keys) + { + continue; + } + entry->calling++; + keep = entry->listener->child_derived_keys(entry->listener, ike_sa, + child_sa, initiator, encr_i, encr_r, + integ_i, integ_r); + entry->calling--; + if (!keep) + { + unregister_listener(this, entry, enumerator); + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); +} + METHOD(bus_t, child_updown, void, private_bus_t *this, child_sa_t *child_sa, bool up) { @@ -1061,7 +1134,9 @@ bus_t *bus_create() .child_state_change = _child_state_change, .message = _message, .ike_keys = _ike_keys, + .ike_derived_keys = _ike_derived_keys, .child_keys = _child_keys, + .child_derived_keys = _child_derived_keys, .ike_updown = _ike_updown, .ike_rekey = _ike_rekey, .ike_update = _ike_update, diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index 305cbe4ae..1e810a499 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2006-2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -349,8 +349,8 @@ struct bus_t { * @param ike_sa IKE_SA this keymat belongs to * @param dh diffie hellman shared secret * @param dh_other others DH public value (IKEv1 only) - * @param nonce_i initiators nonce - * @param nonce_r responders nonce + * @param nonce_i initiator's nonce + * @param nonce_r responder's nonce * @param rekey IKE_SA we are rekeying, if any (IKEv2 only) * @param shared shared key used for key derivation (IKEv1-PSK only) */ @@ -358,18 +358,43 @@ struct bus_t { chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey, shared_key_t *shared); + /** + * IKE_SA derived keys hook. + * + * @param sk_ei SK_ei, or Ka for IKEv1 + * @param sk_er SK_er + * @param sk_ai SK_ai, or SKEYID_a for IKEv1 + * @param sk_ar SK_ar + */ + void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er, + chunk_t sk_ai, chunk_t sk_ar); + /** * CHILD_SA keymat hook. * * @param child_sa CHILD_SA this keymat is used for * @param initiator initiator of the CREATE_CHILD_SA exchange * @param dh diffie hellman shared secret - * @param nonce_i initiators nonce - * @param nonce_r responders nonce + * @param nonce_i initiator's nonce + * @param nonce_r responder's nonce */ void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); + /** + * CHILD_SA derived keys hook. + * + * @param child_sa CHILD_SA these keys are used for + * @param initiator initiator of the CREATE_CHILD_SA exchange + * @param encr_i initiator's encryption key + * @param encr_o responder's encryption key + * @param integ_i initiator's integrity key + * @param integ_r responder's integrity key + */ + void (*child_derived_keys)(bus_t *this, child_sa_t *child_sa, + bool initiator, chunk_t encr_i, chunk_t encr_r, + chunk_t integ_i, chunk_t integ_r); + /** * IKE_SA up/down hook. * diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index be2726ede..be0dfbe21 100644 --- a/src/libcharon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Tobias Brunner + * Copyright (C) 2011-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -84,8 +84,8 @@ struct listener_t { * @param ike_sa IKE_SA this keymat belongs to * @param dh diffie hellman shared secret * @param dh_other others DH public value (IKEv1 only) - * @param nonce_i initiators nonce - * @param nonce_r responders nonce + * @param nonce_i initiator's nonce + * @param nonce_r responder's nonce * @param rekey IKE_SA we are rekeying, if any (IKEv2 only) * @param shared shared key used for key derivation (IKEv1-PSK only) * @return TRUE to stay registered, FALSE to unregister @@ -94,6 +94,18 @@ struct listener_t { chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey, shared_key_t *shared); + /** + * Hook called with derived IKE_SA keys. + * + * @param ike_sa IKE_SA these keys belong to + * @param sk_ei SK_ei, or Ka for IKEv1 + * @param sk_er SK_er + * @param sk_ai SK_ai, or SKEYID_a for IKEv1 + * @param sk_ar SK_ar + */ + bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei, + chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar); + /** * Hook called with CHILD_SA key material. * @@ -101,14 +113,30 @@ struct listener_t { * @param child_sa CHILD_SA this keymat is used for * @param initiator initiator of the CREATE_CHILD_SA exchange * @param dh diffie hellman shared secret - * @param nonce_i initiators nonce - * @param nonce_r responders nonce + * @param nonce_i initiator's nonce + * @param nonce_r responder's nonce * @return TRUE to stay registered, FALSE to unregister */ bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool initiator, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); + /** + * Hook called with derived CHILD_SA keys. + * + * @param ike_sa IKE_SA the child sa belongs to + * @param child_sa CHILD_SA these keys are used for + * @param initiator initiator of the CREATE_CHILD_SA exchange + * @param encr_i initiator's encryption key + * @param encr_o responder's encryption key + * @param integ_i initiator's integrity key + * @param integ_r responder's integrity key + */ + bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, bool initiator, + chunk_t encr_i, chunk_t encr_r, + chunk_t integ_i, chunk_t integ_r); + /** * Hook called if an IKE_SA gets up or down. * diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 76d7f2c58..6a9c342f4 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -153,6 +153,11 @@ struct private_child_cfg_t { */ bool install_policy; + /** + * Install outbound FWD policies + */ + bool fwd_out_policy; + /** * anti-replay window size */ @@ -564,6 +569,12 @@ METHOD(child_cfg_t, install_policy, bool, return this->install_policy; } +METHOD(child_cfg_t, install_fwd_out_policy, bool, + private_child_cfg_t *this) +{ + return this->fwd_out_policy; +} + #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) #define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) @@ -613,6 +624,7 @@ METHOD(child_cfg_t, equals, bool, this->replay_window == other->replay_window && this->proxy_mode == other->proxy_mode && this->install_policy == other->install_policy && + this->fwd_out_policy == other->fwd_out_policy && streq(this->updown, other->updown) && streq(this->interface, other->interface); } @@ -673,6 +685,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .set_replay_window = _set_replay_window, .use_proxy_mode = _use_proxy_mode, .install_policy = _install_policy, + .install_fwd_out_policy = _install_fwd_out_policy, .equals = _equals, .get_ref = _get_ref, .destroy = _destroy, @@ -695,6 +708,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .manual_prio = data->priority, .interface = strdupnull(data->interface), .install_policy = !data->suppress_policies, + .fwd_out_policy = data->fwd_out_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index e736b2737..b85bfd9bc 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -283,6 +283,14 @@ struct child_cfg_t { */ bool (*install_policy)(child_cfg_t *this); + /** + * Check whether outbound FWD IPsec policies should be installed. + * + * @return TRUE, if outbound FWD policies should be installed + * FALSE, otherwise + */ + bool (*install_fwd_out_policy)(child_cfg_t *this); + /** * Check if two child_cfg objects are equal. * @@ -346,6 +354,8 @@ struct child_cfg_create_t { bool hostaccess; /** Don't install IPsec policies */ bool suppress_policies; + /** Install outbound FWD IPsec policies to bypass drop policies */ + bool fwd_out_policies; }; /** diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 5655a3497..afcb772fe 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -256,7 +256,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, fragmentation_t fragmentation, uint8_t dscp); /** - * Determine the address family of the local or remtoe address(es). If multiple + * Determine the address family of the local or remote address(es). If multiple * families are configured AF_UNSPEC is returned. %any is ignored (%any4|6 are * not though). * diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index a83acec23..011c0b8b0 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -419,25 +419,41 @@ static const struct { {AUTH_AES_CMAC_96, PRF_AES128_CMAC }, }; +/** + * Remove all entries of the given transform type + */ +static void remove_transform(private_proposal_t *this, transform_type_t type) +{ + enumerator_t *e; + entry_t *entry; + + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == type) + { + array_remove_at(this->transforms, e); + } + } + e->destroy(e); +} + /** * Checks the proposal read from a string. */ -static void check_proposal(private_proposal_t *this) +static bool check_proposal(private_proposal_t *this) { enumerator_t *e; entry_t *entry; uint16_t alg, ks; - bool all_aead = TRUE; + bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE; int i; if (this->protocol == PROTO_IKE) { - e = create_enumerator(this, PSEUDO_RANDOM_FUNCTION); - if (!e->enumerate(e, &alg, &ks)) - { - /* No explicit PRF found. We assume the same algorithm as used - * for integrity checking */ - e->destroy(e); + if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) + { /* No explicit PRF found. We assume the same algorithm as used + * for integrity checking. */ e = create_enumerator(this, INTEGRITY_ALGORITHM); while (e->enumerate(e, &alg, &ks)) { @@ -451,8 +467,13 @@ static void check_proposal(private_proposal_t *this) } } } + e->destroy(e); + } + if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL)) + { + DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals"); + return FALSE; } - e->destroy(e); /* remove MODP_NONE from IKE proposal */ e = array_create_enumerator(this->transforms); while (e->enumerate(e, &entry)) @@ -463,48 +484,103 @@ static void check_proposal(private_proposal_t *this) } } e->destroy(e); + if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL)) + { + DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals"); + return FALSE; + } + } + else + { /* remove PRFs from ESP/AH proposals */ + remove_transform(this, PSEUDO_RANDOM_FUNCTION); } - if (this->protocol == PROTO_ESP) + if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP) { e = create_enumerator(this, ENCRYPTION_ALGORITHM); while (e->enumerate(e, &alg, &ks)) { - if (!encryption_algorithm_is_aead(alg)) + any_enc = TRUE; + if (encryption_algorithm_is_aead(alg)) { - all_aead = FALSE; - break; + any_aead = TRUE; + continue; } + all_aead = FALSE; } e->destroy(e); - if (all_aead) + if (!any_enc) + { + DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals", + protocol_id_names, this->protocol); + return FALSE; + } + else if (any_aead && !all_aead) { - /* if all encryption algorithms in the proposal are AEADs, + DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption " + "algorithms can't be contained in the same %N proposal", + protocol_id_names, this->protocol); + return FALSE; + } + else if (all_aead) + { /* if all encryption algorithms in the proposal are AEADs, * we MUST NOT propose any integrity algorithms */ - e = array_create_enumerator(this->transforms); - while (e->enumerate(e, &entry)) + remove_transform(this, INTEGRITY_ALGORITHM); + } + } + else + { /* AES-GMAC is parsed as encryption algorithm, so we map that to the + * proper integrity algorithm */ + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == ENCRYPTION_ALGORITHM) { - if (entry->type == INTEGRITY_ALGORITHM) + if (entry->alg == ENCR_NULL_AUTH_AES_GMAC) { - array_remove_at(this->transforms, e); + entry->type = INTEGRITY_ALGORITHM; + ks = entry->key_size; + entry->key_size = 0; + switch (ks) + { + case 128: + entry->alg = AUTH_AES_128_GMAC; + continue; + case 192: + entry->alg = AUTH_AES_192_GMAC; + continue; + case 256: + entry->alg = AUTH_AES_256_GMAC; + continue; + default: + break; + } } + /* remove all other encryption algorithms */ + array_remove_at(this->transforms, e); } - e->destroy(e); + } + e->destroy(e); + + if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL)) + { + DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH " + "proposals"); + return FALSE; } } if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP) { - e = create_enumerator(this, EXTENDED_SEQUENCE_NUMBERS); - if (!e->enumerate(e, NULL, NULL)) + if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL)) { /* ESN not specified, assume not supported */ add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); } - e->destroy(e); } array_compress(this->transforms); + return TRUE; } /** @@ -842,6 +918,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case NTRU_128_BIT: case NTRU_192_BIT: case NTRU_256_BIT: + case NH_128_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; default: @@ -999,13 +1076,11 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs } enumerator->destroy(enumerator); - if (failed) + if (failed || !check_proposal(this)) { destroy(this); return NULL; } - check_proposal(this); - return &this->public; } diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 1fd644203..50dab9e38 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -535,7 +535,7 @@ static payload_rule_t aggressive_i_rules[] = { {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {PLV1_ID, 0, 1, FALSE, FALSE}, - {PLV1_CERTIFICATE, 0, 1, TRUE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE}, {PLV1_SIGNATURE, 0, 1, TRUE, FALSE}, {PLV1_HASH, 0, 1, TRUE, FALSE}, {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, @@ -575,7 +575,7 @@ static payload_rule_t aggressive_r_rules[] = { {PLV1_NAT_D, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {PLV1_NAT_D_DRAFT_00_03, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {PLV1_ID, 0, 1, FALSE, FALSE}, - {PLV1_CERTIFICATE, 0, 1, FALSE, FALSE}, + {PLV1_CERTIFICATE, 0, MAX_CERT_PAYLOADS, FALSE, FALSE}, {PLV1_SIGNATURE, 0, 1, FALSE, FALSE}, {PLV1_HASH, 0, 1, FALSE, FALSE}, {PLV1_FRAGMENT, 0, 1, FALSE, TRUE}, diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 1a435a823..55641e145 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -1360,18 +1360,21 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); if (enumerator->enumerate(enumerator, &alg, &key_size)) { - transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); alg = get_ikev1_auth_from_alg(alg); - if (transid && alg) + if (alg) { - if (!transform) + transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); + if (!transform && transid) { transform = transform_substructure_create_type( PLV1_TRANSFORM_SUBSTRUCTURE, number, transid); } - transform->add_transform_attribute(transform, - transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, - TATTR_PH2_AUTH_ALGORITHM, alg)); + if (transform) + { + transform->add_transform_attribute(transform, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, + TATTR_PH2_AUTH_ALGORITHM, alg)); + } } } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 3b49a8582..7917d457e 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index 5f6ecbf14..3560d3634 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index bee30d9a9..9d3f2f532 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index 607fe3f87..4b900d1c0 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index d533a56b5..077e2f3a0 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index 31e786158..30873fa35 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index c312821aa..3c9ba8036 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index a71d75518..61dd852f5 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 843d05eae..856ebaadf 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index 5f035ba35..fd47162c7 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c index 790252682..d32794c99 100644 --- a/src/libcharon/plugins/dnscert/dnscert_cred.c +++ b/src/libcharon/plugins/dnscert/dnscert_cred.c @@ -70,6 +70,8 @@ typedef struct { enumerator_t *inner; /** response of the DNS resolver which contains the CERTs */ resolver_response_t *response; + /** most recently enumerated certificate */ + certificate_t *cert; } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, @@ -101,17 +103,17 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, /* Try to parse PEM certificate container. Both x509 and PGP should * presumably come as PEM encoded certs. */ certificate = cur_crt->get_certificate(cur_crt); - *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY, - BUILD_BLOB_PEM, certificate, - BUILD_END); - if (*cert == NULL) + DESTROY_IF(this->cert); + this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY, + BUILD_BLOB_PEM, certificate, + BUILD_END); + cur_crt->destroy(cur_crt); + if (!this->cert) { - DBG1(DBG_CFG, " unable to parse certificate, skipping", - cur_crt->get_cert_type(cur_crt)); - cur_crt->destroy(cur_crt); + DBG1(DBG_CFG, " unable to parse certificate, skipping"); continue; } - cur_crt->destroy(cur_crt); + *cert = this->cert; return TRUE; } return FALSE; @@ -120,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) { + DESTROY_IF(this->cert); this->inner->destroy(this->inner); this->response->destroy(this->response); free(this); diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index 9e3133b1d..866af82be 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -449,6 +446,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 8ac12c1f2..6ff71c2a3 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 7dc9003c9..eabe0b489 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index f81d54fc2..e6877f75e 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index f11d86051..a1ebc2bd0 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index e9755aa71..e2431feda 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 82ba96d26..2a4721814 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index c3b31cd9a..42c07956a 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 2a01a369f..23d9d1da8 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index 7f8348e06..d51d0d090 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -211,7 +211,7 @@ METHOD(tls_application_t, process, status_t, { DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N]", eap_code_short_names, code); - + in->destroy(in); /* if EAP_SUCCESS check if to continue phase2 with EAP-TNC */ return (this->phase2_result == EAP_SUCCESS && code == EAP_SUCCESS) ? start_phase2_tnc(this) : FAILED; @@ -250,6 +250,7 @@ METHOD(tls_application_t, process, status_t, { DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_IDENTITY); + in->destroy(in); return FAILED; } } @@ -258,6 +259,7 @@ METHOD(tls_application_t, process, status_t, { DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_IDENTITY); + in->destroy(in); return FAILED; } diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index cdba38cde..7d0614d46 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index f1b8adb71..ba20c085e 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 40ff9f245..5d93852da 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 354c7a12d..8d0cd71f7 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 4e3105ffd..60b7ef32b 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 2d5747e01..8608587da 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index a491899ac..4cf739e7c 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index c912f9ff4..d125c13a1 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index efef3af20..c32671a56 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index 6f39b8455..20a3dd88e 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index d3fd2a198..96c6a63e5 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -450,6 +447,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index c49c55fdb..1178d65b2 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 4674a78b4..f37ca65db 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index d29134f33..2f78e7749 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 420b8bdb7..2be7ee4a1 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 38a63ea02..971b72cc3 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index 6c041ce26..ff50d8a17 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -57,6 +57,8 @@ typedef struct { time_t notAfter; /* identity to which the IPSECKEY belongs */ identification_t *identity; + /** most recently enumerated certificate */ + certificate_t *cert; } cert_enumerator_t; METHOD(enumerator_t, cert_enumerator_enumerate, bool, @@ -91,28 +93,27 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_DNSKEY, key, BUILD_END); + cur_ipseckey->destroy(cur_ipseckey); if (!public) { DBG1(DBG_CFG, " failed to create public key from IPSECKEY"); - cur_ipseckey->destroy(cur_ipseckey); continue; } - - *cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_TRUSTED_PUBKEY, - BUILD_PUBLIC_KEY, public, - BUILD_SUBJECT, this->identity, - BUILD_NOT_BEFORE_TIME, this->notBefore, - BUILD_NOT_AFTER_TIME, this->notAfter, - BUILD_END); - if (*cert == NULL) + DESTROY_IF(this->cert); + this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, + BUILD_PUBLIC_KEY, public, + BUILD_SUBJECT, this->identity, + BUILD_NOT_BEFORE_TIME, this->notBefore, + BUILD_NOT_AFTER_TIME, this->notAfter, + BUILD_END); + public->destroy(public); + if (!this->cert) { DBG1(DBG_CFG, " failed to create certificate from IPSECKEY"); - cur_ipseckey->destroy(cur_ipseckey); - public->destroy(public); continue; } - cur_ipseckey->destroy(cur_ipseckey); + *cert = this->cert; return TRUE; } return FALSE; @@ -121,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool, METHOD(enumerator_t, cert_enumerator_destroy, void, cert_enumerator_t *this) { + DESTROY_IF(this->cert); this->inner->destroy(this->inner); this->response->destroy(this->response); free(this); diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index 19e7701c6..a2c8d22c3 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 9bfdb950f..011ec3f5a 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 2435dea92..b2df52a61 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -392,7 +392,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -426,8 +425,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -481,6 +478,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 9c2a7c315..f3846ec07 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1245,7 +1245,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, */ static void format_mark(char *buf, int buflen, mark_t mark) { - if (mark.value) + if (mark.value | mark.mask) { snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask); } @@ -1256,7 +1256,7 @@ static void format_mark(char *buf, int buflen, mark_t mark) */ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) { - if (mark.value) + if (mark.value | mark.mask) { struct xfrm_mark *xmrk; @@ -2528,6 +2528,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, id->dir, markstr, cur_priority, use_count); return SUCCESS; } + policy->reqid = assigned_sa->sa->cfg.reqid; if (this->policy_update) { @@ -2720,6 +2721,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return SUCCESS; } current->used_by->get_first(current->used_by, (void**)&mapping); + current->reqid = mapping->sa->cfg.reqid; DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, " "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir, @@ -3044,6 +3046,110 @@ METHOD(kernel_ipsec_t, destroy, void, free(this); } +/** + * Get the currently configured SPD hashing thresholds for an address family + */ +static bool get_spd_hash_thresh(private_kernel_netlink_ipsec_t *this, + int type, uint8_t *lbits, uint8_t *rbits) +{ + netlink_buf_t request; + struct nlmsghdr *hdr, *out; + struct xfrmu_spdhthresh *thresh; + struct rtattr *rta; + size_t len, rtasize; + bool success = FALSE; + + memset(&request, 0, sizeof(request)); + + hdr = &request.hdr; + hdr->nlmsg_flags = NLM_F_REQUEST; + hdr->nlmsg_type = XFRM_MSG_GETSPDINFO; + hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t)); + + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) + { + hdr = out; + while (NLMSG_OK(hdr, len)) + { + switch (hdr->nlmsg_type) + { + case XFRM_MSG_NEWSPDINFO: + { + rta = XFRM_RTA(hdr, uint32_t); + rtasize = XFRM_PAYLOAD(hdr, uint32_t); + while (RTA_OK(rta, rtasize)) + { + if (rta->rta_type == type && + RTA_PAYLOAD(rta) == sizeof(*thresh)) + { + thresh = RTA_DATA(rta); + *lbits = thresh->lbits; + *rbits = thresh->rbits; + success = TRUE; + break; + } + rta = RTA_NEXT(rta, rtasize); + } + break; + } + case NLMSG_ERROR: + { + struct nlmsgerr *err = NLMSG_DATA(hdr); + DBG1(DBG_KNL, "getting SPD hash threshold failed: %s (%d)", + strerror(-err->error), -err->error); + break; + } + default: + hdr = NLMSG_NEXT(hdr, len); + continue; + case NLMSG_DONE: + break; + } + break; + } + free(out); + } + return success; +} + +/** + * Configure SPD hashing threshold for an address family + */ +static void setup_spd_hash_thresh(private_kernel_netlink_ipsec_t *this, + char *key, int type, uint8_t def) +{ + struct xfrmu_spdhthresh *thresh; + struct nlmsghdr *hdr; + netlink_buf_t request; + uint8_t lbits, rbits; + + if (!get_spd_hash_thresh(this, type, &lbits, &rbits)) + { + return; + } + memset(&request, 0, sizeof(request)); + + hdr = &request.hdr; + hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + hdr->nlmsg_type = XFRM_MSG_NEWSPDINFO; + hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t)); + + thresh = netlink_reserve(hdr, sizeof(request), type, sizeof(*thresh)); + thresh->lbits = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.spdh_thresh.%s.lbits", + def, lib->ns, key); + thresh->rbits = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.spdh_thresh.%s.rbits", + def, lib->ns, key); + if (thresh->lbits != lbits || thresh->rbits != rbits) + { + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) + { + DBG1(DBG_KNL, "setting SPD hash threshold failed"); + } + } +} + /* * Described in header. */ @@ -3114,6 +3220,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() return NULL; } + setup_spd_hash_thresh(this, "ipv4", XFRMA_SPD_IPV4_HTHRESH, 32); + setup_spd_hash_thresh(this, "ipv6", XFRMA_SPD_IPV6_HTHRESH, 128); + if (register_for_events) { struct sockaddr_nl addr; diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index 93c2ccccb..0132f7269 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -701,6 +701,54 @@ static void addr_map_entry_remove(hashtable_t *map, addr_entry_t *addr, free(entry); } +/** + * Check if an address or net (addr with prefix net bits) is in + * subnet (net with net_len net bits) + */ +static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len) +{ + static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; + int byte = 0; + + if (net_len == 0) + { /* any address matches a /0 network */ + return TRUE; + } + if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len) + { + return FALSE; + } + /* scan through all bytes in network order */ + while (net_len > 0) + { + if (net_len < 8) + { + return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]); + } + else + { + if (addr.ptr[byte] != net.ptr[byte]) + { + return FALSE; + } + byte++; + net_len -= 8; + } + } + return TRUE; +} + +/** + * Check if the given address is in subnet (net with net_len net bits) + */ +static bool host_in_subnet(host_t *host, chunk_t net, int net_len) +{ + chunk_t addr; + + addr = host->get_address(host); + return addr_in_subnet(addr, addr.len * 8, net, net_len); +} + /** * Determine the type or scope of the given unicast IP address. This is not * the same thing returned in rtm_scope/ifa_scope. @@ -837,7 +885,8 @@ static bool is_address_better(private_kernel_netlink_net_t *this, } /** - * Get a non-virtual IP address on the given interface. + * Get a non-virtual IP address on the given interfaces and optionally in a + * given subnet. * * If a candidate address is given, we first search for that address and if not * found return the address as above. @@ -845,19 +894,21 @@ static bool is_address_better(private_kernel_netlink_net_t *this, * * this->lock must be held when calling this function. */ -static host_t *get_interface_address(private_kernel_netlink_net_t *this, - int ifindex, int family, host_t *dest, - host_t *candidate) +static host_t *get_matching_address(private_kernel_netlink_net_t *this, + int *ifindex, int family, chunk_t net, + uint8_t mask, host_t *dest, + host_t *candidate) { + enumerator_t *ifaces, *addrs; iface_entry_t *iface; - enumerator_t *addrs; addr_entry_t *addr, *best = NULL; + bool candidate_matched = FALSE; - if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, - (void**)&iface, &ifindex) == SUCCESS) + ifaces = this->ifaces->create_enumerator(this->ifaces); + while (ifaces->enumerate(ifaces, &iface)) { - if (iface->usable) - { /* only use interfaces not excluded by config */ + if (iface->usable && (!ifindex || iface->ifindex == *ifindex)) + { /* only use matching interfaces not excluded by config */ addrs = iface->addrs->create_enumerator(iface->addrs); while (addrs->enumerate(addrs, &addr)) { @@ -866,9 +917,14 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this, { /* ignore virtual IP addresses and ensure family matches */ continue; } + if (net.ptr && !host_in_subnet(addr->ip, net, mask)) + { /* optionally match a subnet */ + continue; + } if (candidate && candidate->ip_equals(candidate, addr->ip)) { /* stop if we find the candidate */ best = addr; + candidate_matched = TRUE; break; } else if (!best || is_address_better(this, best, addr, dest)) @@ -877,11 +933,49 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); + if (ifindex || candidate_matched) + { + break; + } } } + ifaces->destroy(ifaces); return best ? best->ip->clone(best->ip) : NULL; } +/** + * Get a non-virtual IP address on the given interface. + * + * If a candidate address is given, we first search for that address and if not + * found return the address as above. + * Returned host is a clone, has to be freed by caller. + * + * this->lock must be held when calling this function. + */ +static host_t *get_interface_address(private_kernel_netlink_net_t *this, + int ifindex, int family, host_t *dest, + host_t *candidate) +{ + return get_matching_address(this, &ifindex, family, chunk_empty, 0, dest, + candidate); +} + +/** + * Get a non-virtual IP address in the given subnet. + * + * If a candidate address is given, we first search for that address and if not + * found return the address as above. + * Returned host is a clone, has to be freed by caller. + * + * this->lock must be held when calling this function. + */ +static host_t *get_subnet_address(private_kernel_netlink_net_t *this, + int family, chunk_t net, uint8_t mask, + host_t *dest, host_t *candidate) +{ + return get_matching_address(this, NULL, family, net, mask, dest, candidate); +} + /** * callback function that raises the delayed roam event */ @@ -1527,52 +1621,17 @@ static char *get_interface_name_by_index(private_kernel_netlink_net_t *this, return name; } -/** - * check if an address or net (addr with prefix net bits) is in - * subnet (net with net_len net bits) - */ -static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len) -{ - static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; - int byte = 0; - - if (net_len == 0) - { /* any address matches a /0 network */ - return TRUE; - } - if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len) - { - return FALSE; - } - /* scan through all bytes in network order */ - while (net_len > 0) - { - if (net_len < 8) - { - return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]); - } - else - { - if (addr.ptr[byte] != net.ptr[byte]) - { - return FALSE; - } - byte++; - net_len -= 8; - } - } - return TRUE; -} - /** * Store information about a route retrieved via RTNETLINK */ typedef struct { chunk_t gtw; - chunk_t src; + chunk_t pref_src; chunk_t dst; + chunk_t src; host_t *src_host; uint8_t dst_len; + uint8_t src_len; uint32_t table; uint32_t oif; uint32_t priority; @@ -1626,9 +1685,11 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) if (route) { route->gtw = chunk_empty; - route->src = chunk_empty; + route->pref_src = chunk_empty; route->dst = chunk_empty; route->dst_len = msg->rtm_dst_len; + route->src = chunk_empty; + route->src_len = msg->rtm_src_len; route->table = msg->rtm_table; route->oif = 0; route->priority = 0; @@ -1637,6 +1698,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) { INIT(route, .dst_len = msg->rtm_dst_len, + .src_len = msg->rtm_src_len, .table = msg->rtm_table, ); } @@ -1646,7 +1708,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) switch (rta->rta_type) { case RTA_PREFSRC: - route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); + route->pref_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); break; case RTA_GATEWAY: route->gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); @@ -1654,6 +1716,9 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) case RTA_DST: route->dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); break; + case RTA_SRC: + route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)); + break; case RTA_OIF: if (RTA_PAYLOAD(rta) == sizeof(route->oif)) { @@ -1790,10 +1855,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, { /* route destination does not contain dest */ continue; } - if (route->src.ptr) + if (route->pref_src.ptr) { /* verify source address, if any */ host_t *src = host_create_from_chunk(msg->rtm_family, - route->src, 0); + route->pref_src, 0); if (src && is_known_vip(this, src)) { /* ignore routes installed by us */ src->destroy(src); @@ -1863,12 +1928,29 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, best = best ?: route; continue; } + if (route->src.ptr) + { /* no src, but a source selector, try to find a matching address */ + route->src_host = get_subnet_address(this, msg->rtm_family, + route->src, route->src_len, dest, + candidate); + if (route->src_host) + { /* we handle this address the same as the one above */ + if (!candidate || + candidate->ip_equals(candidate, route->src_host)) + { + best = route; + break; + } + best = best ?: route; + continue; + } + } if (route->oif) { /* no src, but an interface - get address from it */ route->src_host = get_interface_address(this, route->oif, msg->rtm_family, dest, candidate); if (route->src_host) - { /* we handle this address the same as the one above */ + { /* more of the same */ if (!candidate || candidate->ip_equals(candidate, route->src_host)) { @@ -1913,9 +1995,9 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, if (best || routes->get_first(routes, (void**)&best) == SUCCESS) { addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0); - if (iface && route->oif) + if (iface && best->oif) { - *iface = get_interface_name_by_index(this, route->oif); + *iface = get_interface_name_by_index(this, best->oif); } } if (!addr && !match_net) diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index 8866f13d4..d00e8b337 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index 1c3f49120..fb1520d90 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index e002b4f0d..2adb9244b 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -450,6 +447,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index e0c2cba50..857e62961 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 856bdd8aa..f5f3df654 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -363,7 +363,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -397,8 +396,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -452,6 +449,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index 69aa3792c..00258c3fa 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -359,7 +359,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -393,8 +392,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -448,6 +445,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am deleted file mode 100644 index 02c283f5b..000000000 --- a/src/libcharon/plugins/maemo/Makefile.am +++ /dev/null @@ -1,29 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libcharon - -AM_CFLAGS = \ - ${maemo_CFLAGS} \ - $(PLUGIN_CFLAGS) - -if MONOLITHIC -noinst_LTLIBRARIES = libstrongswan-maemo.la -else -plugin_LTLIBRARIES = libstrongswan-maemo.la -endif - -libstrongswan_maemo_la_SOURCES = \ - maemo_plugin.h maemo_plugin.c \ - maemo_service.h maemo_service.c - -libstrongswan_maemo_la_LDFLAGS = -module -avoid-version -libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} - -dbusservice_DATA = org.strongswan.charon.service - -org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in - $(AM_V_GEN) \ - sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ - -EXTRA_DIST = org.strongswan.charon.service.in -CLEANFILES = $(dbusservice_DATA) diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in deleted file mode 100644 index 78525bf6c..000000000 --- a/src/libcharon/plugins/maemo/Makefile.in +++ /dev/null @@ -1,830 +0,0 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2014 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/libcharon/plugins/maemo -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/split-package-version.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/m4/macros/add-plugin.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(plugindir)" \ - "$(DESTDIR)$(dbusservicedir)" -LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -am__DEPENDENCIES_1 = -libstrongswan_maemo_la_DEPENDENCIES = $(am__DEPENDENCIES_1) -am_libstrongswan_maemo_la_OBJECTS = maemo_plugin.lo maemo_service.lo -libstrongswan_maemo_la_OBJECTS = $(am_libstrongswan_maemo_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libstrongswan_maemo_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_maemo_la_LDFLAGS) \ - $(LDFLAGS) -o $@ -@MONOLITHIC_FALSE@am_libstrongswan_maemo_la_rpath = -rpath \ -@MONOLITHIC_FALSE@ $(plugindir) -@MONOLITHIC_TRUE@am_libstrongswan_maemo_la_rpath = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libstrongswan_maemo_la_SOURCES) -DIST_SOURCES = $(libstrongswan_maemo_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(dbusservice_DATA) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ATOMICLIB = @ATOMICLIB@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BFDLIB = @BFDLIB@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ -COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -EASY_INSTALL = @EASY_INSTALL@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GEM = @GEM@ -GENHTML = @GENHTML@ -GPERF = @GPERF@ -GPRBUILD = @GPRBUILD@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LCOV = @LCOV@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_LIB = @OPENSSL_LIB@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ -PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ -PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ -PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ -PTHREADLIB = @PTHREADLIB@ -PYTHON = @PYTHON@ -PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -PY_TEST = @PY_TEST@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYGEMDIR = @RUBYGEMDIR@ -RUBYINCLUDE = @RUBYINCLUDE@ -RUBYLIB = @RUBYLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -UNWINDLIB = @UNWINDLIB@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -aikgen_plugins = @aikgen_plugins@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -attest_plugins = @attest_plugins@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -c_plugins = @c_plugins@ -charon_natt_port = @charon_natt_port@ -charon_plugins = @charon_plugins@ -charon_udp_port = @charon_udp_port@ -clearsilver_LIBS = @clearsilver_LIBS@ -cmd_plugins = @cmd_plugins@ -datadir = @datadir@ -datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ -dev_headers = @dev_headers@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -fips_mode = @fips_mode@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -h_plugins = @h_plugins@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -imcvdir = @imcvdir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsec_script = @ipsec_script@ -ipsec_script_upper = @ipsec_script_upper@ -ipsecdir = @ipsecdir@ -ipsecgroup = @ipsecgroup@ -ipseclibdir = @ipseclibdir@ -ipsecuser = @ipsecuser@ -json_CFLAGS = @json_CFLAGS@ -json_LIBS = @json_LIBS@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libiptc_CFLAGS = @libiptc_CFLAGS@ -libiptc_LIBS = @libiptc_LIBS@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ -manager_plugins = @manager_plugins@ -mandir = @mandir@ -medsrv_plugins = @medsrv_plugins@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -nm_plugins = @nm_plugins@ -oldincludedir = @oldincludedir@ -pcsclite_CFLAGS = @pcsclite_CFLAGS@ -pcsclite_LIBS = @pcsclite_LIBS@ -pdfdir = @pdfdir@ -piddir = @piddir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -pki_plugins = @pki_plugins@ -plugindir = @plugindir@ -pool_plugins = @pool_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -runstatedir = @runstatedir@ -s_plugins = @s_plugins@ -sbindir = @sbindir@ -scepclient_plugins = @scepclient_plugins@ -scripts_plugins = @scripts_plugins@ -sharedstatedir = @sharedstatedir@ -soup_CFLAGS = @soup_CFLAGS@ -soup_LIBS = @soup_LIBS@ -srcdir = @srcdir@ -starter_plugins = @starter_plugins@ -strongswan_conf = @strongswan_conf@ -strongswan_options = @strongswan_options@ -swanctldir = @swanctldir@ -sysconfdir = @sysconfdir@ -systemd_CFLAGS = @systemd_CFLAGS@ -systemd_LIBS = @systemd_LIBS@ -systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ -systemd_daemon_LIBS = @systemd_daemon_LIBS@ -systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ -systemd_journal_LIBS = @systemd_journal_LIBS@ -systemdsystemunitdir = @systemdsystemunitdir@ -t_plugins = @t_plugins@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libcharon - -AM_CFLAGS = \ - ${maemo_CFLAGS} \ - $(PLUGIN_CFLAGS) - -@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-maemo.la -@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-maemo.la -libstrongswan_maemo_la_SOURCES = \ - maemo_plugin.h maemo_plugin.c \ - maemo_service.h maemo_service.c - -libstrongswan_maemo_la_LDFLAGS = -module -avoid-version -libstrongswan_maemo_la_LIBADD = ${maemo_LIBS} -dbusservice_DATA = org.strongswan.charon.service -EXTRA_DIST = org.strongswan.charon.service.in -CLEANFILES = $(dbusservice_DATA) -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ - } - -uninstall-pluginLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ - done - -clean-pluginLTLIBRARIES: - -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libstrongswan-maemo.la: $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_DEPENDENCIES) $(EXTRA_libstrongswan_maemo_la_DEPENDENCIES) - $(AM_V_CCLD)$(libstrongswan_maemo_la_LINK) $(am_libstrongswan_maemo_la_rpath) $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/maemo_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/maemo_service.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-dbusserviceDATA: $(dbusservice_DATA) - @$(NORMAL_INSTALL) - @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \ - done - -uninstall-dbusserviceDATA: - @$(NORMAL_UNINSTALL) - @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir) - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) -installdirs: - for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(dbusservicedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - clean-pluginLTLIBRARIES mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-dbusserviceDATA install-pluginLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dbusserviceDATA \ - install-dvi install-dvi-am install-exec install-exec-am \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am \ - install-pluginLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES - -.PRECIOUS: Makefile - - -org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in - $(AM_V_GEN) \ - sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@ - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/libcharon/plugins/maemo/maemo_plugin.c b/src/libcharon/plugins/maemo/maemo_plugin.c deleted file mode 100644 index ddf9cdb5b..000000000 --- a/src/libcharon/plugins/maemo/maemo_plugin.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "maemo_plugin.h" -#include "maemo_service.h" - -#include - -typedef struct private_maemo_plugin_t private_maemo_plugin_t; - -/** - * private data of maemo plugin - */ -struct private_maemo_plugin_t { - - /** - * implements plugin interface - */ - maemo_plugin_t public; - - /** - * service - */ - maemo_service_t *service; -}; - -METHOD(plugin_t, get_name, char*, - private_maemo_plugin_t *this) -{ - return "maemo"; -} - -METHOD(plugin_t, get_features, int, - private_maemo_plugin_t *this, plugin_feature_t *features[]) -{ - static plugin_feature_t f[] = { - PLUGIN_NOOP, - PLUGIN_PROVIDE(CUSTOM, "maemo"), - }; - *features = f; - return countof(f); -} - -METHOD(plugin_t, destroy, void, - private_maemo_plugin_t *this) -{ - this->service->destroy(this->service); - free(this); -} - -/* - * See header - */ -plugin_t *maemo_plugin_create() -{ - private_maemo_plugin_t *this; - - INIT(this, - .public = { - .plugin = { - .get_name = _get_name, - .get_features = _get_features, - .destroy = _destroy, - }, - }, - ); - - this->service = maemo_service_create(); - if (!this->service) - { - return NULL; - } - - return &this->public.plugin; -} diff --git a/src/libcharon/plugins/maemo/maemo_plugin.h b/src/libcharon/plugins/maemo/maemo_plugin.h deleted file mode 100644 index 23d139b49..000000000 --- a/src/libcharon/plugins/maemo/maemo_plugin.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup maemo maemo - * @ingroup cplugins - * - * @defgroup maemo_plugin maemo_plugin - * @{ @ingroup maemo - */ - -#ifndef MAEMO_PLUGIN_H_ -#define MAEMO_PLUGIN_H_ - -#include - -typedef struct maemo_plugin_t maemo_plugin_t; - -/** - * Maemo integration plugin. - */ -struct maemo_plugin_t { - - /** - * implements plugin interface - */ - plugin_t plugin; -}; - -#endif /** MAEMO_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c deleted file mode 100644 index 3e5861b87..000000000 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ /dev/null @@ -1,530 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include - -#include "maemo_service.h" - -#include -#include -#include - -#define OSSO_STATUS_NAME "status" -#define OSSO_STATUS_SERVICE "org.strongswan."OSSO_STATUS_NAME -#define OSSO_STATUS_OBJECT "/org/strongswan/"OSSO_STATUS_NAME -#define OSSO_STATUS_IFACE "org.strongswan."OSSO_STATUS_NAME - -#define OSSO_CHARON_NAME "charon" -#define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME -#define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME -#define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME - -#define MAEMO_COMMON_CA_DIR "/etc/certs/common-ca" -#define MAEMO_USER_CA_DIR "/home/user/.maemosec-certs/wifi-ca" -/* there is also an smime-ca and an ssl-ca sub-directory and the same for - * ...-user, which store end user/server certificates */ - -typedef enum { - VPN_STATUS_DISCONNECTED, - VPN_STATUS_CONNECTING, - VPN_STATUS_CONNECTED, - VPN_STATUS_AUTH_FAILED, - VPN_STATUS_CONNECTION_FAILED, -} vpn_status_t; - -typedef struct private_maemo_service_t private_maemo_service_t; - -/** - * private data of maemo service - */ -struct private_maemo_service_t { - - /** - * public interface - */ - maemo_service_t public; - - /** - * credentials - */ - mem_cred_t *creds; - - /** - * Glib main loop for a thread, handles DBUS calls - */ - GMainLoop *loop; - - /** - * Context for OSSO - */ - osso_context_t *context; - - /** - * Current IKE_SA - */ - ike_sa_t *ike_sa; - - /** - * Status of the current connection - */ - vpn_status_t status; - - /** - * Name of the current connection - */ - gchar *current; - -}; - -static gint change_status(private_maemo_service_t *this, int status) -{ - osso_rpc_t retval; - gint res; - this->status = status; - res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT, - OSSO_STATUS_IFACE, "StatusChanged", &retval, - DBUS_TYPE_INT32, status, - DBUS_TYPE_INVALID); - return res; -} - -METHOD(listener_t, ike_updown, bool, - private_maemo_service_t *this, ike_sa_t *ike_sa, bool up) -{ - /* this callback is only registered during initiation, so if the IKE_SA - * goes down we assume an authentication error */ - if (this->ike_sa == ike_sa && !up) - { - change_status(this, VPN_STATUS_AUTH_FAILED); - return FALSE; - } - return TRUE; -} - -METHOD(listener_t, ike_state_change, bool, - private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) -{ - /* this call back is only registered during initiation */ - if (this->ike_sa == ike_sa && state == IKE_DESTROYING) - { - change_status(this, VPN_STATUS_CONNECTION_FAILED); - return FALSE; - } - return TRUE; -} - -METHOD(listener_t, child_updown, bool, - private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, - bool up) -{ - if (this->ike_sa == ike_sa) - { - if (up) - { - /* disable hooks registered to catch initiation failures */ - this->public.listener.ike_updown = NULL; - this->public.listener.ike_state_change = NULL; - change_status(this, VPN_STATUS_CONNECTED); - } - else - { - change_status(this, VPN_STATUS_CONNECTION_FAILED); - return FALSE; - } - } - return TRUE; -} - -METHOD(listener_t, ike_rekey, bool, - private_maemo_service_t *this, ike_sa_t *old, ike_sa_t *new) -{ - if (this->ike_sa == old) - { - this->ike_sa = new; - } - return TRUE; -} - -/** - * load all CA certificates in the given directory - */ -static void load_ca_dir(private_maemo_service_t *this, char *dir) -{ - enumerator_t *enumerator; - char *rel, *abs; - struct stat st; - - enumerator = enumerator_create_directory(dir); - if (enumerator) - { - while (enumerator->enumerate(enumerator, &rel, &abs, &st)) - { - if (rel[0] != '.') - { - if (S_ISREG(st.st_mode)) - { - certificate_t *cert; - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_X509, BUILD_FROM_FILE, abs, - BUILD_END); - if (!cert) - { - DBG1(DBG_CFG, "loading CA certificate '%s' failed", - abs); - continue; - } - DBG2(DBG_CFG, "loaded CA certificate '%Y'", - cert->get_subject(cert)); - this->creds->add_cert(this->creds, TRUE, cert); - } - } - } - enumerator->destroy(enumerator); - } -} - -static void disconnect(private_maemo_service_t *this) -{ - ike_sa_t *ike_sa; - u_int id; - - if (!this->current) - { - return; - } - - /* avoid status updates, as this is called from the Glib main loop */ - charon->bus->remove_listener(charon->bus, &this->public.listener); - - ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager, - this->current, FALSE); - if (ike_sa) - { - id = ike_sa->get_unique_id(ike_sa); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - charon->controller->terminate_ike(charon->controller, id, - NULL, NULL, 0); - } - this->current = (g_free(this->current), NULL); - this->status = VPN_STATUS_DISCONNECTED; -} - -static gboolean initiate_connection(private_maemo_service_t *this, - GArray *arguments) -{ - gint i; - gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL; - identification_t *gateway = NULL, *user = NULL; - ike_sa_t *ike_sa; - ike_cfg_t *ike_cfg; - peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg; - traffic_selector_t *ts; - auth_cfg_t *auth; - certificate_t *cert; - peer_cfg_create_t peer = { - .cert_policy = CERT_SEND_IF_ASKED, - .unique = UNIQUE_REPLACE, - .keyingtries = 1, - .rekey_time = 36000, /* 10h */ - .jitter_time = 600, /* 10min */ - .over_time = 600, /* 10min */ - }; - child_cfg_create_t child = { - .lifetime = { - .time = { - .life = 10800, /* 3h */ - .rekey = 10200, /* 2h50min */ - .jitter = 300 /* 5min */ - }, - }, - .mode = MODE_TUNNEL, - }; - - if (this->status == VPN_STATUS_CONNECTED || - this->status == VPN_STATUS_CONNECTING) - { - DBG1(DBG_CFG, "currently connected to '%s', disconnecting first", - this->current); - disconnect (this); - } - - if (arguments->len != 5) - { - DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len); - return FALSE; - } - - for (i = 0; i < arguments->len; i++) - { - osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i); - if (arg->type != DBUS_TYPE_STRING) - { - DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type); - return FALSE; - } - switch (i) - { - case 0: /* name */ - this->current = (g_free(this->current), NULL); - this->current = g_strdup(arg->value.s); - break; - case 1: /* hostname */ - hostname = arg->value.s; - break; - case 2: /* CA certificate path */ - cacert = arg->value.s; - break; - case 3: /* username */ - username = arg->value.s; - break; - case 4: /* password */ - password = arg->value.s; - break; - } - } - - DBG1(DBG_CFG, "received initiate for connection '%s'", this->current); - - this->creds->clear(this->creds); - - if (cacert && !streq(cacert, "")) - { - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, cacert, BUILD_END); - if (cert) - { - this->creds->add_cert(this->creds, TRUE, cert); - } - else - { - DBG1(DBG_CFG, "failed to load CA certificate"); - } - /* if this is a server cert we could use the cert subject as id */ - } - else - { - load_ca_dir(this, MAEMO_COMMON_CA_DIR); - load_ca_dir(this, MAEMO_USER_CA_DIR); - } - - gateway = identification_create_from_string(hostname); - DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway); - - { - shared_key_t *shared_key; - chunk_t secret = chunk_create(password, strlen(password)); - user = identification_create_from_string(username); - shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret)); - this->creds->add_shared(this->creds, shared_key, user->clone(user), - NULL); - } - - ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", - charon->socket->get_port(charon->socket, FALSE), - hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); - ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - - peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer); - peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); - - auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - auth->add(auth, AUTH_RULE_IDENTITY, user); - peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); - auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); - auth->add(auth, AUTH_RULE_IDENTITY, gateway); - peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - - child_cfg = child_cfg_create(this->current, &child); - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); - child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); - ts = traffic_selector_create_dynamic(0, 0, 65535); - child_cfg->add_traffic_selector(child_cfg, TRUE, ts); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", - 0, "255.255.255.255", 65535); - child_cfg->add_traffic_selector(child_cfg, FALSE, ts); - peer_cfg->add_child_cfg(peer_cfg, child_cfg); - - /* get us an IKE_SA */ - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, - peer_cfg); - if (!ike_sa) - { - peer_cfg->destroy(peer_cfg); - this->status = VPN_STATUS_CONNECTION_FAILED; - return FALSE; - } - if (!ike_sa->get_peer_cfg(ike_sa)) - { - ike_sa->set_peer_cfg(ike_sa, peer_cfg); - } - peer_cfg->destroy(peer_cfg); - - /* store the IKE_SA, so we can track its progress */ - this->ike_sa = ike_sa; - this->status = VPN_STATUS_CONNECTING; - this->public.listener.ike_updown = _ike_updown; - this->public.listener.ike_state_change = _ike_state_change; - charon->bus->add_listener(charon->bus, &this->public.listener); - - /* get an additional reference because initiate consumes one */ - child_cfg->get_ref(child_cfg); - if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) - { - DBG1(DBG_CFG, "failed to initiate tunnel"); - charon->bus->remove_listener(charon->bus, &this->public.listener); - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, - ike_sa); - this->status = VPN_STATUS_CONNECTION_FAILED; - return FALSE; - } - charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); - return TRUE; -} - -/** - * Callback for libosso dbus wrapper - */ -static gint dbus_req_handler(const gchar *interface, const gchar *method, - GArray *arguments, private_maemo_service_t *this, - osso_rpc_t *retval) -{ - if (streq(method, "Start")) - { /* void start (void), dummy function to start charon as root */ - return OSSO_OK; - } - else if (streq(method, "Connect")) - { /* bool connect (name, host, cert, user, pass) */ - retval->value.b = initiate_connection(this, arguments); - retval->type = DBUS_TYPE_BOOLEAN; - } - else if (streq(method, "Disconnect")) - { /* void disconnect (void) */ - disconnect(this); - } - else - { - return OSSO_ERROR; - } - return OSSO_OK; -} - -/** - * Main loop to handle D-BUS messages. - */ -static job_requeue_t run(private_maemo_service_t *this) -{ - this->loop = g_main_loop_new(NULL, FALSE); - g_main_loop_run(this->loop); - return JOB_REQUEUE_NONE; -} - -/** - * Cancel the GLib Main Event Loop - */ -static bool cancel(private_maemo_service_t *this) -{ - if (this->loop) - { - if (g_main_loop_is_running(this->loop)) - { - g_main_loop_quit(this->loop); - } - g_main_loop_unref(this->loop); - } - return TRUE; -} - -METHOD(maemo_service_t, destroy, void, - private_maemo_service_t *this) -{ - if (this->context) - { - osso_rpc_unset_cb_f(this->context, - OSSO_CHARON_SERVICE, - OSSO_CHARON_OBJECT, - OSSO_CHARON_IFACE, - (osso_rpc_cb_f*)dbus_req_handler, - this); - osso_deinitialize(this->context); - } - charon->bus->remove_listener(charon->bus, &this->public.listener); - lib->credmgr->remove_set(lib->credmgr, &this->creds->set); - this->creds->destroy(this->creds); - this->current = (g_free(this->current), NULL); - free(this); -} - -/* - * See header - */ -maemo_service_t *maemo_service_create() -{ - osso_return_t result; - private_maemo_service_t *this; - - INIT(this, - .public = { - .listener = { - .ike_updown = _ike_updown, - .ike_state_change = _ike_state_change, - .child_updown = _child_updown, - .ike_rekey = _ike_rekey, - }, - .destroy = _destroy, - }, - .creds = mem_cred_create(), - ); - - lib->credmgr->add_set(lib->credmgr, &this->creds->set); - - this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL); - if (!this->context) - { - DBG1(DBG_CFG, "failed to initialize OSSO context"); - destroy(this); - return NULL; - } - - result = osso_rpc_set_cb_f(this->context, - OSSO_CHARON_SERVICE, - OSSO_CHARON_OBJECT, - OSSO_CHARON_IFACE, - (osso_rpc_cb_f*)dbus_req_handler, - this); - if (result != OSSO_OK) - { - DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result); - destroy(this); - return NULL; - } - - this->loop = NULL; - if (!g_thread_supported()) - { - g_thread_init(NULL); - } - - lib->processor->queue_job(lib->processor, - (job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this, - NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL)); - - return &this->public; -} diff --git a/src/libcharon/plugins/maemo/maemo_service.h b/src/libcharon/plugins/maemo/maemo_service.h deleted file mode 100644 index b0240cbaa..000000000 --- a/src/libcharon/plugins/maemo/maemo_service.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2010 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup maemo_service maemo_service - * @{ @ingroup maemo - */ - -#ifndef MAEMO_SERVICE_H_ -#define MAEMO_SERVICE_H_ - -#include - -typedef struct maemo_service_t maemo_service_t; - -/** - * Maemo connection management. - */ -struct maemo_service_t { - - /** - * Implements listener_t. - */ - listener_t listener; - - /** - * Destroy a maemo_service_t. - */ - void (*destroy)(maemo_service_t *this); -}; - -/** - * Create an instance of maemo_service_t. - */ -maemo_service_t *maemo_service_create(); - -#endif /** MAEMO_SERVICE_H_ @}*/ diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in b/src/libcharon/plugins/maemo/org.strongswan.charon.service.in deleted file mode 100644 index 8fa83af93..000000000 --- a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in +++ /dev/null @@ -1,4 +0,0 @@ -[D-BUS Service] -Name=org.strongswan.charon -Exec=/usr/bin/run-standalone.sh @LIBEXECDIR@/ipsec/charon -User=root diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index fe301a7d9..eb7efd282 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index d4154fea4..3dd849bf0 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index ec488defe..83850fcdf 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 67ab4bfe3..619bff10d 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index 9b7ab4c53..9d227a110 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 38b709ef0..53af31f20 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 72a168cb5..d08a6f468 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 112d8d218..dd1da8bc5 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 9f5f4a2e9..b6152afd7 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 1b6b9f64a..ed0af93fc 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index b9cae90ec..0a4000e23 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 9f63cb0b5..7eacc516a 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 929e6fc84..77911c7b0 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -562,7 +562,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, } } -METHOD(stroke_cred_t, cache_cert, void, +METHOD(credential_set_t, cache_cert, void, private_stroke_cred_t *this, certificate_t *cert) { if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl) @@ -575,10 +575,14 @@ METHOD(stroke_cred_t, cache_cert, void, { char buf[BUF_LEN]; chunk_t chunk, hex; + bool is_delta_crl; + + is_delta_crl = crl->is_delta_crl(crl, NULL); chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); - snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex.ptr); + snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr, + is_delta_crl ? "_delta" : ""); free(hex.ptr); if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk)) @@ -1497,6 +1501,10 @@ stroke_cred_t *stroke_cred_create(stroke_ca_t *ca) .ca = ca, ); + if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns)) + { + cachecrl(this, TRUE); + } lib->credmgr->add_set(lib->credmgr, &this->creds->set); lib->credmgr->add_set(lib->credmgr, &this->aacerts->set); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 6c5703a16..cec26579d 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -844,6 +844,7 @@ static void list_algs(FILE *out) integrity_algorithm_t integrity; hash_algorithm_t hash; pseudo_random_function_t prf; + ext_out_function_t xof; diffie_hellman_group_t group; rng_quality_t quality; const char *plugin_name; @@ -891,6 +892,14 @@ static void list_algs(FILE *out) print_alg(out, &len, pseudo_random_function_names, prf, plugin_name); } enumerator->destroy(enumerator); + fprintf(out, "\n xof: "); + len = 13; + enumerator = lib->crypto->create_xof_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &xof, &plugin_name)) + { + print_alg(out, &len, ext_out_function_names, xof, plugin_name); + } + enumerator->destroy(enumerator); fprintf(out, "\n dh-group: "); len = 13; enumerator = lib->crypto->create_dh_enumerator(lib->crypto); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 4f7483666..46de90ca6 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2011-2013 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 125e3c176..e219159cc 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index 0ea265e10..60618c051 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index f2398c3f4..2b6c34c33 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -446,6 +443,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 84eed9a45..2f79391f5 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index cfc1c5f4c..fc9bff75c 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 612535d85..a2dd067be 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am index ca9b49906..af0b65cd0 100644 --- a/src/libcharon/plugins/vici/Makefile.am +++ b/src/libcharon/plugins/vici/Makefile.am @@ -2,6 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/plugins/pubkey \ -I$(top_srcdir)/src/libcharon \ + -DSWANCTLDIR=\""${swanctldir}\"" \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index b943c09ce..ce1520424 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -449,7 +449,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -483,8 +482,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -538,6 +535,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -545,6 +544,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/plugins/pubkey \ -I$(top_srcdir)/src/libcharon \ + -DSWANCTLDIR=\""${swanctldir}\"" \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index cf5a85a8d..18a3ef7b5 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -481,6 +481,19 @@ Load a shared IKE PSK, EAP or XAuth secret into the daemon. errmsg = } +### flush-certs() ### + +Flushes the certificate cache. The optional type argument allows to flush +only certificates of a given type, e.g. all cached CRLs. + + { + type = + } => { + success = + errmsg = + } + ### clear-creds() ### Clear all loaded certificate, private key and shared key credentials. This diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index e32e9668c..523868c68 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -356,6 +353,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod index de374aa11..d19739709 100644 --- a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod +++ b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod @@ -560,6 +560,21 @@ print "----- unload-authority -----\n"; ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars)); print $res ? "ok\n" : "failed: $errmsg\n"; +=item flush_certs() + +flushes the volatile certificate cache. Optionally only a given certificate +type is flushed. + + my %vars = ( type => 'x509_crl' ); + my ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars)); + +=cut + +print "----- flush-certs -----\n"; +%vars = ( type => 'x509_crl' ); +($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + =item clear_creds() clears all loaded certificate, private key and shared key credentials. This diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm index 78197136a..5c09b14ed 100644 --- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm @@ -96,6 +96,10 @@ sub load_shared { return request_vars_res('load-shared', @_); } +sub flush_certs { + return request_vars_res('flush-certs', @_); +} + sub clear_creds { return request_res('clear-creds', @_); } diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 7d1c64267..4f1a91703 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -289,7 +289,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -323,8 +322,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -378,6 +375,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/python/vici/session.py b/src/libcharon/plugins/vici/python/vici/session.py index 66de8590a..5bd4b7c40 100644 --- a/src/libcharon/plugins/vici/python/vici/session.py +++ b/src/libcharon/plugins/vici/python/vici/session.py @@ -166,6 +166,17 @@ class Session(object): """ self.handler.request("load-shared", secret) + def flush_certs(self, filter=None): + """Flush the volatile certificate cache. + + Flush the certificate stored temporarily in the cache. The filter + allows to flush only a certain type of certificates, e.g. CRLs. + + :param filter: flush only certificates of a given type (optional) + :type filter: dict + """ + self.handler.request("flush-certs", filter) + def clear_creds(self): """Clear credentials loaded over vici. diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index aceb28adc..e176285a8 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -356,6 +353,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb index 018f50766..1a95fc3dd 100644 --- a/src/libcharon/plugins/vici/ruby/lib/vici.rb +++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb @@ -448,6 +448,12 @@ module Vici @transp.request("get-conns").root end + ## + # Flush credential cache. + def flush_certs((match = nil) + check_success(@transp.request("flush-certs", Message.new(match))) + end + ## # Clear all loaded credentials. def clear_creds() diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index d919e1d94..2110fd31d 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -437,6 +437,7 @@ typedef struct { linked_list_t *remote_ts; uint32_t replay_window; bool policies; + bool policies_fwd_out; child_cfg_create_t cfg; } child_data_t; @@ -462,6 +463,7 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp); DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode); DBG2(DBG_CFG, " policies = %u", data->policies); + DBG2(DBG_CFG, " policies_fwd_out = %u", data->policies_fwd_out); if (data->replay_window != REPLAY_UNDEFINED) { DBG2(DBG_CFG, " replay_window = %u", data->replay_window); @@ -503,7 +505,7 @@ static void free_child_data(child_data_t *data) */ static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v) { - char buf[128]; + char buf[BUF_LEN]; proposal_t *proposal; if (!vici_stringify(v, buf, sizeof(buf))) @@ -566,7 +568,7 @@ CALLBACK(parse_ah_proposal, bool, CALLBACK(parse_ts, bool, linked_list_t *out, chunk_t v) { - char buf[128], *protoport, *sep, *port = "", *end; + char buf[BUF_LEN], *protoport, *sep, *port = "", *end; traffic_selector_t *ts = NULL; struct protoent *protoent; struct servent *svc; @@ -720,7 +722,7 @@ typedef struct { */ static bool parse_map(enum_map_t *map, int count, int *out, chunk_t v) { - char buf[128]; + char buf[BUF_LEN]; int i; if (!vici_stringify(v, buf, sizeof(buf))) @@ -1051,7 +1053,7 @@ CALLBACK(parse_auth, bool, */ static bool parse_id(auth_cfg_t *cfg, auth_rule_t rule, chunk_t v) { - char buf[256]; + char buf[BUF_LEN]; if (!vici_stringify(v, buf, sizeof(buf))) { @@ -1330,31 +1332,32 @@ CALLBACK(child_kv, bool, child_data_t *child, vici_message_t *message, char *name, chunk_t value) { parse_rule_t rules[] = { - { "updown", parse_string, &child->cfg.updown }, - { "hostaccess", parse_bool, &child->cfg.hostaccess }, - { "mode", parse_mode, &child->cfg.mode }, - { "policies", parse_bool, &child->policies }, - { "replay_window", parse_uint32, &child->replay_window }, - { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, - { "life_time", parse_time, &child->cfg.lifetime.time.life }, - { "rand_time", parse_time, &child->cfg.lifetime.time.jitter }, - { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey }, - { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life }, - { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter }, - { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey }, - { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life }, - { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter }, - { "dpd_action", parse_action, &child->cfg.dpd_action }, - { "start_action", parse_action, &child->cfg.start_action }, - { "close_action", parse_action, &child->cfg.close_action }, - { "ipcomp", parse_bool, &child->cfg.ipcomp }, - { "inactivity", parse_time, &child->cfg.inactivity }, - { "reqid", parse_uint32, &child->cfg.reqid }, - { "mark_in", parse_mark, &child->cfg.mark_in }, - { "mark_out", parse_mark, &child->cfg.mark_out }, - { "tfc_padding", parse_tfc, &child->cfg.tfc }, - { "priority", parse_uint32, &child->cfg.priority }, - { "interface", parse_string, &child->cfg.interface }, + { "updown", parse_string, &child->cfg.updown }, + { "hostaccess", parse_bool, &child->cfg.hostaccess }, + { "mode", parse_mode, &child->cfg.mode }, + { "policies", parse_bool, &child->policies }, + { "policies_fwd_out", parse_bool, &child->policies_fwd_out }, + { "replay_window", parse_uint32, &child->replay_window }, + { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, + { "life_time", parse_time, &child->cfg.lifetime.time.life }, + { "rand_time", parse_time, &child->cfg.lifetime.time.jitter }, + { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey }, + { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life }, + { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter }, + { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey }, + { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life }, + { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter }, + { "dpd_action", parse_action, &child->cfg.dpd_action }, + { "start_action", parse_action, &child->cfg.start_action }, + { "close_action", parse_action, &child->cfg.close_action }, + { "ipcomp", parse_bool, &child->cfg.ipcomp }, + { "inactivity", parse_time, &child->cfg.inactivity }, + { "reqid", parse_uint32, &child->cfg.reqid }, + { "mark_in", parse_mark, &child->cfg.mark_in }, + { "mark_out", parse_mark, &child->cfg.mark_out }, + { "tfc_padding", parse_tfc, &child->cfg.tfc }, + { "priority", parse_uint32, &child->cfg.priority }, + { "interface", parse_string, &child->cfg.interface }, }; return parse_rules(rules, countof(rules), name, value, @@ -1537,6 +1540,7 @@ CALLBACK(children_sn, bool, } } child.cfg.suppress_policies = !child.policies; + child.cfg.fwd_out_policies = child.policies_fwd_out; check_lifetimes(&child.cfg.lifetime); @@ -1976,7 +1980,7 @@ CALLBACK(config_sn, bool, .send_cert = CERT_SEND_IF_ASKED, .version = IKE_ANY, .remote_port = IKEV2_UDP_PORT, - .fragmentation = FRAGMENTATION_NO, + .fragmentation = FRAGMENTATION_YES, .unique = UNIQUE_NO, .keyingtries = 1, .rekey_time = LFT_UNDEFINED, diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index 3411b7d6c..baf285fb8 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -2,7 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,8 +25,15 @@ #include #include +#include + typedef struct private_vici_cred_t private_vici_cred_t; +/** + * Directory for saved X.509 CRLs + */ +#define CRL_DIR SWANCTLDIR "/x509crl" + /** * Private data of an vici_cred_t object. */ @@ -46,8 +53,54 @@ struct private_vici_cred_t { * credentials */ mem_cred_t *creds; + + /** + * cache CRLs to disk? + */ + bool cachecrl; + }; +METHOD(credential_set_t, cache_cert, void, + private_vici_cred_t *this, certificate_t *cert) +{ + if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl) + { + /* CRLs get written to /etc/swanctl/x509crl/.crl */ + crl_t *crl = (crl_t*)cert; + + cert->get_ref(cert); + if (this->creds->add_crl(this->creds, crl)) + { + char buf[BUF_LEN]; + chunk_t chunk, hex; + bool is_delta_crl; + + is_delta_crl = crl->is_delta_crl(crl, NULL); + chunk = crl->get_authKeyIdentifier(crl); + hex = chunk_to_hex(chunk, NULL, FALSE); + snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr, + is_delta_crl ? "_delta" : ""); + free(hex.ptr); + + if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk)) + { + if (chunk_write(chunk, buf, 022, TRUE)) + { + DBG1(DBG_CFG, " written crl file '%s' (%d bytes)", + buf, chunk.len); + } + else + { + DBG1(DBG_CFG, " writing crl file '%s' failed: %s", + buf, strerror(errno)); + } + free(chunk.ptr); + } + } + } +} + /** * Create a (error) reply message */ @@ -287,6 +340,24 @@ CALLBACK(clear_creds, vici_message_t*, return create_reply(NULL); } +CALLBACK(flush_certs, vici_message_t*, + private_vici_cred_t *this, char *name, u_int id, vici_message_t *message) +{ + certificate_type_t type = CERT_ANY; + x509_flag_t flag = X509_NONE; + char *str; + + str = message->get_str(message, NULL, "type"); + if (str && !enum_from_name(certificate_type_names, str, &type) && + !vici_cert_info_from_str(str, &type, &flag)) + { + return create_reply("invalid certificate type '%s'", str); + } + lib->credmgr->flush_cache(lib->credmgr, type); + + return create_reply(NULL); +} + static void manage_command(private_vici_cred_t *this, char *name, vici_command_cb_t cb, bool reg) { @@ -300,6 +371,7 @@ static void manage_command(private_vici_cred_t *this, static void manage_commands(private_vici_cred_t *this, bool reg) { manage_command(this, "clear-creds", clear_creds, reg); + manage_command(this, "flush-certs", flush_certs, reg); manage_command(this, "load-cert", load_cert, reg); manage_command(this, "load-key", load_key, reg); manage_command(this, "load-shared", load_shared, reg); @@ -330,6 +402,13 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher) INIT(this, .public = { + .set = { + .create_private_enumerator = (void*)return_null, + .create_cert_enumerator = (void*)return_null, + .create_shared_enumerator = (void*)return_null, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)_cache_cert, + }, .add_cert = _add_cert, .destroy = _destroy, }, @@ -337,6 +416,11 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher) .creds = mem_cred_create(), ); + if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns)) + { + this->cachecrl = TRUE; + DBG1(DBG_CFG, "crl caching to %s enabled", CRL_DIR); + } lib->credmgr->add_set(lib->credmgr, &this->creds->set); manage_commands(this, TRUE); diff --git a/src/libcharon/plugins/vici/vici_cred.h b/src/libcharon/plugins/vici/vici_cred.h index 8359c0e88..6ce514786 100644 --- a/src/libcharon/plugins/vici/vici_cred.h +++ b/src/libcharon/plugins/vici/vici_cred.h @@ -2,6 +2,9 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -23,6 +26,8 @@ #include "vici_dispatcher.h" +#include + typedef struct vici_cred_t vici_cred_t; /** @@ -30,6 +35,11 @@ typedef struct vici_cred_t vici_cred_t; */ struct vici_cred_t { + /** + * Implements credential_set_t + */ + credential_set_t set; + /** * Add a certificate to the certificate store * diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c index ed7c743c7..136651261 100644 --- a/src/libcharon/plugins/vici/vici_plugin.c +++ b/src/libcharon/plugins/vici/vici_plugin.c @@ -2,7 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -130,6 +130,7 @@ static bool register_vici(private_vici_plugin_t *this, this->cred = vici_cred_create(this->dispatcher); this->authority = vici_authority_create(this->dispatcher, this->cred); + lib->credmgr->add_set(lib->credmgr, &this->cred->set); lib->credmgr->add_set(lib->credmgr, &this->authority->set); this->config = vici_config_create(this->dispatcher, this->authority, this->cred); @@ -158,6 +159,7 @@ static bool register_vici(private_vici_plugin_t *this, this->logger->destroy(this->logger); this->attrs->destroy(this->attrs); this->config->destroy(this->config); + lib->credmgr->remove_set(lib->credmgr, &this->cred->set); lib->credmgr->remove_set(lib->credmgr, &this->authority->set); this->authority->destroy(this->authority); this->cred->destroy(this->cred); diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 04cea004e..828b61927 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -1072,6 +1072,7 @@ CALLBACK(get_algorithms, vici_message_t*, integrity_algorithm_t integrity; hash_algorithm_t hash; pseudo_random_function_t prf; + ext_out_function_t xof; diffie_hellman_group_t group; rng_quality_t quality; const char *plugin_name; @@ -1123,6 +1124,15 @@ CALLBACK(get_algorithms, vici_message_t*, enumerator->destroy(enumerator); b->end_section(b); + b->begin_section(b, "xof"); + enumerator = lib->crypto->create_xof_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &xof, &plugin_name)) + { + add_algorithm(b, ext_out_function_names, xof, plugin_name); + } + enumerator->destroy(enumerator); + b->end_section(b); + b->begin_section(b, "dh"); enumerator = lib->crypto->create_dh_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &group, &plugin_name)) diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 47fcf91cd..2e7bf0213 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -449,6 +446,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 0e88f8e32..541bec94c 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index e20b46f57..50a6c8065 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index b8adbbf43..e2353a422 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index 79c466689..048e4d580 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 8a405d93c..e4364de12 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -111,11 +111,16 @@ struct private_child_sa_t { */ bool static_reqid; - /* + /** * Unique CHILD_SA identifier */ uint32_t unique_id; + /** + * Whether FWD policieis in the outbound direction should be installed + */ + bool policies_fwd_out; + /** * inbound mark used for this child_sa */ @@ -931,15 +936,19 @@ static status_t install_policies_internal(private_child_sa_t *this, * policies of two SAs we install them with reduced priority. As they * basically act as bypass policies for drop policies we use a higher * priority than is used for them. */ - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) + if (this->policies_fwd_out) { - out_policy.prio = POLICY_PRIORITY_ROUTED; + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + status |= charon->kernel->add_policy(charon->kernel, &out_id, + &out_policy); + /* reset the reqid for any other further policies */ + other_sa->reqid = this->reqid; } - status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); - /* reset the reqid for any other further policies */ - other_sa->reqid = this->reqid; } return status; } @@ -988,14 +997,17 @@ static void del_policies_internal(private_child_sa_t *this, in_id.dir = POLICY_FWD; charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) + if (this->policies_fwd_out) { - out_policy.prio = POLICY_PRIORITY_ROUTED; + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + other_sa->reqid = this->reqid; } - charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); - other_sa->reqid = this->reqid; } } @@ -1443,6 +1455,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .mark_in = config->get_mark(config, TRUE), .mark_out = config->get_mark(config, FALSE), .install_time = time_monotonic(NULL), + .policies_fwd_out = config->install_fwd_out_policy(config), ); this->config = config; diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 009277ddd..7b87918d3 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -921,6 +921,7 @@ METHOD(ike_sa_t, reset, void, this->ike_sa_id->is_initiator(this->ike_sa_id)); this->task_manager->reset(this->task_manager, 0, 0); + this->task_manager->queue_ike(this->task_manager); } METHOD(ike_sa_t, get_keymat, keymat_t*, @@ -1780,16 +1781,12 @@ METHOD(ike_sa_t, delete_, status_t, { switch (this->state) { - case IKE_REKEYING: - if (this->version == IKEV1) - { /* SA has been reauthenticated, delete */ - charon->bus->ike_updown(charon->bus, &this->public, FALSE); - break; - } - /* FALL */ case IKE_ESTABLISHED: - if (time_monotonic(NULL) >= this->stats[STAT_DELETE]) - { /* IKE_SA hard lifetime hit */ + case IKE_REKEYING: + if (time_monotonic(NULL) >= this->stats[STAT_DELETE] && + !(this->version == IKEV1 && this->state == IKE_REKEYING)) + { /* IKE_SA hard lifetime hit, ignored for reauthenticated + * IKEv1 SAs */ charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED); } this->task_manager->queue_ike_delete(this->task_manager); @@ -1831,7 +1828,6 @@ METHOD(ike_sa_t, reauth, status_t, DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]", get_name(this), this->unique_id); reset(this); - this->task_manager->queue_ike(this->task_manager); return this->task_manager->initiate(this->task_manager); } /* we can't reauthenticate as responder when we use EAP or virtual IPs. @@ -2335,7 +2331,6 @@ METHOD(ike_sa_t, retransmit, status_t, this->keyingtry + 1, tries); reset(this); resolve_hosts(this); - this->task_manager->queue_ike(this->task_manager); return this->task_manager->initiate(this->task_manager); } DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding"); @@ -2980,7 +2975,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .flush_auth_cfg = lib->settings->get_bool(lib->settings, "%s.flush_auth_cfg", FALSE, lib->ns), .fragment_size = lib->settings->get_int(lib->settings, - "%s.fragment_size", 0, lib->ns), + "%s.fragment_size", 1280, lib->ns), .follow_redirects = lib->settings->get_bool(lib->settings, "%s.follow_redirects", TRUE, lib->ns), ); diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index be6b03bef..d1d4cbd9b 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -74,11 +74,6 @@ struct private_keymat_v1_t { */ hasher_t *hasher; - /** - * Key used for authentication during main mode - */ - chunk_t skeyid; - /** * Key to derive key material from for non-ISAKMP SAs, rekeying */ @@ -269,12 +264,12 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf, * Create a simple implementation of the aead_t interface which only encrypts * or decrypts data. */ -static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) +static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e, + chunk_t *ka) { private_aead_t *this; uint16_t alg, key_size; crypter_t *crypter; - chunk_t ka; if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) @@ -292,17 +287,16 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) return NULL; } key_size = crypter->get_key_size(crypter); - if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, &ka)) + if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka)) { return NULL; } - DBG4(DBG_IKE, "encryption key Ka %B", &ka); - if (!crypter->set_key(crypter, ka)) + DBG4(DBG_IKE, "encryption key Ka %B", ka); + if (!crypter->set_key(crypter, *ka)) { - chunk_clear(&ka); + chunk_clear(ka); return NULL; } - chunk_clear(&ka); INIT(this, .aead = { @@ -392,7 +386,7 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, auth_method_t auth, shared_key_t *shared_key) { chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e; - chunk_t skeyid; + chunk_t skeyid, ka; uint16_t alg; spi_i = chunk_alloca(sizeof(uint64_t)); @@ -550,11 +544,14 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, } chunk_clear(&skeyid); - this->aead = create_aead(proposal, this->prf, skeyid_e); + this->aead = create_aead(proposal, this->prf, skeyid_e, &ka); if (!this->aead) { return FALSE; } + charon->bus->ike_derived_keys(charon->bus, ka, chunk_empty, this->skeyid_a, + chunk_empty); + chunk_clear(&ka); if (!this->hasher && !this->public.create_hasher(&this->public, proposal)) { return FALSE; diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index b0c4f5f84..3b0c1cfd1 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -515,13 +515,13 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } - if (activate_task(this, TASK_ISAKMP_DELETE)) + if (activate_task(this, TASK_QUICK_DELETE)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_QUICK_DELETE)) + if (activate_task(this, TASK_ISAKMP_DELETE)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; @@ -547,6 +547,14 @@ METHOD(task_manager_t, initiate, status_t, break; } break; + case IKE_REKEYING: + if (activate_task(this, TASK_ISAKMP_DELETE)) + { + exchange = INFORMATIONAL_V1; + new_mid = TRUE; + break; + } + break; default: break; } @@ -1181,7 +1189,7 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); - if (this->initiating.retransmitted) + if (this->initiating.retransmitted > 1) { packet_t *packet = NULL; array_get(this->initiating.packets, 0, &packet); @@ -1661,6 +1669,9 @@ METHOD(task_manager_t, queue_ike_delete, void, enumerator_t *enumerator; child_sa_t *child_sa; + /* cancel any currently active task to get the DELETE done quickly */ + flush_queue(this, TASK_QUEUE_ACTIVE); + enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (enumerator->enumerate(enumerator, &child_sa)) { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index f28b83e8a..dc86fc504 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -102,6 +102,7 @@ static struct { { "DPD", EXT_DPD, TRUE, 16, "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"}, + /* CISCO-UNITY, similar to DPD the last two bytes indicate the version */ { "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16, "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"}, @@ -190,6 +191,8 @@ static bool is_known_vid(chunk_t data, int i) break; case EXT_MS_WINDOWS: return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16); + case EXT_CISCO_UNITY: + return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14); default: return chunk_equals(data, chunk_create(vendor_ids[i].id, vendor_ids[i].len)); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index bbd1cb09f..6b896416a 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -348,10 +348,6 @@ static bool install(private_quick_mode_t *this) this->initiator, FALSE, FALSE, tsr, tsi); } } - chunk_clear(&integ_i); - chunk_clear(&integ_r); - chunk_clear(&encr_i); - chunk_clear(&encr_r); if (status_i != SUCCESS || status_o != SUCCESS) { @@ -361,22 +357,38 @@ static bool install(private_quick_mode_t *this) (status_o != SUCCESS) ? "outbound " : ""); tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); - return FALSE; - } - - if (this->initiator) - { - status = this->child_sa->add_policies(this->child_sa, tsi, tsr); + status = FAILED; } else { - status = this->child_sa->add_policies(this->child_sa, tsr, tsi); + if (this->initiator) + { + status = this->child_sa->add_policies(this->child_sa, tsi, tsr); + } + else + { + status = this->child_sa->add_policies(this->child_sa, tsr, tsi); + } + tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); + tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); + if (status != SUCCESS) + { + DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); + } + else + { + charon->bus->child_derived_keys(charon->bus, this->child_sa, + this->initiator, encr_i, encr_r, + integ_i, integ_r); + } } - tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy)); - tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy)); + chunk_clear(&integ_i); + chunk_clear(&integ_r); + chunk_clear(&encr_i); + chunk_clear(&encr_r); + if (status != SUCCESS) { - DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); return FALSE; } diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 6fd34e0a6..592f49770 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -161,8 +161,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, if (key_type == KEY_RSA) { signature_scheme_t schemes[] = { - SIGN_RSA_EMSA_PKCS1_SHA384, - SIGN_RSA_EMSA_PKCS1_SHA256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA1, }, contained; bool found; diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index e37399841..58efdbabe 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -103,7 +103,7 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, uint16_t key_size, prf_plus_t *prf_plus) { aead_t *aead_i, *aead_r; - chunk_t key = chunk_empty; + chunk_t sk_ei = chunk_empty, sk_er = chunk_empty; u_int salt_size; switch (alg) @@ -146,23 +146,22 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, { goto failure; } - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei)) { goto failure; } - DBG4(DBG_IKE, "Sk_ei secret %B", &key); - if (!aead_i->set_key(aead_i, key)) + DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); + if (!aead_i->set_key(aead_i, sk_ei)) { goto failure; } - chunk_clear(&key); - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er)) { goto failure; } - DBG4(DBG_IKE, "Sk_er secret %B", &key); - if (!aead_r->set_key(aead_r, key)) + DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); + if (!aead_r->set_key(aead_r, sk_er)) { goto failure; } @@ -178,11 +177,14 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, this->aead_out = aead_r; } aead_i = aead_r = NULL; + charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, chunk_empty, + chunk_empty); failure: DESTROY_IF(aead_i); DESTROY_IF(aead_r); - chunk_clear(&key); + chunk_clear(&sk_ei); + chunk_clear(&sk_er); return this->aead_in && this->aead_out; } @@ -196,7 +198,8 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, signer_t *signer_i, *signer_r; iv_gen_t *ivg_i, *ivg_r; size_t key_size; - chunk_t key = chunk_empty; + chunk_t sk_ei = chunk_empty, sk_er = chunk_empty, + sk_ai = chunk_empty, sk_ar = chunk_empty; signer_i = lib->crypto->create_signer(lib->crypto, int_alg); signer_r = lib->crypto->create_signer(lib->crypto, int_alg); @@ -220,48 +223,45 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, /* SK_ai/SK_ar used for integrity protection */ key_size = signer_i->get_key_size(signer_i); - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ai)) { goto failure; } - DBG4(DBG_IKE, "Sk_ai secret %B", &key); - if (!signer_i->set_key(signer_i, key)) + DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai); + if (!signer_i->set_key(signer_i, sk_ai)) { goto failure; } - chunk_clear(&key); - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ar)) { goto failure; } - DBG4(DBG_IKE, "Sk_ar secret %B", &key); - if (!signer_r->set_key(signer_r, key)) + DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar); + if (!signer_r->set_key(signer_r, sk_ar)) { goto failure; } - chunk_clear(&key); /* SK_ei/SK_er used for encryption */ key_size = crypter_i->get_key_size(crypter_i); - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei)) { goto failure; } - DBG4(DBG_IKE, "Sk_ei secret %B", &key); - if (!crypter_i->set_key(crypter_i, key)) + DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); + if (!crypter_i->set_key(crypter_i, sk_ei)) { goto failure; } - chunk_clear(&key); - if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er)) { goto failure; } - DBG4(DBG_IKE, "Sk_er secret %B", &key); - if (!crypter_r->set_key(crypter_r, key)) + DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); + if (!crypter_r->set_key(crypter_r, sk_er)) { goto failure; } @@ -284,9 +284,13 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, } signer_i = signer_r = NULL; crypter_i = crypter_r = NULL; + charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, sk_ai, sk_ar); failure: - chunk_clear(&key); + chunk_clear(&sk_ai); + chunk_clear(&sk_ar); + chunk_clear(&sk_ei); + chunk_clear(&sk_er); DESTROY_IF(signer_i); DESTROY_IF(signer_r); DESTROY_IF(crypter_i); diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index 41a4e1b75..60a262ffc 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -709,7 +709,7 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); - if (this->initiating.retransmitted) + if (this->initiating.retransmitted > 1) { packet_t *packet = NULL; array_get(this->initiating.packets, 0, &packet); @@ -1827,15 +1827,22 @@ METHOD(task_manager_t, queue_dpd, void, if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) && this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) { - /* use mobike enabled DPD to detect NAT mapping changes */ - mobike = ike_mobike_create(this->ike_sa, TRUE); - mobike->dpd(mobike); - queue_task(this, &mobike->task); - } - else - { - queue_task(this, (task_t*)ike_dpd_create(TRUE)); +#ifdef ME + peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa); + if (cfg->get_peer_id(cfg) || + this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) +#else + if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR)) +#endif + { + /* use mobike enabled DPD to detect NAT mapping changes */ + mobike = ike_mobike_create(this->ike_sa, TRUE); + mobike->dpd(mobike); + queue_task(this, &mobike->task); + return; + } } + queue_task(this, (task_t*)ike_dpd_create(TRUE)); } METHOD(task_manager_t, adopt_tasks, void, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 64a82850b..71cb6b8ea 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -666,10 +666,6 @@ static status_t select_and_install(private_child_create_t *this, FALSE, this->tfcv3, my_ts, other_ts); } } - chunk_clear(&integ_i); - chunk_clear(&integ_r); - chunk_clear(&encr_i); - chunk_clear(&encr_r); if (status_i != SUCCESS || status_o != SUCCESS) { @@ -679,41 +675,62 @@ static status_t select_and_install(private_child_create_t *this, (status_o != SUCCESS) ? "outbound " : ""); charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED, this->child_sa); - return FAILED; - } - - if (this->initiator) - { - status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts); + status = FAILED; } else { - /* use a copy of the traffic selectors, as the POST hook should not - * change payloads */ - my_ts = this->tsr->clone_offset(this->tsr, + if (this->initiator) + { + status = this->child_sa->add_policies(this->child_sa, + my_ts, other_ts); + } + else + { + /* use a copy of the traffic selectors, as the POST hook should not + * change payloads */ + my_ts = this->tsr->clone_offset(this->tsr, offsetof(traffic_selector_t, clone)); - other_ts = this->tsi->clone_offset(this->tsi, + other_ts = this->tsi->clone_offset(this->tsi, offsetof(traffic_selector_t, clone)); - charon->bus->narrow(charon->bus, this->child_sa, - NARROW_RESPONDER_POST, my_ts, other_ts); - if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0) + charon->bus->narrow(charon->bus, this->child_sa, + NARROW_RESPONDER_POST, my_ts, other_ts); + if (my_ts->get_count(my_ts) == 0 || + other_ts->get_count(other_ts) == 0) + { + status = FAILED; + } + else + { + status = this->child_sa->add_policies(this->child_sa, + my_ts, other_ts); + } + my_ts->destroy_offset(my_ts, + offsetof(traffic_selector_t, destroy)); + other_ts->destroy_offset(other_ts, + offsetof(traffic_selector_t, destroy)); + } + if (status != SUCCESS) { - status = FAILED; + DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); + charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED, + this->child_sa); + status = NOT_FOUND; } else { - status = this->child_sa->add_policies(this->child_sa, - my_ts, other_ts); + charon->bus->child_derived_keys(charon->bus, this->child_sa, + this->initiator, encr_i, encr_r, + integ_i, integ_r); } - my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); - other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); } + chunk_clear(&integ_i); + chunk_clear(&integ_r); + chunk_clear(&encr_i); + chunk_clear(&encr_r); + if (status != SUCCESS) { - DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); - charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED, - this->child_sa); - return NOT_FOUND; + return status; } charon->bus->child_keys(charon->bus, this->child_sa, this->initiator, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 801b6d8f3..d82e206b8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -457,6 +457,11 @@ static void process_payloads(private_ike_init_t *this, message_t *message) } enumerator->destroy(enumerator); + if (this->proposal) + { + this->ike_sa->set_proposal(this->ike_sa, this->proposal); + } + if (ke_payload && this->proposal && this->proposal->has_dh_group(this->proposal, this->dh_group)) { @@ -614,7 +619,6 @@ METHOD(task_t, build_r, status_t, message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return FAILED; } - this->ike_sa->set_proposal(this->ike_sa, this->proposal); /* check if we'd have to redirect the client */ if (!this->old_sa && @@ -651,6 +655,7 @@ METHOD(task_t, build_r, status_t, else { DBG1(DBG_IKE, "no acceptable proposal found"); + message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); } return FAILED; } @@ -849,7 +854,6 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "peers proposal selection invalid"); return FAILED; } - this->ike_sa->set_proposal(this->ike_sa, this->proposal); if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 7a0d34292..7b6beae24 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -374,7 +374,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -408,8 +407,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -463,6 +460,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c index e25e5434f..1ef13e978 100644 --- a/src/libcharon/tests/libcharon_tests.c +++ b/src/libcharon/tests/libcharon_tests.c @@ -32,6 +32,22 @@ static test_configuration_t tests[] = { { .suite = NULL, } }; +static void initialize_logging() +{ + int level = LEVEL_SILENT; + char *verbosity; + + verbosity = getenv("TESTS_VERBOSITY"); + if (verbosity) + { + level = atoi(verbosity); + } + lib->settings->set_int(lib->settings, "%s.filelog.stderr.default", + lib->settings->get_int(lib->settings, "%s.filelog.stderr.default", + level, lib->ns), lib->ns); + charon->load_loggers(charon, NULL, TRUE); +} + static bool test_runner_init(bool init) { if (init) @@ -39,6 +55,7 @@ static bool test_runner_init(bool init) char *plugins, *plugindir; libcharon_init(); + initialize_logging(); plugins = getenv("TESTS_PLUGINS") ?: lib->settings->get_str(lib->settings, diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c index a6226f68f..19f4cd1e1 100644 --- a/src/libcharon/tests/suites/test_proposal.c +++ b/src/libcharon/tests/suites/test_proposal.c @@ -18,38 +18,100 @@ #include static struct { + protocol_id_t proto; + char *proposal; + char *expected; +} create_data[] = { + { PROTO_IKE, "", NULL }, + { PROTO_IKE, "sha256", NULL }, + { PROTO_IKE, "sha256-modp3072", NULL }, + { PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128", NULL }, + { PROTO_IKE, "aes128-sha256", NULL }, + { PROTO_IKE, "aes128-sha256-modpnone", NULL }, + { PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-modp3072", NULL }, + { PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" }, + { PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL }, + { PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "", NULL }, + { PROTO_ESP, "sha256", NULL }, + { PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" }, + { PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" }, + { PROTO_AH, "", NULL }, + { PROTO_AH, "aes128", NULL }, + { PROTO_AH, "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" }, + { PROTO_AH, "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" }, + { PROTO_AH, "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" }, +}; + +START_TEST(test_create_from_string) +{ + proposal_t *proposal; + char str[BUF_LEN]; + + proposal = proposal_create_from_string(create_data[_i].proto, + create_data[_i].proposal); + if (!create_data[_i].expected) + { + ck_assert(!proposal); + return; + } + snprintf(str, sizeof(str), "%P", proposal); + ck_assert_str_eq(create_data[_i].expected, str); + proposal->destroy(proposal); +} +END_TEST + +static struct { + protocol_id_t proto; char *self; char *other; char *expected; } select_data[] = { - { "aes128", "aes128", "aes128" }, - { "aes128", "aes256", NULL }, - { "aes128-aes256", "aes256-aes128", "aes128" }, - { "aes256-aes128", "aes128-aes256", "aes256" }, - { "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, - { "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, - { "aes128-sha256-modp3072", "aes128-sha256", NULL }, - { "aes128-sha256", "aes128-sha256-modp3072", NULL }, - { "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, - { "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, - { "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, - { "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, - { "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, + { PROTO_ESP, "aes128", "aes128", "aes128" }, + { PROTO_ESP, "aes128", "aes256", NULL }, + { PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" }, + { PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" }, + { PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, + { PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, + { PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, + { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, + { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, + { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, }; START_TEST(test_select) { proposal_t *self, *other, *selected, *expected; - self = proposal_create_from_string(PROTO_ESP, + self = proposal_create_from_string(select_data[_i].proto, select_data[_i].self); - other = proposal_create_from_string(PROTO_ESP, + other = proposal_create_from_string(select_data[_i].proto, select_data[_i].other); selected = self->select(self, other, FALSE); if (select_data[_i].expected) { - expected = proposal_create_from_string(PROTO_ESP, + expected = proposal_create_from_string(select_data[_i].proto, select_data[_i].expected); ck_assert(selected); ck_assert_msg(expected->equals(expected, selected), "proposal %P does " @@ -73,6 +135,10 @@ Suite *proposal_suite_create() s = suite_create("proposal"); + tc = tcase_create("create_from_string"); + tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data)); + suite_add_tcase(s, tc); + tc = tcase_create("select"); tcase_add_loop_test(tc, test_select, 0, countof(select_data)); suite_add_tcase(s, tc); diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 4c489db65..79a9d74fa 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index 7983b7758..4e5be546c 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -525,7 +525,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -559,8 +558,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -614,6 +611,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 6f88e173a..fb0db91ee 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -496,6 +496,18 @@ INSERT INTO products ( /* 83 */ 'Debian 8.5 x86_64' ); +INSERT INTO products ( /* 84 */ + name +) VALUES ( + 'Debian 8.6 i686' +); + +INSERT INTO products ( /* 85 */ + name +) VALUES ( + 'Debian 8.6 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -1090,6 +1102,12 @@ INSERT INTO groups_product_defaults ( 5, 83 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 5, 85 +); + INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index d2b8168b9..f5c73ef6b 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 44aaf878b..ffc571009 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -437,6 +434,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index 93d532db2..4d6eff5a8 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -437,6 +434,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 44d827945..7e18b3cb5 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -438,6 +435,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 5eec53129..f97a7ba6d 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 508f7fe4b..95acd4bd8 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -437,6 +434,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index 61b92e0e4..2be4e15d5 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -362,7 +362,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -396,8 +395,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -451,6 +448,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index 4fdbbf49c..1c3d0acdc 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -437,6 +434,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index d2997a940..b1195592e 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index ffca30cd9..22eb4ae4c 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index aea48e7af..21bbe4a49 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 30fa3c7a9..a32a465ea 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -438,6 +435,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 2ba949e40..d771d07ed 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this) DBG1(DBG_PTS, "AIK Blob is not available"); } - /* get AIK public key */ - if (key_path) + /* get AIK public key if no AIK certificate is available */ + if (!this->aik_cert) { - map = chunk_map(key_path, FALSE); - if (map) + if (key_path) { - DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); - aik_pubkey = chunk_clone(*map); - chunk_unmap(map); + map = chunk_map(key_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); + aik_pubkey = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", + key_path, strerror(errno)); + } } else { - DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", - key_path, strerror(errno)); + DBG1(DBG_PTS, "AIK public key is not available"); } } - else - { - DBG1(DBG_PTS, "AIK public key is not available"); - } /* Load AIK item into TPM 1.2 object */ tpm_12 = (tpm_tss_trousers_t *)this->tpm; @@ -716,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool, scheme = SIGN_RSA_EMSA_PKCS1_SHA1; break; case HASH_SHA256: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256; break; case HASH_SHA384: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384; break; case HASH_SHA512: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512; + break; + case HASH_SHA3_256: + scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256; + break; + case HASH_SHA3_384: + scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384; + break; + case HASH_SHA3_512: + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512; break; default: scheme = SIGN_UNKNOWN; diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index 19a2577b7..ea73c6036 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -390,7 +390,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -424,8 +423,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -479,6 +476,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index db73e1fe0..0c1d858ce 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -435,6 +432,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index a4d4b332b..14e4a6b53 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index f5a5d1231..8106295a3 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -435,6 +432,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index a7bc8e321..ea053a37a 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -438,6 +435,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index da5f34e87..0e8f7f3c8 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -16,7 +16,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ crypto/iv/iv_gen_null.c \ -crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ +crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 9be93f1f8..52ae7c675 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -14,7 +14,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ crypto/iv/iv_gen_null.c \ -crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ +crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ @@ -75,7 +75,7 @@ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ -crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \ +crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ credentials/credential_factory.h credentials/builder.h \ credentials/cred_encoding.h credentials/keys/private_key.h \ credentials/keys/public_key.h credentials/keys/shared_key.h \ @@ -220,16 +220,22 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/ $(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \ $(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@ - -# build plugins with their own Makefile -####################################### - if MONOLITHIC SUBDIRS = else SUBDIRS = . endif +# build libnttfft used by some plugins +###################################### + +if USE_LIBNTTFFT + SUBDIRS += math/libnttfft +endif + +# build plugins with their own Makefile +####################################### + if USE_AF_ALG SUBDIRS += plugins/af_alg if MONOLITHIC @@ -580,6 +586,13 @@ if MONOLITHIC endif endif +if USE_MGF1 + SUBDIRS += plugins/mgf1 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la +endif +endif + if USE_NTRU SUBDIRS += plugins/ntru if MONOLITHIC @@ -594,6 +607,13 @@ if MONOLITHIC endif endif +if USE_NEWHOPE + SUBDIRS += plugins/newhope +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/newhope/libstrongswan-newhope.la +endif +endif + if USE_TEST_VECTORS SUBDIRS += plugins/test_vectors if MONOLITHIC @@ -604,7 +624,20 @@ endif if MONOLITHIC SUBDIRS += . endif + +# build unit tests +################## + SUBDIRS += tests + +if USE_LIBNTTFFT + SUBDIRS += math/libnttfft/tests +endif + if USE_BLISS SUBDIRS += plugins/bliss/tests endif + +if USE_NEWHOPE + SUBDIRS += plugins/newhope/tests +endif diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index d1b65bdb2..3eec96689 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -123,113 +123,126 @@ host_triplet = @host@ @USE_BUILTIN_PRINTF_TRUE@am__append_15 = -lm @USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE@am__append_16 = utils/printf_hook/printf_hook_glibc.c @USE_LIBCAP_TRUE@am__append_17 = -lcap -@USE_AF_ALG_TRUE@am__append_18 = plugins/af_alg -@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg/libstrongswan-af-alg.la -@USE_AES_TRUE@am__append_20 = plugins/aes -@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_21 = plugins/aes/libstrongswan-aes.la -@USE_DES_TRUE@am__append_22 = plugins/des -@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_23 = plugins/des/libstrongswan-des.la -@USE_BLOWFISH_TRUE@am__append_24 = plugins/blowfish -@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish/libstrongswan-blowfish.la -@USE_RC2_TRUE@am__append_26 = plugins/rc2 -@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_27 = plugins/rc2/libstrongswan-rc2.la -@USE_MD4_TRUE@am__append_28 = plugins/md4 -@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_29 = plugins/md4/libstrongswan-md4.la -@USE_MD5_TRUE@am__append_30 = plugins/md5 -@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_31 = plugins/md5/libstrongswan-md5.la -@USE_SHA1_TRUE@am__append_32 = plugins/sha1 -@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_33 = plugins/sha1/libstrongswan-sha1.la -@USE_SHA2_TRUE@am__append_34 = plugins/sha2 -@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_35 = plugins/sha2/libstrongswan-sha2.la -@USE_SHA3_TRUE@am__append_36 = plugins/sha3 -@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_37 = plugins/sha3/libstrongswan-sha3.la -@USE_GMP_TRUE@am__append_38 = plugins/gmp -@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_39 = plugins/gmp/libstrongswan-gmp.la -@USE_RDRAND_TRUE@am__append_40 = plugins/rdrand -@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand/libstrongswan-rdrand.la -@USE_AESNI_TRUE@am__append_42 = plugins/aesni -@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_43 = plugins/aesni/libstrongswan-aesni.la -@USE_RANDOM_TRUE@am__append_44 = plugins/random -@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_45 = plugins/random/libstrongswan-random.la -@USE_NONCE_TRUE@am__append_46 = plugins/nonce -@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_47 = plugins/nonce/libstrongswan-nonce.la -@USE_HMAC_TRUE@am__append_48 = plugins/hmac -@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_49 = plugins/hmac/libstrongswan-hmac.la -@USE_CMAC_TRUE@am__append_50 = plugins/cmac -@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_51 = plugins/cmac/libstrongswan-cmac.la -@USE_XCBC_TRUE@am__append_52 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_53 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_54 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_55 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_56 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation/libstrongswan-revocation.la -@USE_CONSTRAINTS_TRUE@am__append_58 = plugins/constraints -@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints/libstrongswan-constraints.la -@USE_ACERT_TRUE@am__append_60 = plugins/acert -@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_61 = plugins/acert/libstrongswan-acert.la -@USE_PUBKEY_TRUE@am__append_62 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_64 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PKCS7_TRUE@am__append_66 = plugins/pkcs7 -@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7/libstrongswan-pkcs7.la -@USE_PKCS8_TRUE@am__append_68 = plugins/pkcs8 -@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8/libstrongswan-pkcs8.la -@USE_PKCS12_TRUE@am__append_70 = plugins/pkcs12 -@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12/libstrongswan-pkcs12.la -@USE_PGP_TRUE@am__append_72 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_73 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_74 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey/libstrongswan-dnskey.la -@USE_SSHKEY_TRUE@am__append_76 = plugins/sshkey -@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey/libstrongswan-sshkey.la -@USE_PEM_TRUE@am__append_78 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_79 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_80 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_81 = plugins/curl/libstrongswan-curl.la -@USE_FILES_TRUE@am__append_82 = plugins/files -@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_83 = plugins/files/libstrongswan-files.la -@USE_WINHTTP_TRUE@am__append_84 = plugins/winhttp -@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp/libstrongswan-winhttp.la -@USE_UNBOUND_TRUE@am__append_86 = plugins/unbound -@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound/libstrongswan-unbound.la -@USE_SOUP_TRUE@am__append_88 = plugins/soup -@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_89 = plugins/soup/libstrongswan-soup.la -@USE_LDAP_TRUE@am__append_90 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_91 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_92 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_93 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_94 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_96 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_98 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_100 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_102 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_104 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_105 = plugins/agent/libstrongswan-agent.la -@USE_KEYCHAIN_TRUE@am__append_106 = plugins/keychain -@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain/libstrongswan-keychain.la -@USE_PKCS11_TRUE@am__append_108 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CHAPOLY_TRUE@am__append_110 = plugins/chapoly -@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly/libstrongswan-chapoly.la -@USE_CTR_TRUE@am__append_112 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_113 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_114 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_115 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_116 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_117 = plugins/gcm/libstrongswan-gcm.la -@USE_NTRU_TRUE@am__append_118 = plugins/ntru -@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_119 = plugins/ntru/libstrongswan-ntru.la -@USE_BLISS_TRUE@am__append_120 = plugins/bliss -@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_121 = plugins/bliss/libstrongswan-bliss.la -@USE_TEST_VECTORS_TRUE@am__append_122 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la -@USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests + +# build libnttfft used by some plugins +###################################### +@USE_LIBNTTFFT_TRUE@am__append_18 = math/libnttfft + +# build plugins with their own Makefile +####################################### +@USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg +@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_20 = plugins/af_alg/libstrongswan-af-alg.la +@USE_AES_TRUE@am__append_21 = plugins/aes +@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_22 = plugins/aes/libstrongswan-aes.la +@USE_DES_TRUE@am__append_23 = plugins/des +@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_24 = plugins/des/libstrongswan-des.la +@USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish +@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_26 = plugins/blowfish/libstrongswan-blowfish.la +@USE_RC2_TRUE@am__append_27 = plugins/rc2 +@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_28 = plugins/rc2/libstrongswan-rc2.la +@USE_MD4_TRUE@am__append_29 = plugins/md4 +@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_30 = plugins/md4/libstrongswan-md4.la +@USE_MD5_TRUE@am__append_31 = plugins/md5 +@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_32 = plugins/md5/libstrongswan-md5.la +@USE_SHA1_TRUE@am__append_33 = plugins/sha1 +@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_34 = plugins/sha1/libstrongswan-sha1.la +@USE_SHA2_TRUE@am__append_35 = plugins/sha2 +@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_36 = plugins/sha2/libstrongswan-sha2.la +@USE_SHA3_TRUE@am__append_37 = plugins/sha3 +@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_38 = plugins/sha3/libstrongswan-sha3.la +@USE_GMP_TRUE@am__append_39 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_40 = plugins/gmp/libstrongswan-gmp.la +@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand +@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_42 = plugins/rdrand/libstrongswan-rdrand.la +@USE_AESNI_TRUE@am__append_43 = plugins/aesni +@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_44 = plugins/aesni/libstrongswan-aesni.la +@USE_RANDOM_TRUE@am__append_45 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_46 = plugins/random/libstrongswan-random.la +@USE_NONCE_TRUE@am__append_47 = plugins/nonce +@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_48 = plugins/nonce/libstrongswan-nonce.la +@USE_HMAC_TRUE@am__append_49 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_50 = plugins/hmac/libstrongswan-hmac.la +@USE_CMAC_TRUE@am__append_51 = plugins/cmac +@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_52 = plugins/cmac/libstrongswan-cmac.la +@USE_XCBC_TRUE@am__append_53 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_54 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_55 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_56 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_58 = plugins/revocation/libstrongswan-revocation.la +@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints +@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_60 = plugins/constraints/libstrongswan-constraints.la +@USE_ACERT_TRUE@am__append_61 = plugins/acert +@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_62 = plugins/acert/libstrongswan-acert.la +@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_64 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_66 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7 +@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_68 = plugins/pkcs7/libstrongswan-pkcs7.la +@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8 +@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_70 = plugins/pkcs8/libstrongswan-pkcs8.la +@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12 +@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_72 = plugins/pkcs12/libstrongswan-pkcs12.la +@USE_PGP_TRUE@am__append_73 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_74 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_76 = plugins/dnskey/libstrongswan-dnskey.la +@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey +@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_78 = plugins/sshkey/libstrongswan-sshkey.la +@USE_PEM_TRUE@am__append_79 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_80 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_81 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_82 = plugins/curl/libstrongswan-curl.la +@USE_FILES_TRUE@am__append_83 = plugins/files +@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_84 = plugins/files/libstrongswan-files.la +@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp +@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_86 = plugins/winhttp/libstrongswan-winhttp.la +@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound +@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_88 = plugins/unbound/libstrongswan-unbound.la +@USE_SOUP_TRUE@am__append_89 = plugins/soup +@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_90 = plugins/soup/libstrongswan-soup.la +@USE_LDAP_TRUE@am__append_91 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_92 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_93 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_94 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_96 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_98 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_100 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_102 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_104 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_105 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_106 = plugins/agent/libstrongswan-agent.la +@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain +@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_108 = plugins/keychain/libstrongswan-keychain.la +@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_110 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly +@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_112 = plugins/chapoly/libstrongswan-chapoly.la +@USE_CTR_TRUE@am__append_113 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_114 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_115 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_116 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_117 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_118 = plugins/gcm/libstrongswan-gcm.la +@USE_MGF1_TRUE@am__append_119 = plugins/mgf1 +@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_120 = plugins/mgf1/libstrongswan-mgf1.la +@USE_NTRU_TRUE@am__append_121 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_122 = plugins/ntru/libstrongswan-ntru.la +@USE_BLISS_TRUE@am__append_123 = plugins/bliss +@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_124 = plugins/bliss/libstrongswan-bliss.la +@USE_NEWHOPE_TRUE@am__append_125 = plugins/newhope +@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_126 = plugins/newhope/libstrongswan-newhope.la +@USE_TEST_VECTORS_TRUE@am__append_127 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_128 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_LIBNTTFFT_TRUE@am__append_129 = math/libnttfft/tests +@USE_BLISS_TRUE@am__append_130 = plugins/bliss/tests +@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope/tests subdir = src/libstrongswan ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -289,25 +302,25 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \ - $(am__append_21) $(am__append_23) $(am__append_25) \ - $(am__append_27) $(am__append_29) $(am__append_31) \ - $(am__append_33) $(am__append_35) $(am__append_37) \ - $(am__append_39) $(am__append_41) $(am__append_43) \ - $(am__append_45) $(am__append_47) $(am__append_49) \ - $(am__append_51) $(am__append_53) $(am__append_55) \ - $(am__append_57) $(am__append_59) $(am__append_61) \ - $(am__append_63) $(am__append_65) $(am__append_67) \ - $(am__append_69) $(am__append_71) $(am__append_73) \ - $(am__append_75) $(am__append_77) $(am__append_79) \ - $(am__append_81) $(am__append_83) $(am__append_85) \ - $(am__append_87) $(am__append_89) $(am__append_91) \ - $(am__append_93) $(am__append_95) $(am__append_97) \ - $(am__append_99) $(am__append_101) $(am__append_103) \ - $(am__append_105) $(am__append_107) $(am__append_109) \ - $(am__append_111) $(am__append_113) $(am__append_115) \ - $(am__append_117) $(am__append_119) $(am__append_121) \ - $(am__append_123) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_20) \ + $(am__append_22) $(am__append_24) $(am__append_26) \ + $(am__append_28) $(am__append_30) $(am__append_32) \ + $(am__append_34) $(am__append_36) $(am__append_38) \ + $(am__append_40) $(am__append_42) $(am__append_44) \ + $(am__append_46) $(am__append_48) $(am__append_50) \ + $(am__append_52) $(am__append_54) $(am__append_56) \ + $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_64) $(am__append_66) $(am__append_68) \ + $(am__append_70) $(am__append_72) $(am__append_74) \ + $(am__append_76) $(am__append_78) $(am__append_80) \ + $(am__append_82) $(am__append_84) $(am__append_86) \ + $(am__append_88) $(am__append_90) $(am__append_92) \ + $(am__append_94) $(am__append_96) $(am__append_98) \ + $(am__append_100) $(am__append_102) $(am__append_104) \ + $(am__append_106) $(am__append_108) $(am__append_110) \ + $(am__append_112) $(am__append_114) $(am__append_116) \ + $(am__append_118) $(am__append_120) $(am__append_122) \ + $(am__append_124) $(am__append_126) $(am__append_128) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -323,7 +336,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \ crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \ crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \ - crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ + crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ @@ -409,8 +422,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \ crypto/crypto_tester.lo crypto/diffie_hellman.lo \ crypto/aead.lo crypto/transform.lo crypto/iv/iv_gen.lo \ crypto/iv/iv_gen_rand.lo crypto/iv/iv_gen_seq.lo \ - crypto/iv/iv_gen_null.lo crypto/mgf1/mgf1.lo \ - crypto/mgf1/mgf1_bitspender.lo \ + crypto/iv/iv_gen_null.lo crypto/xofs/xof.lo \ + crypto/xofs/xof_bitspender.lo \ credentials/credential_factory.lo credentials/builder.lo \ credentials/cred_encoding.lo credentials/keys/private_key.lo \ credentials/keys/public_key.lo credentials/keys/shared_key.lo \ @@ -539,11 +552,11 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ crypto/crypto_tester.h crypto/diffie_hellman.h crypto/aead.h \ crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \ - crypto/iv/iv_gen_null.h crypto/mgf1/mgf1.h \ - crypto/mgf1/mgf1_bitspender.h credentials/credential_factory.h \ - credentials/builder.h credentials/cred_encoding.h \ - credentials/keys/private_key.h credentials/keys/public_key.h \ - credentials/keys/shared_key.h \ + crypto/iv/iv_gen_null.h crypto/xofs/xof.h \ + crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ + credentials/credential_factory.h credentials/builder.h \ + credentials/cred_encoding.h credentials/keys/private_key.h \ + credentials/keys/public_key.h credentials/keys/shared_key.h \ credentials/certificates/certificate.h \ credentials/certificates/x509.h credentials/certificates/ac.h \ credentials/certificates/crl.h \ @@ -625,7 +638,7 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ +DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/rc2 plugins/md4 plugins/md5 \ plugins/sha1 plugins/sha2 plugins/sha3 plugins/gmp \ plugins/rdrand plugins/aesni plugins/random plugins/nonce \ @@ -638,8 +651,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \ plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \ plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \ - plugins/ntru plugins/bliss plugins/test_vectors tests \ - plugins/bliss/tests + plugins/mgf1 plugins/ntru plugins/bliss plugins/newhope \ + plugins/test_vectors tests math/libnttfft/tests \ + plugins/bliss/tests plugins/newhope/tests am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ $(top_srcdir)/ylwrap settings/settings_lexer.c \ settings/settings_parser.c settings/settings_parser.h @@ -808,7 +822,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -842,8 +855,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -897,6 +908,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -915,7 +928,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \ crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \ crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \ - crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ + crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ @@ -976,7 +989,7 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ @USE_DEV_HEADERS_TRUE@crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ @USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ -@USE_DEV_HEADERS_TRUE@crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \ +@USE_DEV_HEADERS_TRUE@crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ @USE_DEV_HEADERS_TRUE@credentials/credential_factory.h credentials/builder.h \ @USE_DEV_HEADERS_TRUE@credentials/cred_encoding.h credentials/keys/private_key.h \ @USE_DEV_HEADERS_TRUE@credentials/keys/public_key.h credentials/keys/shared_key.h \ @@ -1021,25 +1034,25 @@ settings/settings_types.h libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \ $(am__append_4) $(am__append_5) $(am__append_13) \ - $(am__append_15) $(am__append_17) $(am__append_19) \ - $(am__append_21) $(am__append_23) $(am__append_25) \ - $(am__append_27) $(am__append_29) $(am__append_31) \ - $(am__append_33) $(am__append_35) $(am__append_37) \ - $(am__append_39) $(am__append_41) $(am__append_43) \ - $(am__append_45) $(am__append_47) $(am__append_49) \ - $(am__append_51) $(am__append_53) $(am__append_55) \ - $(am__append_57) $(am__append_59) $(am__append_61) \ - $(am__append_63) $(am__append_65) $(am__append_67) \ - $(am__append_69) $(am__append_71) $(am__append_73) \ - $(am__append_75) $(am__append_77) $(am__append_79) \ - $(am__append_81) $(am__append_83) $(am__append_85) \ - $(am__append_87) $(am__append_89) $(am__append_91) \ - $(am__append_93) $(am__append_95) $(am__append_97) \ - $(am__append_99) $(am__append_101) $(am__append_103) \ - $(am__append_105) $(am__append_107) $(am__append_109) \ - $(am__append_111) $(am__append_113) $(am__append_115) \ - $(am__append_117) $(am__append_119) $(am__append_121) \ - $(am__append_123) + $(am__append_15) $(am__append_17) $(am__append_20) \ + $(am__append_22) $(am__append_24) $(am__append_26) \ + $(am__append_28) $(am__append_30) $(am__append_32) \ + $(am__append_34) $(am__append_36) $(am__append_38) \ + $(am__append_40) $(am__append_42) $(am__append_44) \ + $(am__append_46) $(am__append_48) $(am__append_50) \ + $(am__append_52) $(am__append_54) $(am__append_56) \ + $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_64) $(am__append_66) $(am__append_68) \ + $(am__append_70) $(am__append_72) $(am__append_74) \ + $(am__append_76) $(am__append_78) $(am__append_80) \ + $(am__append_82) $(am__append_84) $(am__append_86) \ + $(am__append_88) $(am__append_90) $(am__append_92) \ + $(am__append_94) $(am__append_96) $(am__append_98) \ + $(am__append_100) $(am__append_102) $(am__append_104) \ + $(am__append_106) $(am__append_108) $(am__append_110) \ + $(am__append_112) $(am__append_114) $(am__append_116) \ + $(am__append_118) $(am__append_120) $(am__append_122) \ + $(am__append_124) $(am__append_126) $(am__append_128) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1066,63 +1079,72 @@ MAINTAINERCLEANFILES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ $(srcdir)/crypto/proposal/proposal_keywords_static.c -@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_20) \ -@MONOLITHIC_FALSE@ $(am__append_22) $(am__append_24) \ -@MONOLITHIC_FALSE@ $(am__append_26) $(am__append_28) \ -@MONOLITHIC_FALSE@ $(am__append_30) $(am__append_32) \ -@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \ -@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \ -@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \ -@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \ -@MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \ -@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_60) \ -@MONOLITHIC_FALSE@ $(am__append_62) $(am__append_64) \ -@MONOLITHIC_FALSE@ $(am__append_66) $(am__append_68) \ -@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_72) \ -@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \ -@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \ -@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \ -@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \ -@MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \ -@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \ -@MONOLITHIC_FALSE@ $(am__append_98) $(am__append_100) \ -@MONOLITHIC_FALSE@ $(am__append_102) $(am__append_104) \ -@MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \ -@MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \ -@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \ -@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \ -@MONOLITHIC_FALSE@ $(am__append_122) tests $(am__append_124) -# build plugins with their own Makefile -####################################### -@MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_20) \ -@MONOLITHIC_TRUE@ $(am__append_22) $(am__append_24) \ -@MONOLITHIC_TRUE@ $(am__append_26) $(am__append_28) \ -@MONOLITHIC_TRUE@ $(am__append_30) $(am__append_32) \ -@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \ -@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \ -@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \ -@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \ -@MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \ -@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \ -@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_60) \ -@MONOLITHIC_TRUE@ $(am__append_62) $(am__append_64) \ -@MONOLITHIC_TRUE@ $(am__append_66) $(am__append_68) \ -@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_72) \ -@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \ -@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \ -@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \ -@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \ -@MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \ -@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \ -@MONOLITHIC_TRUE@ $(am__append_98) $(am__append_100) \ -@MONOLITHIC_TRUE@ $(am__append_102) $(am__append_104) \ -@MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \ -@MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \ -@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \ -@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \ -@MONOLITHIC_TRUE@ $(am__append_122) . tests $(am__append_124) +# build unit tests +################## +@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_19) \ +@MONOLITHIC_FALSE@ $(am__append_21) $(am__append_23) \ +@MONOLITHIC_FALSE@ $(am__append_25) $(am__append_27) \ +@MONOLITHIC_FALSE@ $(am__append_29) $(am__append_31) \ +@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_35) \ +@MONOLITHIC_FALSE@ $(am__append_37) $(am__append_39) \ +@MONOLITHIC_FALSE@ $(am__append_41) $(am__append_43) \ +@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_47) \ +@MONOLITHIC_FALSE@ $(am__append_49) $(am__append_51) \ +@MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \ +@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_59) \ +@MONOLITHIC_FALSE@ $(am__append_61) $(am__append_63) \ +@MONOLITHIC_FALSE@ $(am__append_65) $(am__append_67) \ +@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \ +@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \ +@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \ +@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \ +@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_87) \ +@MONOLITHIC_FALSE@ $(am__append_89) $(am__append_91) \ +@MONOLITHIC_FALSE@ $(am__append_93) $(am__append_95) \ +@MONOLITHIC_FALSE@ $(am__append_97) $(am__append_99) \ +@MONOLITHIC_FALSE@ $(am__append_101) $(am__append_103) \ +@MONOLITHIC_FALSE@ $(am__append_105) $(am__append_107) \ +@MONOLITHIC_FALSE@ $(am__append_109) $(am__append_111) \ +@MONOLITHIC_FALSE@ $(am__append_113) $(am__append_115) \ +@MONOLITHIC_FALSE@ $(am__append_117) $(am__append_119) \ +@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \ +@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) tests \ +@MONOLITHIC_FALSE@ $(am__append_129) $(am__append_130) \ +@MONOLITHIC_FALSE@ $(am__append_131) + +# build unit tests +################## +@MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_19) \ +@MONOLITHIC_TRUE@ $(am__append_21) $(am__append_23) \ +@MONOLITHIC_TRUE@ $(am__append_25) $(am__append_27) \ +@MONOLITHIC_TRUE@ $(am__append_29) $(am__append_31) \ +@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_35) \ +@MONOLITHIC_TRUE@ $(am__append_37) $(am__append_39) \ +@MONOLITHIC_TRUE@ $(am__append_41) $(am__append_43) \ +@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_47) \ +@MONOLITHIC_TRUE@ $(am__append_49) $(am__append_51) \ +@MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \ +@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_59) \ +@MONOLITHIC_TRUE@ $(am__append_61) $(am__append_63) \ +@MONOLITHIC_TRUE@ $(am__append_65) $(am__append_67) \ +@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \ +@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \ +@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \ +@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \ +@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_87) \ +@MONOLITHIC_TRUE@ $(am__append_89) $(am__append_91) \ +@MONOLITHIC_TRUE@ $(am__append_93) $(am__append_95) \ +@MONOLITHIC_TRUE@ $(am__append_97) $(am__append_99) \ +@MONOLITHIC_TRUE@ $(am__append_101) $(am__append_103) \ +@MONOLITHIC_TRUE@ $(am__append_105) $(am__append_107) \ +@MONOLITHIC_TRUE@ $(am__append_109) $(am__append_111) \ +@MONOLITHIC_TRUE@ $(am__append_113) $(am__append_115) \ +@MONOLITHIC_TRUE@ $(am__append_117) $(am__append_119) \ +@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \ +@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) . tests \ +@MONOLITHIC_TRUE@ $(am__append_129) $(am__append_130) \ +@MONOLITHIC_TRUE@ $(am__append_131) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1317,16 +1339,16 @@ crypto/iv/iv_gen_seq.lo: crypto/iv/$(am__dirstamp) \ crypto/iv/$(DEPDIR)/$(am__dirstamp) crypto/iv/iv_gen_null.lo: crypto/iv/$(am__dirstamp) \ crypto/iv/$(DEPDIR)/$(am__dirstamp) -crypto/mgf1/$(am__dirstamp): - @$(MKDIR_P) crypto/mgf1 - @: > crypto/mgf1/$(am__dirstamp) -crypto/mgf1/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) crypto/mgf1/$(DEPDIR) - @: > crypto/mgf1/$(DEPDIR)/$(am__dirstamp) -crypto/mgf1/mgf1.lo: crypto/mgf1/$(am__dirstamp) \ - crypto/mgf1/$(DEPDIR)/$(am__dirstamp) -crypto/mgf1/mgf1_bitspender.lo: crypto/mgf1/$(am__dirstamp) \ - crypto/mgf1/$(DEPDIR)/$(am__dirstamp) +crypto/xofs/$(am__dirstamp): + @$(MKDIR_P) crypto/xofs + @: > crypto/xofs/$(am__dirstamp) +crypto/xofs/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) crypto/xofs/$(DEPDIR) + @: > crypto/xofs/$(DEPDIR)/$(am__dirstamp) +crypto/xofs/xof.lo: crypto/xofs/$(am__dirstamp) \ + crypto/xofs/$(DEPDIR)/$(am__dirstamp) +crypto/xofs/xof_bitspender.lo: crypto/xofs/$(am__dirstamp) \ + crypto/xofs/$(DEPDIR)/$(am__dirstamp) credentials/$(am__dirstamp): @$(MKDIR_P) credentials @: > credentials/$(am__dirstamp) @@ -1697,8 +1719,6 @@ mostlyclean-compile: -rm -f crypto/hashers/*.lo -rm -f crypto/iv/*.$(OBJEXT) -rm -f crypto/iv/*.lo - -rm -f crypto/mgf1/*.$(OBJEXT) - -rm -f crypto/mgf1/*.lo -rm -f crypto/prfs/*.$(OBJEXT) -rm -f crypto/prfs/*.lo -rm -f crypto/proposal/*.$(OBJEXT) @@ -1707,6 +1727,8 @@ mostlyclean-compile: -rm -f crypto/rngs/*.lo -rm -f crypto/signers/*.$(OBJEXT) -rm -f crypto/signers/*.lo + -rm -f crypto/xofs/*.$(OBJEXT) + -rm -f crypto/xofs/*.lo -rm -f database/*.$(OBJEXT) -rm -f database/*.lo -rm -f eap/*.$(OBJEXT) @@ -1794,8 +1816,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_null.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_rand.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_seq.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1_bitspender.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/mac_prf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/prfs/$(DEPDIR)/prf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/proposal/$(DEPDIR)/proposal_keywords.Plo@am__quote@ @@ -1803,6 +1823,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto/rngs/$(DEPDIR)/rng.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/signers/$(DEPDIR)/mac_signer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/signers/$(DEPDIR)/signer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@crypto/xofs/$(DEPDIR)/xof.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@crypto/xofs/$(DEPDIR)/xof_bitspender.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@database/$(DEPDIR)/database.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@database/$(DEPDIR)/database_factory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@eap/$(DEPDIR)/eap.Plo@am__quote@ @@ -1923,11 +1945,11 @@ clean-libtool: -rm -rf crypto/crypters/.libs crypto/crypters/_libs -rm -rf crypto/hashers/.libs crypto/hashers/_libs -rm -rf crypto/iv/.libs crypto/iv/_libs - -rm -rf crypto/mgf1/.libs crypto/mgf1/_libs -rm -rf crypto/prfs/.libs crypto/prfs/_libs -rm -rf crypto/proposal/.libs crypto/proposal/_libs -rm -rf crypto/rngs/.libs crypto/rngs/_libs -rm -rf crypto/signers/.libs crypto/signers/_libs + -rm -rf crypto/xofs/.libs crypto/xofs/_libs -rm -rf database/.libs database/_libs -rm -rf eap/.libs eap/_libs -rm -rf fetcher/.libs fetcher/_libs @@ -2186,8 +2208,6 @@ distclean-generic: -rm -f crypto/hashers/$(am__dirstamp) -rm -f crypto/iv/$(DEPDIR)/$(am__dirstamp) -rm -f crypto/iv/$(am__dirstamp) - -rm -f crypto/mgf1/$(DEPDIR)/$(am__dirstamp) - -rm -f crypto/mgf1/$(am__dirstamp) -rm -f crypto/prfs/$(DEPDIR)/$(am__dirstamp) -rm -f crypto/prfs/$(am__dirstamp) -rm -f crypto/proposal/$(DEPDIR)/$(am__dirstamp) @@ -2196,6 +2216,8 @@ distclean-generic: -rm -f crypto/rngs/$(am__dirstamp) -rm -f crypto/signers/$(DEPDIR)/$(am__dirstamp) -rm -f crypto/signers/$(am__dirstamp) + -rm -f crypto/xofs/$(DEPDIR)/$(am__dirstamp) + -rm -f crypto/xofs/$(am__dirstamp) -rm -f database/$(DEPDIR)/$(am__dirstamp) -rm -f database/$(am__dirstamp) -rm -f eap/$(DEPDIR)/$(am__dirstamp) @@ -2249,7 +2271,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) + -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -2296,7 +2318,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) + -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) settings/$(DEPDIR) threading/$(DEPDIR) threading/windows/$(DEPDIR) utils/$(DEPDIR) utils/compat/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index c23746e57..40174446c 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,484 +10,493 @@ #include "oid.h" const oid_t oid_names[] = { - {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ - { 0x82, 0, 1, 1, "" }, /* 1 */ - { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ - { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ - { 0x0A, 0, 1, 4, "" }, /* 4 */ - { 0x07, 0, 1, 5, "" }, /* 5 */ - { 0x14, 0, 0, 6, "ND" }, /* 6 */ - {0x09, 18, 1, 0, "data" }, /* 7 */ - { 0x92, 0, 1, 1, "" }, /* 8 */ - { 0x26, 0, 1, 2, "" }, /* 9 */ - { 0x89, 0, 1, 3, "" }, /* 10 */ - { 0x93, 0, 1, 4, "" }, /* 11 */ - { 0xF2, 0, 1, 5, "" }, /* 12 */ - { 0x2C, 0, 1, 6, "" }, /* 13 */ - { 0x64, 0, 1, 7, "pilot" }, /* 14 */ - { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ - { 0x01, 17, 0, 9, "UID" }, /* 16 */ - { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 67, 1, 0, "X.500" }, /* 18 */ - { 0x04, 39, 1, 1, "X.509" }, /* 19 */ - { 0x03, 21, 0, 2, "CN" }, /* 20 */ - { 0x04, 22, 0, 2, "S" }, /* 21 */ - { 0x05, 23, 0, 2, "SN" }, /* 22 */ - { 0x06, 24, 0, 2, "C" }, /* 23 */ - { 0x07, 25, 0, 2, "L" }, /* 24 */ - { 0x08, 26, 0, 2, "ST" }, /* 25 */ - { 0x0A, 27, 0, 2, "O" }, /* 26 */ - { 0x0B, 28, 0, 2, "OU" }, /* 27 */ - { 0x0C, 29, 0, 2, "T" }, /* 28 */ - { 0x0D, 30, 0, 2, "D" }, /* 29 */ - { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ - { 0x29, 32, 0, 2, "N" }, /* 31 */ - { 0x2A, 33, 0, 2, "G" }, /* 32 */ - { 0x2B, 34, 0, 2, "I" }, /* 33 */ - { 0x2D, 35, 0, 2, "ID" }, /* 34 */ - { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */ - { 0x36, 37, 0, 2, "dmdName" }, /* 36 */ - { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */ - { 0x48, 0, 0, 2, "role" }, /* 38 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */ - { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */ - { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */ - { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */ - { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */ - { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */ - { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */ - { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */ - { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */ - { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */ - { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */ - { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */ - { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */ - { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */ - { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */ - { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */ - { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */ - { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */ - { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */ - { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */ - { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */ - { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */ - { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */ - { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */ - { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */ - {0x2A, 191, 1, 0, "" }, /* 67 */ - { 0x83, 80, 1, 1, "" }, /* 68 */ - { 0x08, 0, 1, 2, "jp" }, /* 69 */ - { 0x8C, 0, 1, 3, "" }, /* 70 */ - { 0x9A, 0, 1, 4, "" }, /* 71 */ - { 0x4B, 0, 1, 5, "" }, /* 72 */ - { 0x3D, 0, 1, 6, "" }, /* 73 */ - { 0x01, 0, 1, 7, "security" }, /* 74 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 75 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */ - { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */ - { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */ - { 0x86, 0, 1, 1, "" }, /* 80 */ - { 0x48, 0, 1, 2, "us" }, /* 81 */ - { 0x86, 150, 1, 3, "" }, /* 82 */ - { 0xF6, 88, 1, 4, "" }, /* 83 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 85 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */ - { 0xF7, 0, 1, 4, "" }, /* 88 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */ - { 0x01, 145, 1, 6, "PKCS" }, /* 90 */ - { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */ - { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */ - { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */ - { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */ - { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */ - { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */ - { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */ - { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */ - { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */ - { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */ - { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */ - { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */ - { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */ - { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */ - { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */ - { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */ - { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */ - { 0x01, 110, 0, 8, "data" }, /* 109 */ - { 0x02, 111, 0, 8, "signedData" }, /* 110 */ - { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */ - { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */ - { 0x05, 114, 0, 8, "digestedData" }, /* 113 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */ - { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */ - { 0x01, 117, 0, 8, "E" }, /* 116 */ - { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */ - { 0x03, 119, 0, 8, "contentType" }, /* 118 */ - { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */ - { 0x05, 121, 0, 8, "signingTime" }, /* 120 */ - { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */ - { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */ - { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */ - { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */ - { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */ - { 0x16, 0, 1, 8, "certTypes" }, /* 126 */ - { 0x01, 128, 0, 9, "X.509" }, /* 127 */ - { 0x02, 0, 0, 9, "SDSI" }, /* 128 */ - { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */ - { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */ - { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */ - { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */ - { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */ - { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */ - { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */ - { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */ - { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */ - { 0x01, 0, 1, 9, "bagIds" }, /* 138 */ - { 0x01, 140, 0, 10, "keyBag" }, /* 139 */ - { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */ - { 0x03, 142, 0, 10, "certBag" }, /* 141 */ - { 0x04, 143, 0, 10, "crlBag" }, /* 142 */ - { 0x05, 144, 0, 10, "secretBag" }, /* 143 */ - { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */ - { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */ - { 0x02, 147, 0, 7, "md2" }, /* 146 */ - { 0x05, 0, 0, 7, "md5" }, /* 147 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */ - { 0xCE, 0, 1, 3, "" }, /* 150 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */ - { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */ - { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */ - { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */ - { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */ - { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */ - { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */ - { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */ - { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */ - { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */ - { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */ - { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */ - { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */ - { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */ - { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */ - { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */ - { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */ - { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */ - { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */ - { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */ - { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */ - { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */ - { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */ - { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */ - { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */ - { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */ - { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */ - { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */ - { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */ - { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */ - { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */ - { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */ - { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */ - {0x2B, 418, 1, 0, "" }, /* 191 */ - { 0x06, 332, 1, 1, "dod" }, /* 192 */ - { 0x01, 0, 1, 2, "internet" }, /* 193 */ - { 0x04, 283, 1, 3, "private" }, /* 194 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 195 */ - { 0x82, 233, 1, 5, "" }, /* 196 */ - { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */ - { 0x0A, 202, 1, 7, "" }, /* 198 */ - { 0x03, 0, 1, 8, "" }, /* 199 */ - { 0x03, 201, 0, 9, "msSGC" }, /* 200 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */ - { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */ - { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 205 */ - { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */ - { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */ - { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */ - { 0xA0, 0, 1, 6, "" }, /* 209 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 210 */ - { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */ - { 0x02, 213, 0, 8, "cps" }, /* 212 */ - { 0x03, 214, 0, 8, "e-voting" }, /* 213 */ - { 0x05, 0, 1, 8, "BLISS" }, /* 214 */ - { 0x01, 217, 1, 9, "keyType" }, /* 215 */ - { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */ - { 0x02, 226, 1, 9, "parameters" }, /* 217 */ - { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */ - { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */ - { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */ - { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */ - { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */ - { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */ - { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */ - { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */ - { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */ - { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */ - { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */ - { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */ - { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */ - { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */ - { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */ - { 0x89, 240, 1, 5, "" }, /* 233 */ - { 0x31, 0, 1, 6, "" }, /* 234 */ - { 0x01, 0, 1, 7, "" }, /* 235 */ - { 0x01, 0, 1, 8, "" }, /* 236 */ - { 0x02, 0, 1, 9, "" }, /* 237 */ - { 0x02, 0, 1, 10, "" }, /* 238 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */ - { 0x97, 244, 1, 5, "" }, /* 240 */ - { 0x55, 0, 1, 6, "" }, /* 241 */ - { 0x01, 0, 1, 7, "" }, /* 242 */ - { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */ - { 0xC1, 0, 1, 5, "" }, /* 244 */ - { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */ - { 0x01, 0, 1, 7, "eess" }, /* 246 */ - { 0x01, 0, 1, 8, "eess1" }, /* 247 */ - { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */ - { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */ - { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */ - { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */ - { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */ - { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */ - { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */ - { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */ - { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */ - { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */ - { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */ - { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */ - { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */ - { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */ - { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */ - { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */ - { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */ - { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */ - { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */ - { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */ - { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */ - { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */ - { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */ - { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */ - { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */ - { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */ - { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */ - { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */ - { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */ - { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */ - { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */ - { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */ - { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */ - { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */ - { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */ - { 0x05, 0, 1, 3, "security" }, /* 283 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */ - { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */ - { 0x01, 290, 1, 6, "id-pe" }, /* 286 */ - { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */ - { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */ - { 0x02, 293, 1, 6, "id-qt" }, /* 290 */ - { 0x01, 292, 0, 7, "cps" }, /* 291 */ - { 0x02, 0, 0, 7, "unotice" }, /* 292 */ - { 0x03, 303, 1, 6, "id-kp" }, /* 293 */ - { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */ - { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */ - { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */ - { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */ - { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */ - { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */ - { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */ - { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */ - { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */ - { 0x01, 305, 0, 7, "personalData" }, /* 304 */ - { 0x02, 306, 0, 7, "userGroup" }, /* 305 */ - { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */ - { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */ - { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */ - { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */ - { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */ - { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */ - { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */ - { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */ - { 0x04, 0, 0, 7, "group" }, /* 315 */ - { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 317 */ - { 0x01, 326, 1, 7, "ocsp" }, /* 318 */ - { 0x01, 320, 0, 8, "basic" }, /* 319 */ - { 0x02, 321, 0, 8, "nonce" }, /* 320 */ - { 0x03, 322, 0, 8, "crl" }, /* 321 */ - { 0x04, 323, 0, 8, "response" }, /* 322 */ - { 0x05, 324, 0, 8, "noCheck" }, /* 323 */ - { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */ - { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */ - { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 328 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 329 */ - { 0x02, 0, 1, 6, "certificate" }, /* 330 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */ - { 0x0E, 338, 1, 1, "oiw" }, /* 332 */ - { 0x03, 0, 1, 2, "secsig" }, /* 333 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 334 */ - { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */ - { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */ - { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 339 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */ - { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */ - { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */ - { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 345 */ - { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */ - { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */ - { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */ - { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */ - { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */ - { 0x01, 355, 1, 6, "fieldType" }, /* 351 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */ - { 0x01, 0, 1, 8, "basisType" }, /* 353 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */ - { 0x02, 357, 1, 6, "keyType" }, /* 355 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */ - { 0x03, 358, 0, 6, "curve" }, /* 357 */ - { 0x04, 365, 1, 6, "signatures" }, /* 358 */ - { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */ - { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */ - { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */ - { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */ - { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */ - { 0x05, 0, 1, 6, "module" }, /* 365 */ - { 0x01, 0, 0, 7, "1" }, /* 366 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 369 */ - { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */ - { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */ - { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */ - { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */ - { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */ - { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */ - { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */ - { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */ - { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */ - { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */ - { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */ - { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */ - { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */ - { 0x81, 0, 1, 1, "" }, /* 384 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 385 */ - { 0x00, 0, 1, 3, "curve" }, /* 386 */ - { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */ - { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */ - { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */ - { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */ - { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */ - { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */ - { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */ - { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */ - { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */ - { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */ - { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */ - { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */ - { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */ - { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */ - { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */ - { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */ - { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */ - { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */ - { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */ - { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */ - { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */ - { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */ - { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */ - { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */ - { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */ - { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */ - { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */ - { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */ - { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */ - { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */ - {0x60, 472, 1, 0, "" }, /* 418 */ - { 0x86, 0, 1, 1, "" }, /* 419 */ - { 0x48, 0, 1, 2, "" }, /* 420 */ - { 0x01, 0, 1, 3, "organization" }, /* 421 */ - { 0x65, 448, 1, 4, "gov" }, /* 422 */ - { 0x03, 0, 1, 5, "csor" }, /* 423 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */ - { 0x01, 435, 1, 7, "aes" }, /* 425 */ - { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */ - { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */ - { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */ - { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */ - { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */ - { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */ - { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */ - { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 435 */ - { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */ - { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */ - { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */ - { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */ - { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */ - { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */ - { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */ - { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */ - { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */ - { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */ - { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */ - { 0x86, 0, 1, 4, "" }, /* 448 */ - { 0xf8, 0, 1, 5, "" }, /* 449 */ - { 0x42, 462, 1, 6, "netscape" }, /* 450 */ - { 0x01, 457, 1, 7, "" }, /* 451 */ - { 0x01, 453, 0, 8, "nsCertType" }, /* 452 */ - { 0x03, 454, 0, 8, "nsRevocationUrl" }, /* 453 */ - { 0x04, 455, 0, 8, "nsCaRevocationUrl" }, /* 454 */ - { 0x08, 456, 0, 8, "nsCaPolicyUrl" }, /* 455 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 456 */ - { 0x03, 460, 1, 7, "directory" }, /* 457 */ - { 0x01, 0, 1, 8, "" }, /* 458 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 459 */ - { 0x04, 0, 1, 7, "policy" }, /* 460 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 461 */ - { 0x45, 0, 1, 6, "verisign" }, /* 462 */ - { 0x01, 0, 1, 7, "pki" }, /* 463 */ - { 0x09, 0, 1, 8, "attributes" }, /* 464 */ - { 0x02, 466, 0, 9, "messageType" }, /* 465 */ - { 0x03, 467, 0, 9, "pkiStatus" }, /* 466 */ - { 0x04, 468, 0, 9, "failInfo" }, /* 467 */ - { 0x05, 469, 0, 9, "senderNonce" }, /* 468 */ - { 0x06, 470, 0, 9, "recipientNonce" }, /* 469 */ - { 0x07, 471, 0, 9, "transID" }, /* 470 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 471 */ - {0x67, 0, 1, 0, "" }, /* 472 */ - { 0x81, 0, 1, 1, "" }, /* 473 */ - { 0x05, 0, 1, 2, "" }, /* 474 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 475 */ - { 0x01, 477, 0, 4, "tcg-at-tpmManufacturer" }, /* 476 */ - { 0x02, 478, 0, 4, "tcg-at-tpmModel" }, /* 477 */ - { 0x03, 479, 0, 4, "tcg-at-tpmVersion" }, /* 478 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 479 */ + {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ + { 0x82, 0, 1, 1, "" }, /* 1 */ + { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ + { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ + { 0x0A, 0, 1, 4, "" }, /* 4 */ + { 0x07, 0, 1, 5, "" }, /* 5 */ + { 0x14, 0, 0, 6, "ND" }, /* 6 */ + {0x09, 18, 1, 0, "data" }, /* 7 */ + { 0x92, 0, 1, 1, "" }, /* 8 */ + { 0x26, 0, 1, 2, "" }, /* 9 */ + { 0x89, 0, 1, 3, "" }, /* 10 */ + { 0x93, 0, 1, 4, "" }, /* 11 */ + { 0xF2, 0, 1, 5, "" }, /* 12 */ + { 0x2C, 0, 1, 6, "" }, /* 13 */ + { 0x64, 0, 1, 7, "pilot" }, /* 14 */ + { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ + { 0x01, 17, 0, 9, "UID" }, /* 16 */ + { 0x19, 0, 0, 9, "DC" }, /* 17 */ + {0x55, 67, 1, 0, "X.500" }, /* 18 */ + { 0x04, 39, 1, 1, "X.509" }, /* 19 */ + { 0x03, 21, 0, 2, "CN" }, /* 20 */ + { 0x04, 22, 0, 2, "S" }, /* 21 */ + { 0x05, 23, 0, 2, "SN" }, /* 22 */ + { 0x06, 24, 0, 2, "C" }, /* 23 */ + { 0x07, 25, 0, 2, "L" }, /* 24 */ + { 0x08, 26, 0, 2, "ST" }, /* 25 */ + { 0x0A, 27, 0, 2, "O" }, /* 26 */ + { 0x0B, 28, 0, 2, "OU" }, /* 27 */ + { 0x0C, 29, 0, 2, "T" }, /* 28 */ + { 0x0D, 30, 0, 2, "D" }, /* 29 */ + { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ + { 0x29, 32, 0, 2, "N" }, /* 31 */ + { 0x2A, 33, 0, 2, "G" }, /* 32 */ + { 0x2B, 34, 0, 2, "I" }, /* 33 */ + { 0x2D, 35, 0, 2, "ID" }, /* 34 */ + { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */ + { 0x36, 37, 0, 2, "dmdName" }, /* 36 */ + { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */ + { 0x48, 0, 0, 2, "role" }, /* 38 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */ + { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */ + { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */ + { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */ + { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */ + { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */ + { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */ + { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */ + { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */ + { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */ + { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */ + { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */ + { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */ + { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */ + { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */ + { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */ + { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */ + { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */ + { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */ + { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */ + { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */ + { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */ + { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */ + { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */ + { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */ + {0x2A, 191, 1, 0, "" }, /* 67 */ + { 0x83, 80, 1, 1, "" }, /* 68 */ + { 0x08, 0, 1, 2, "jp" }, /* 69 */ + { 0x8C, 0, 1, 3, "" }, /* 70 */ + { 0x9A, 0, 1, 4, "" }, /* 71 */ + { 0x4B, 0, 1, 5, "" }, /* 72 */ + { 0x3D, 0, 1, 6, "" }, /* 73 */ + { 0x01, 0, 1, 7, "security" }, /* 74 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 75 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */ + { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */ + { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */ + { 0x86, 0, 1, 1, "" }, /* 80 */ + { 0x48, 0, 1, 2, "us" }, /* 81 */ + { 0x86, 150, 1, 3, "" }, /* 82 */ + { 0xF6, 88, 1, 4, "" }, /* 83 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 85 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */ + { 0xF7, 0, 1, 4, "" }, /* 88 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */ + { 0x01, 145, 1, 6, "PKCS" }, /* 90 */ + { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */ + { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */ + { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */ + { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */ + { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */ + { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */ + { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */ + { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */ + { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */ + { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */ + { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */ + { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */ + { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */ + { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */ + { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */ + { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */ + { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */ + { 0x01, 110, 0, 8, "data" }, /* 109 */ + { 0x02, 111, 0, 8, "signedData" }, /* 110 */ + { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */ + { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */ + { 0x05, 114, 0, 8, "digestedData" }, /* 113 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */ + { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */ + { 0x01, 117, 0, 8, "E" }, /* 116 */ + { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */ + { 0x03, 119, 0, 8, "contentType" }, /* 118 */ + { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */ + { 0x05, 121, 0, 8, "signingTime" }, /* 120 */ + { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */ + { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */ + { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */ + { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */ + { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */ + { 0x16, 0, 1, 8, "certTypes" }, /* 126 */ + { 0x01, 128, 0, 9, "X.509" }, /* 127 */ + { 0x02, 0, 0, 9, "SDSI" }, /* 128 */ + { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */ + { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */ + { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */ + { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */ + { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC" }, /* 133 */ + { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC" }, /* 134 */ + { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */ + { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */ + { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */ + { 0x01, 0, 1, 9, "bagIds" }, /* 138 */ + { 0x01, 140, 0, 10, "keyBag" }, /* 139 */ + { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */ + { 0x03, 142, 0, 10, "certBag" }, /* 141 */ + { 0x04, 143, 0, 10, "crlBag" }, /* 142 */ + { 0x05, 144, 0, 10, "secretBag" }, /* 143 */ + { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */ + { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */ + { 0x02, 147, 0, 7, "md2" }, /* 146 */ + { 0x05, 0, 0, 7, "md5" }, /* 147 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */ + { 0xCE, 0, 1, 3, "" }, /* 150 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */ + { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */ + { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */ + { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */ + { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */ + { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */ + { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */ + { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */ + { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */ + { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */ + { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */ + { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */ + { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */ + { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */ + { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */ + { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */ + { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */ + { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */ + { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */ + { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */ + { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */ + { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */ + { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */ + { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */ + { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */ + { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */ + { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */ + { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */ + { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */ + { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */ + { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */ + { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */ + { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */ + {0x2B, 418, 1, 0, "" }, /* 191 */ + { 0x06, 332, 1, 1, "dod" }, /* 192 */ + { 0x01, 0, 1, 2, "internet" }, /* 193 */ + { 0x04, 283, 1, 3, "private" }, /* 194 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 195 */ + { 0x82, 233, 1, 5, "" }, /* 196 */ + { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */ + { 0x0A, 202, 1, 7, "" }, /* 198 */ + { 0x03, 0, 1, 8, "" }, /* 199 */ + { 0x03, 201, 0, 9, "msSGC" }, /* 200 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */ + { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */ + { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 205 */ + { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */ + { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */ + { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */ + { 0xA0, 0, 1, 6, "" }, /* 209 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 210 */ + { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */ + { 0x02, 213, 0, 8, "cps" }, /* 212 */ + { 0x03, 214, 0, 8, "e-voting" }, /* 213 */ + { 0x05, 0, 1, 8, "BLISS" }, /* 214 */ + { 0x01, 217, 1, 9, "keyType" }, /* 215 */ + { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */ + { 0x02, 226, 1, 9, "parameters" }, /* 217 */ + { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */ + { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */ + { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */ + { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */ + { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */ + { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */ + { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */ + { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */ + { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */ + { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */ + { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */ + { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */ + { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */ + { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */ + { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */ + { 0x89, 240, 1, 5, "" }, /* 233 */ + { 0x31, 0, 1, 6, "" }, /* 234 */ + { 0x01, 0, 1, 7, "" }, /* 235 */ + { 0x01, 0, 1, 8, "" }, /* 236 */ + { 0x02, 0, 1, 9, "" }, /* 237 */ + { 0x02, 0, 1, 10, "" }, /* 238 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */ + { 0x97, 244, 1, 5, "" }, /* 240 */ + { 0x55, 0, 1, 6, "" }, /* 241 */ + { 0x01, 0, 1, 7, "" }, /* 242 */ + { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */ + { 0xC1, 0, 1, 5, "" }, /* 244 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */ + { 0x01, 0, 1, 7, "eess" }, /* 246 */ + { 0x01, 0, 1, 8, "eess1" }, /* 247 */ + { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */ + { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */ + { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */ + { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */ + { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */ + { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */ + { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */ + { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */ + { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */ + { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */ + { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */ + { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */ + { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */ + { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */ + { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */ + { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */ + { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */ + { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */ + { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */ + { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */ + { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */ + { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */ + { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */ + { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */ + { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */ + { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */ + { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */ + { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */ + { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */ + { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */ + { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */ + { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */ + { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */ + { 0x05, 0, 1, 3, "security" }, /* 283 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */ + { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */ + { 0x01, 290, 1, 6, "id-pe" }, /* 286 */ + { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */ + { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */ + { 0x02, 293, 1, 6, "id-qt" }, /* 290 */ + { 0x01, 292, 0, 7, "cps" }, /* 291 */ + { 0x02, 0, 0, 7, "unotice" }, /* 292 */ + { 0x03, 303, 1, 6, "id-kp" }, /* 293 */ + { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */ + { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */ + { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */ + { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */ + { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */ + { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */ + { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */ + { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */ + { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */ + { 0x01, 305, 0, 7, "personalData" }, /* 304 */ + { 0x02, 306, 0, 7, "userGroup" }, /* 305 */ + { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */ + { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */ + { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */ + { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */ + { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */ + { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */ + { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */ + { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */ + { 0x04, 0, 0, 7, "group" }, /* 315 */ + { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 317 */ + { 0x01, 326, 1, 7, "ocsp" }, /* 318 */ + { 0x01, 320, 0, 8, "basic" }, /* 319 */ + { 0x02, 321, 0, 8, "nonce" }, /* 320 */ + { 0x03, 322, 0, 8, "crl" }, /* 321 */ + { 0x04, 323, 0, 8, "response" }, /* 322 */ + { 0x05, 324, 0, 8, "noCheck" }, /* 323 */ + { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */ + { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */ + { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 328 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 329 */ + { 0x02, 0, 1, 6, "certificate" }, /* 330 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */ + { 0x0E, 338, 1, 1, "oiw" }, /* 332 */ + { 0x03, 0, 1, 2, "secsig" }, /* 333 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 334 */ + { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */ + { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */ + { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 339 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */ + { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */ + { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */ + { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 345 */ + { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */ + { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */ + { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */ + { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */ + { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */ + { 0x01, 355, 1, 6, "fieldType" }, /* 351 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */ + { 0x01, 0, 1, 8, "basisType" }, /* 353 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */ + { 0x02, 357, 1, 6, "keyType" }, /* 355 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */ + { 0x03, 358, 0, 6, "curve" }, /* 357 */ + { 0x04, 365, 1, 6, "signatures" }, /* 358 */ + { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */ + { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */ + { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */ + { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */ + { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */ + { 0x05, 0, 1, 6, "module" }, /* 365 */ + { 0x01, 0, 0, 7, "1" }, /* 366 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 369 */ + { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */ + { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */ + { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */ + { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */ + { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */ + { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */ + { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */ + { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */ + { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */ + { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */ + { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */ + { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */ + { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */ + { 0x81, 0, 1, 1, "" }, /* 384 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 385 */ + { 0x00, 0, 1, 3, "curve" }, /* 386 */ + { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */ + { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */ + { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */ + { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */ + { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */ + { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */ + { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */ + { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */ + { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */ + { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */ + { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */ + { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */ + { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */ + { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */ + { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */ + { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */ + { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */ + { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */ + { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */ + { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */ + { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */ + { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */ + { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */ + { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */ + { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */ + { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */ + { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */ + { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */ + { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */ + { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */ + {0x60, 481, 1, 0, "" }, /* 418 */ + { 0x86, 0, 1, 1, "" }, /* 419 */ + { 0x48, 0, 1, 2, "" }, /* 420 */ + { 0x01, 0, 1, 3, "organization" }, /* 421 */ + { 0x65, 457, 1, 4, "gov" }, /* 422 */ + { 0x03, 0, 1, 5, "csor" }, /* 423 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */ + { 0x01, 435, 1, 7, "aes" }, /* 425 */ + { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */ + { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */ + { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */ + { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */ + { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */ + { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */ + { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */ + { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */ + { 0x02, 448, 1, 7, "hashAlgs" }, /* 435 */ + { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */ + { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */ + { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */ + { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */ + { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */ + { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */ + { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */ + { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */ + { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */ + { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */ + { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */ + { 0x03, 0, 1, 7, "sigAlgs" }, /* 448 */ + { 0x09, 450, 0, 8, "id-ecdsa-with-sha3-224" }, /* 449 */ + { 0x0A, 451, 0, 8, "id-ecdsa-with-sha3-256" }, /* 450 */ + { 0x0B, 452, 0, 8, "id-ecdsa-with-sha3-384" }, /* 451 */ + { 0x0C, 453, 0, 8, "id-ecdsa-with-sha3-512" }, /* 452 */ + { 0x0D, 454, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 453 */ + { 0x0E, 455, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 454 */ + { 0x0F, 456, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 455 */ + { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 456 */ + { 0x86, 0, 1, 4, "" }, /* 457 */ + { 0xf8, 0, 1, 5, "" }, /* 458 */ + { 0x42, 471, 1, 6, "netscape" }, /* 459 */ + { 0x01, 466, 1, 7, "" }, /* 460 */ + { 0x01, 462, 0, 8, "nsCertType" }, /* 461 */ + { 0x03, 463, 0, 8, "nsRevocationUrl" }, /* 462 */ + { 0x04, 464, 0, 8, "nsCaRevocationUrl" }, /* 463 */ + { 0x08, 465, 0, 8, "nsCaPolicyUrl" }, /* 464 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 465 */ + { 0x03, 469, 1, 7, "directory" }, /* 466 */ + { 0x01, 0, 1, 8, "" }, /* 467 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 468 */ + { 0x04, 0, 1, 7, "policy" }, /* 469 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 470 */ + { 0x45, 0, 1, 6, "verisign" }, /* 471 */ + { 0x01, 0, 1, 7, "pki" }, /* 472 */ + { 0x09, 0, 1, 8, "attributes" }, /* 473 */ + { 0x02, 475, 0, 9, "messageType" }, /* 474 */ + { 0x03, 476, 0, 9, "pkiStatus" }, /* 475 */ + { 0x04, 477, 0, 9, "failInfo" }, /* 476 */ + { 0x05, 478, 0, 9, "senderNonce" }, /* 477 */ + { 0x06, 479, 0, 9, "recipientNonce" }, /* 478 */ + { 0x07, 480, 0, 9, "transID" }, /* 479 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 480 */ + {0x67, 0, 1, 0, "" }, /* 481 */ + { 0x81, 0, 1, 1, "" }, /* 482 */ + { 0x05, 0, 1, 2, "" }, /* 483 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 484 */ + { 0x01, 486, 0, 4, "tcg-at-tpmManufacturer" }, /* 485 */ + { 0x02, 487, 0, 4, "tcg-at-tpmModel" }, /* 486 */ + { 0x03, 488, 0, 4, "tcg-at-tpmVersion" }, /* 487 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 488 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 042f108dd..bca299923 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -240,22 +240,30 @@ extern const oid_t oid_names[]; #define OID_SHA3_256 443 #define OID_SHA3_384 444 #define OID_SHA3_512 445 -#define OID_NS_REVOCATION_URL 453 -#define OID_NS_CA_REVOCATION_URL 454 -#define OID_NS_CA_POLICY_URL 455 -#define OID_NS_COMMENT 456 -#define OID_EMPLOYEE_NUMBER 459 -#define OID_PKI_MESSAGE_TYPE 465 -#define OID_PKI_STATUS 466 -#define OID_PKI_FAIL_INFO 467 -#define OID_PKI_SENDER_NONCE 468 -#define OID_PKI_RECIPIENT_NONCE 469 -#define OID_PKI_TRANS_ID 470 -#define OID_TPM_MANUFACTURER 476 -#define OID_TPM_MODEL 477 -#define OID_TPM_VERSION 478 -#define OID_TPM_ID_LABEL 479 +#define OID_ECDSA_WITH_SHA3_224 449 +#define OID_ECDSA_WITH_SHA3_256 450 +#define OID_ECDSA_WITH_SHA3_384 451 +#define OID_ECDSA_WITH_SHA3_512 452 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 453 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 454 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 455 +#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 456 +#define OID_NS_REVOCATION_URL 462 +#define OID_NS_CA_REVOCATION_URL 463 +#define OID_NS_CA_POLICY_URL 464 +#define OID_NS_COMMENT 465 +#define OID_EMPLOYEE_NUMBER 468 +#define OID_PKI_MESSAGE_TYPE 474 +#define OID_PKI_STATUS 475 +#define OID_PKI_FAIL_INFO 476 +#define OID_PKI_SENDER_NONCE 477 +#define OID_PKI_RECIPIENT_NONCE 478 +#define OID_PKI_TRANS_ID 479 +#define OID_TPM_MANUFACTURER 485 +#define OID_TPM_MODEL 486 +#define OID_TPM_VERSION 487 +#define OID_TPM_ID_LABEL 488 -#define OID_MAX 480 +#define OID_MAX 489 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index eeeb234c7..761a38ab6 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -433,7 +433,7 @@ 0x2A "id-aes256-CBC" OID_AES256_CBC 0x2E "id-aes256-GCM" OID_AES256_GCM 0x2F "id-aes256-CCM" OID_AES256_CCM - 0x02 "hashalgs" + 0x02 "hashAlgs" 0x01 "id-sha256" OID_SHA256 0x02 "id-sha384" OID_SHA384 0x03 "id-sha512" OID_SHA512 @@ -446,6 +446,15 @@ 0x0A "id-sha3-512" OID_SHA3_512 0x0B "id-shake128" 0x0C "id-shake256" + 0x03 "sigAlgs" + 0x09 "id-ecdsa-with-sha3-224" OID_ECDSA_WITH_SHA3_224 + 0x0A "id-ecdsa-with-sha3-256" OID_ECDSA_WITH_SHA3_256 + 0x0B "id-ecdsa-with-sha3-384" OID_ECDSA_WITH_SHA3_384 + 0x0C "id-ecdsa-with-sha3-512" OID_ECDSA_WITH_SHA3_512 + 0x0D "id-rsassa-pkcs1v15-with-sha3-224" OID_RSASSA_PKCS1V15_WITH_SHA3_224 + 0x0E "id-rsassa-pkcs1v15-with-sha3-256" OID_RSASSA_PKCS1V15_WITH_SHA3_256 + 0x0F "id-rsassa-pkcs1v15-with-sha3-384" OID_RSASSA_PKCS1V15_WITH_SHA3_384 + 0x10 "id-rsassa-pkcs1v15-with-sha3-512" OID_RSASSA_PKCS1V15_WITH_SHA3_512 0x86 "" 0xf8 "" 0x42 "netscape" diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 956ce08c9..3ec9491ed 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffeb + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } schemes[] = { { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, }, { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, }, - { "sha224", SIGN_RSA_EMSA_PKCS1_SHA224, KEY_RSA, }, - { "sha256", SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, }, - { "sha384", SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, }, - { "sha512", SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, }, + { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, }, + { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, }, + { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, }, + { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, }, { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, }, { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, }, { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, }, diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index d6f211a34..03f93b1d3 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512, "RSA_EMSA_PKCS1_NULL", "RSA_EMSA_PKCS1_MD5", "RSA_EMSA_PKCS1_SHA1", - "RSA_EMSA_PKCS1_SHA224", - "RSA_EMSA_PKCS1_SHA256", - "RSA_EMSA_PKCS1_SHA384", - "RSA_EMSA_PKCS1_SHA512", + "RSA_EMSA_PKCS1_SHA2_224", + "RSA_EMSA_PKCS1_SHA2_256", + "RSA_EMSA_PKCS1_SHA2_384", + "RSA_EMSA_PKCS1_SHA2_512", + "RSA_EMSA_PKCS1_SHA3_224", + "RSA_EMSA_PKCS1_SHA3_256", + "RSA_EMSA_PKCS1_SHA3_384", + "RSA_EMSA_PKCS1_SHA3_512", "ECDSA_WITH_SHA1_DER", "ECDSA_WITH_SHA256_DER", "ECDSA_WITH_SHA384_DER", @@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid) return SIGN_RSA_EMSA_PKCS1_SHA1; case OID_SHA224_WITH_RSA: case OID_SHA224: - return SIGN_RSA_EMSA_PKCS1_SHA224; + return SIGN_RSA_EMSA_PKCS1_SHA2_224; case OID_SHA256_WITH_RSA: case OID_SHA256: - return SIGN_RSA_EMSA_PKCS1_SHA256; + return SIGN_RSA_EMSA_PKCS1_SHA2_256; case OID_SHA384_WITH_RSA: case OID_SHA384: - return SIGN_RSA_EMSA_PKCS1_SHA384; + return SIGN_RSA_EMSA_PKCS1_SHA2_384; case OID_SHA512_WITH_RSA: case OID_SHA512: - return SIGN_RSA_EMSA_PKCS1_SHA512; + return SIGN_RSA_EMSA_PKCS1_SHA2_512; + case OID_RSASSA_PKCS1V15_WITH_SHA3_224: + return SIGN_RSA_EMSA_PKCS1_SHA3_224; + case OID_RSASSA_PKCS1V15_WITH_SHA3_256: + return SIGN_RSA_EMSA_PKCS1_SHA3_256; + case OID_RSASSA_PKCS1V15_WITH_SHA3_384: + return SIGN_RSA_EMSA_PKCS1_SHA3_384; + case OID_RSASSA_PKCS1V15_WITH_SHA3_512: + return SIGN_RSA_EMSA_PKCS1_SHA3_512; case OID_ECDSA_WITH_SHA1: case OID_EC_PUBLICKEY: return SIGN_ECDSA_WITH_SHA1_DER; @@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme) return OID_MD5_WITH_RSA; case SIGN_RSA_EMSA_PKCS1_SHA1: return OID_SHA1_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return OID_SHA224_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return OID_SHA256_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return OID_SHA384_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return OID_SHA512_WITH_RSA; + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return OID_RSASSA_PKCS1V15_WITH_SHA3_224; + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return OID_RSASSA_PKCS1V15_WITH_SHA3_256; + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; case SIGN_ECDSA_WITH_SHA1_DER: return OID_ECDSA_WITH_SHA1; case SIGN_ECDSA_WITH_SHA256_DER: @@ -216,9 +236,9 @@ static struct { key_type_t type; int max_keysize; } scheme_map[] = { - { SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, 3072 }, - { SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, 7680 }, - { SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, 0 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, @@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_NULL: case SIGN_RSA_EMSA_PKCS1_MD5: case SIGN_RSA_EMSA_PKCS1_SHA1: - case SIGN_RSA_EMSA_PKCS1_SHA224: - case SIGN_RSA_EMSA_PKCS1_SHA256: - case SIGN_RSA_EMSA_PKCS1_SHA384: - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + case SIGN_RSA_EMSA_PKCS1_SHA3_512: return KEY_RSA; case SIGN_ECDSA_WITH_SHA1_DER: case SIGN_ECDSA_WITH_SHA256_DER: diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index ce48f9b7e..236128234 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -70,14 +70,22 @@ enum signature_scheme_t { SIGN_RSA_EMSA_PKCS1_MD5, /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ SIGN_RSA_EMSA_PKCS1_SHA1, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */ - SIGN_RSA_EMSA_PKCS1_SHA224, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */ - SIGN_RSA_EMSA_PKCS1_SHA256, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */ - SIGN_RSA_EMSA_PKCS1_SHA384, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */ - SIGN_RSA_EMSA_PKCS1_SHA512, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */ + SIGN_RSA_EMSA_PKCS1_SHA2_224, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */ + SIGN_RSA_EMSA_PKCS1_SHA2_256, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */ + SIGN_RSA_EMSA_PKCS1_SHA2_384, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */ + SIGN_RSA_EMSA_PKCS1_SHA2_512, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */ + SIGN_RSA_EMSA_PKCS1_SHA3_224, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */ + SIGN_RSA_EMSA_PKCS1_SHA3_256, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */ + SIGN_RSA_EMSA_PKCS1_SHA3_384, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */ + SIGN_RSA_EMSA_PKCS1_SHA3_512, /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ SIGN_ECDSA_WITH_SHA1_DER, /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index c6b8d0c7e..8393d5b18 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -108,7 +108,7 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, } *value = cert; enumerator->auth->replace(enumerator->auth, enumerator->inner, - *rule, cert->get_ref(cert)); + *rule, cert); return TRUE; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 988e709ad..0f8bff23f 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2010-2015 Tobias Brunner - * Hochschule fuer Technik Rapperwsil + * Copyright (C) 2010-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperwsil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -223,6 +224,7 @@ METHOD(mem_cred_t, add_crl, bool, { if (current->get_type(current) == CERT_X509_CRL) { + chunk_t base; bool found = FALSE; crl_t *crl_c = (crl_t*)current; chunk_t authkey = crl->get_authKeyIdentifier(crl); @@ -246,17 +248,37 @@ METHOD(mem_cred_t, add_crl, bool, } if (found) { - new = crl_is_newer(crl, crl_c); - if (new) + /* we keep at most one delta CRL for each base CRL */ + if (crl->is_delta_crl(crl, &base)) { - this->untrusted->remove_at(this->untrusted, enumerator); - current->destroy(current); + if (!crl_c->is_delta_crl(crl_c, NULL)) + { + if (chunk_equals(base, crl_c->get_serial(crl_c))) + { /* keep the added delta and the existing base CRL + * but check if this is the newest delta CRL for + * the same base */ + continue; + } + } } - else + else if (crl_c->is_delta_crl(crl_c, &base)) + { + if (chunk_equals(base, crl->get_serial(crl))) + { /* keep the existing delta and the added base CRL, + * but check if we don't store it already */ + continue; + } + } + new = crl_is_newer(crl, crl_c); + if (!new) { cert->destroy(cert); + break; } - break; + /* we remove the existing older CRL but there might be other + * delta or base CRLs we can replace */ + this->untrusted->remove_at(this->untrusted, enumerator); + current->destroy(current); } } } diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 35dcf25ac..bab59a06f 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2013-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -51,6 +52,7 @@ struct entry_t { signer_constructor_t create_signer; hasher_constructor_t create_hasher; prf_constructor_t create_prf; + xof_constructor_t create_xof; rng_constructor_t create_rng; nonce_gen_constructor_t create_nonce_gen; dh_constructor_t create_dh; @@ -95,6 +97,11 @@ struct private_crypto_factory_t { */ linked_list_t *prfs; + /** + * registered xofs, as entry_t + */ + linked_list_t *xofs; + /** * registered rngs, as entry_t */ @@ -303,6 +310,38 @@ METHOD(crypto_factory_t, create_prf, prf_t*, return prf; } +METHOD(crypto_factory_t, create_xof, xof_t*, + private_crypto_factory_t *this, ext_out_function_t algo) +{ + enumerator_t *enumerator; + entry_t *entry; + xof_t *xof = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->xofs->create_enumerator(this->xofs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->algo == algo) + { + if (this->test_on_create && + !this->tester->test_xof(this->tester, algo, + entry->create_xof, NULL, + default_plugin_name)) + { + continue; + } + xof = entry->create_xof(algo); + if (xof) + { + break; + } + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return xof; +} + METHOD(crypto_factory_t, create_rng, rng_t*, private_crypto_factory_t *this, rng_quality_t quality) { @@ -633,6 +672,43 @@ METHOD(crypto_factory_t, remove_prf, void, this->lock->unlock(this->lock); } +METHOD(crypto_factory_t, add_xof, bool, + private_crypto_factory_t *this, ext_out_function_t algo, + const char *plugin_name, xof_constructor_t create) +{ + u_int speed = 0; + + if (!this->test_on_add || + this->tester->test_xof(this->tester, algo, create, + this->bench ? &speed : NULL, plugin_name)) + { + add_entry(this, this->xofs, algo, plugin_name, speed, create); + return TRUE; + } + this->test_failures++; + return FALSE; +} + +METHOD(crypto_factory_t, remove_xof, void, + private_crypto_factory_t *this, xof_constructor_t create) +{ + entry_t *entry; + enumerator_t *enumerator; + + this->lock->write_lock(this->lock); + enumerator = this->xofs->create_enumerator(this->xofs); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->create_xof == create) + { + this->xofs->remove_at(this->xofs, enumerator); + free(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + METHOD(crypto_factory_t, add_rng, bool, private_crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create) @@ -845,6 +921,23 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, return create_enumerator(this, this->prfs, prf_filter); } +/** + * Filter function to enumerate algorithm, not entry + */ +static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo, + void *i2, const char **plugin_name) +{ + *algo = (*entry)->algo; + *plugin_name = (*entry)->plugin_name; + return TRUE; +} + +METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*, + private_crypto_factory_t *this) +{ + return create_enumerator(this, this->xofs, xof_filter); +} + /** * Filter function to enumerate group, not entry */ @@ -909,6 +1002,8 @@ METHOD(crypto_factory_t, add_test_vector, void, return this->tester->add_hasher_vector(this->tester, vector); case PSEUDO_RANDOM_FUNCTION: return this->tester->add_prf_vector(this->tester, vector); + case EXTENDED_OUTPUT_FUNCTION: + return this->tester->add_xof_vector(this->tester, vector); case RANDOM_NUMBER_GENERATOR: return this->tester->add_rng_vector(this->tester, vector); case DIFFIE_HELLMAN_GROUP: @@ -961,6 +1056,10 @@ METHOD(enumerator_t, verify_enumerate, bool, *valid = this->tester->test_prf(this->tester, entry->algo, entry->create_prf, NULL, entry->plugin_name); break; + case EXTENDED_OUTPUT_FUNCTION: + *valid = this->tester->test_xof(this->tester, entry->algo, + entry->create_xof, NULL, entry->plugin_name); + break; case RANDOM_NUMBER_GENERATOR: *valid = this->tester->test_rng(this->tester, entry->algo, entry->create_rng, NULL, entry->plugin_name); @@ -1009,6 +1108,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*, case PSEUDO_RANDOM_FUNCTION: inner = this->prfs->create_enumerator(this->prfs); break; + case EXTENDED_OUTPUT_FUNCTION: + inner = this->xofs->create_enumerator(this->xofs); + break; case RANDOM_NUMBER_GENERATOR: inner = this->rngs->create_enumerator(this->rngs); break; @@ -1040,6 +1142,7 @@ METHOD(crypto_factory_t, destroy, void, this->signers->destroy(this->signers); this->hashers->destroy(this->hashers); this->prfs->destroy(this->prfs); + this->xofs->destroy(this->xofs); this->rngs->destroy(this->rngs); this->nonce_gens->destroy(this->nonce_gens); this->dhs->destroy(this->dhs); @@ -1062,6 +1165,7 @@ crypto_factory_t *crypto_factory_create() .create_signer = _create_signer, .create_hasher = _create_hasher, .create_prf = _create_prf, + .create_xof = _create_xof, .create_rng = _create_rng, .create_nonce_gen = _create_nonce_gen, .create_dh = _create_dh, @@ -1075,6 +1179,8 @@ crypto_factory_t *crypto_factory_create() .remove_hasher = _remove_hasher, .add_prf = _add_prf, .remove_prf = _remove_prf, + .add_xof = _add_xof, + .remove_xof = _remove_xof, .add_rng = _add_rng, .remove_rng = _remove_rng, .add_nonce_gen = _add_nonce_gen, @@ -1086,6 +1192,7 @@ crypto_factory_t *crypto_factory_create() .create_signer_enumerator = _create_signer_enumerator, .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, + .create_xof_enumerator = _create_xof_enumerator, .create_dh_enumerator = _create_dh_enumerator, .create_rng_enumerator = _create_rng_enumerator, .create_nonce_gen_enumerator = _create_nonce_gen_enumerator, @@ -1098,6 +1205,7 @@ crypto_factory_t *crypto_factory_create() .signers = linked_list_create(), .hashers = linked_list_create(), .prfs = linked_list_create(), + .xofs = linked_list_create(), .rngs = linked_list_create(), .nonce_gens = linked_list_create(), .dhs = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index e03915603..4f61ba1fc 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -31,6 +32,7 @@ typedef struct crypto_factory_t crypto_factory_t; #include #include #include +#include #include #include #include @@ -62,6 +64,11 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo); */ typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo); +/** + * Constructor function for pseudo random functions + */ +typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo); + /** * Constructor function for source of randomness */ @@ -132,6 +139,14 @@ struct crypto_factory_t { */ prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo); + /** + * Create an extended output function instance. + * + * @param algo XOF algorithm to use + * @return xof_t instance, NULL if not supported + */ + xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo); + /** * Create a source of randomness. * @@ -252,6 +267,24 @@ struct crypto_factory_t { */ void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create); + /** + * Register an xof constructor. + * + * @param algo algorithm to constructor + * @param plugin_name plugin that registered this algorithm + * @param create constructor function for that algorithm + * @return TRUE if registered, FALSE if test vector failed + */ + bool (*add_xof)(crypto_factory_t *this, ext_out_function_t algo, + const char *plugin_name, xof_constructor_t create); + + /** + * Unregister an xof constructor. + * + * @param create constructor function to unregister + */ + void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create); + /** * Register a source of randomness. * @@ -341,6 +374,13 @@ struct crypto_factory_t { */ enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this); + /** + * Create an enumerator over all registered XOFs. + * + * @return enumerator over ext_out_function_t, plugin + */ + enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this); + /** * Create an enumerator over all registered diffie hellman groups. * diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 5607d35b9..e86e7ae76 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -62,6 +62,11 @@ struct private_crypto_tester_t { */ linked_list_t *prf; + /** + * List of XOF test vectors + */ + linked_list_t *xof; + /** * List of RNG test vectors */ @@ -1034,6 +1039,146 @@ failure: return !failed; } +/** + * Benchmark an XOF + */ +static u_int bench_xof(private_crypto_tester_t *this, + ext_out_function_t alg, xof_constructor_t create) +{ + xof_t *xof; + + xof = create(alg); + if (xof) + { + char seed[xof->get_seed_size(xof)]; + char bytes[xof->get_block_size(xof)]; + struct timespec start; + u_int runs; + + memset(seed, 0x56, xof->get_seed_size(xof)); + if (!xof->set_seed(xof, chunk_create(seed, xof->get_seed_size(xof)))) + { + xof->destroy(xof); + return 0; + } + + runs = 0; + start_timing(&start); + while (end_timing(&start) < this->bench_time) + { + if (xof->get_bytes(xof, xof->get_block_size(xof), bytes)) + { + runs++; + } + } + xof->destroy(xof); + + return runs; + } + return 0; +} + +METHOD(crypto_tester_t, test_xof, bool, + private_crypto_tester_t *this, ext_out_function_t alg, + xof_constructor_t create, u_int *speed, const char *plugin_name) +{ + enumerator_t *enumerator; + xof_test_vector_t *vector; + bool failed = FALSE; + u_int tested = 0; + + enumerator = this->xof->create_enumerator(this->xof); + while (enumerator->enumerate(enumerator, &vector)) + { + xof_t *xof; + chunk_t seed, out = chunk_empty; + + if (vector->alg != alg) + { + continue; + } + + tested++; + failed = TRUE; + xof = create(alg); + if (!xof) + { + DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", + ext_out_function_names, alg, plugin_name); + break; + } + + seed = chunk_create(vector->seed, vector->len); + if (!xof->set_seed(xof, seed)) + { + goto failure; + } + /* allocated bytes */ + if (!xof->allocate_bytes(xof, vector->out_len, &out)) + { + goto failure; + } + if (out.len != vector->out_len) + { + goto failure; + } + if (!memeq(vector->out, out.ptr, out.len)) + { + goto failure; + } + /* bytes to existing buffer */ + memset(out.ptr, 0, out.len); + if (!xof->set_seed(xof, seed)) + { + goto failure; + } + if (!xof->get_bytes(xof, vector->out_len, out.ptr)) + { + goto failure; + } + if (!memeq(vector->out, out.ptr, vector->out_len)) + { + goto failure; + } + /* bytes to existing buffer, using append mode */ + /* TODO */ + + failed = FALSE; +failure: + xof->destroy(xof); + chunk_free(&out); + if (failed) + { + DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", + ext_out_function_names, alg, plugin_name, get_name(vector)); + break; + } + } + enumerator->destroy(enumerator); + if (!tested) + { + DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", + this->required ? "disabled" : "enabled ", + ext_out_function_names, alg, plugin_name); + return !this->required; + } + if (!failed) + { + if (speed) + { + *speed = bench_xof(this, alg, create); + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", + ext_out_function_names, alg, plugin_name, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", + ext_out_function_names, alg, plugin_name, tested); + } + } + return !failed; +} + /** * Benchmark a RNG */ @@ -1338,6 +1483,12 @@ METHOD(crypto_tester_t, add_prf_vector, void, this->prf->insert_last(this->prf, vector); } +METHOD(crypto_tester_t, add_xof_vector, void, + private_crypto_tester_t *this, xof_test_vector_t *vector) +{ + this->xof->insert_last(this->xof, vector); +} + METHOD(crypto_tester_t, add_rng_vector, void, private_crypto_tester_t *this, rng_test_vector_t *vector) { @@ -1358,6 +1509,7 @@ METHOD(crypto_tester_t, destroy, void, this->signer->destroy(this->signer); this->hasher->destroy(this->hasher); this->prf->destroy(this->prf); + this->xof->destroy(this->xof); this->rng->destroy(this->rng); this->dh->destroy(this->dh); free(this); @@ -1377,6 +1529,7 @@ crypto_tester_t *crypto_tester_create() .test_signer = _test_signer, .test_hasher = _test_hasher, .test_prf = _test_prf, + .test_xof = _test_xof, .test_rng = _test_rng, .test_dh = _test_dh, .add_crypter_vector = _add_crypter_vector, @@ -1384,6 +1537,7 @@ crypto_tester_t *crypto_tester_create() .add_signer_vector = _add_signer_vector, .add_hasher_vector = _add_hasher_vector, .add_prf_vector = _add_prf_vector, + .add_xof_vector = _add_xof_vector, .add_rng_vector = _add_rng_vector, .add_dh_vector = _add_dh_vector, .destroy = _destroy, @@ -1393,6 +1547,7 @@ crypto_tester_t *crypto_tester_create() .signer = linked_list_create(), .hasher = linked_list_create(), .prf = linked_list_create(), + .xof = linked_list_create(), .rng = linked_list_create(), .dh = linked_list_create(), diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 6cc9b0d57..34dfa9489 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -30,6 +30,7 @@ typedef struct aead_test_vector_t aead_test_vector_t; typedef struct signer_test_vector_t signer_test_vector_t; typedef struct hasher_test_vector_t hasher_test_vector_t; typedef struct prf_test_vector_t prf_test_vector_t; +typedef struct xof_test_vector_t xof_test_vector_t; typedef struct rng_test_vector_t rng_test_vector_t; typedef struct dh_test_vector_t dh_test_vector_t; @@ -114,6 +115,19 @@ struct prf_test_vector_t { u_char *out; }; +struct xof_test_vector_t { + /** xof algorithm this test vector tests */ + ext_out_function_t alg; + /** size of the seed data */ + size_t len; + /** seed data */ + u_char *seed; + /** size of the output */ + size_t out_len; + /** expected output of size*/ + u_char *out; +}; + /** * Test vector for a RNG. * @@ -216,6 +230,17 @@ struct crypto_tester_t { bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, prf_constructor_t create, u_int *speed, const char *plugin_name); + /** + * Test an XOF algorithm. + * + * @param alg algorithm to test + * @param create constructor function for the XOF + * @param speed speed test result, NULL to omit + * @return TRUE if test passed + */ + bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg, + xof_constructor_t create, + u_int *speed, const char *plugin_name); /** * Test a RNG implementation. * @@ -274,6 +299,13 @@ struct crypto_tester_t { */ void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector); + /** + * Add a test vector to test an XOF. + * + * @param vector pointer to test vector + */ + void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector); + /** * Add a test vector to test a RNG. * diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 0d4cd9109..6dcb6cb33 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -49,7 +49,9 @@ ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL, "NTRU_128", "NTRU_192", "NTRU_256"); -ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT, +ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT, + "NEWHOPE_128"); +ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT, "MODP_CUSTOM"); ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); @@ -554,6 +556,7 @@ bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value) case NTRU_128_BIT: case NTRU_192_BIT: case NTRU_256_BIT: + case NH_128_BIT: /* verification currently not supported, do in plugin */ valid = FALSE; break; diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index abebd66ad..f457153c9 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -68,6 +68,7 @@ enum diffie_hellman_group_t { NTRU_128_BIT = 1031, NTRU_192_BIT = 1032, NTRU_256_BIT = 1033, + NH_128_BIT = 1040, /** internally used DH group with additional parameters g and p, outside * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ MODP_CUSTOM = 65536, diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index e220593d4..d136799d7 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid) case OID_SHA512_WITH_RSA: return HASH_SHA512; case OID_SHA3_224: + case OID_RSASSA_PKCS1V15_WITH_SHA3_224: return HASH_SHA3_224; case OID_SHA3_256: + case OID_RSASSA_PKCS1V15_WITH_SHA3_256: return HASH_SHA3_256; case OID_SHA3_384: + case OID_RSASSA_PKCS1V15_WITH_SHA3_384: return HASH_SHA3_384; case OID_SHA3_512: + case OID_RSASSA_PKCS1V15_WITH_SHA3_512: return HASH_SHA3_512; default: return HASH_UNKNOWN; @@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) return OID_SHA384_WITH_RSA; case HASH_SHA512: return OID_SHA512_WITH_RSA; + case HASH_SHA3_224: + return OID_RSASSA_PKCS1V15_WITH_SHA3_224; + case HASH_SHA3_256: + return OID_RSASSA_PKCS1V15_WITH_SHA3_256; + case HASH_SHA3_384: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case HASH_SHA3_512: + return OID_RSASSA_PKCS1V15_WITH_SHA3_512; default: return OID_UNKNOWN; } @@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_SHA1: case SIGN_ECDSA_WITH_SHA1_DER: return HASH_SHA1; - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return HASH_SHA224; - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_256: case SIGN_BLISS_WITH_SHA2_256: return HASH_SHA256; - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_384: case SIGN_BLISS_WITH_SHA2_384: return HASH_SHA384; - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: case SIGN_ECDSA_WITH_SHA512_DER: case SIGN_ECDSA_521: case SIGN_BLISS_WITH_SHA2_512: return HASH_SHA512; + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return HASH_SHA3_224; + case SIGN_RSA_EMSA_PKCS1_SHA3_256: case SIGN_BLISS_WITH_SHA3_256: return HASH_SHA3_256; + case SIGN_RSA_EMSA_PKCS1_SHA3_384: case SIGN_BLISS_WITH_SHA3_384: return HASH_SHA3_384; + case SIGN_RSA_EMSA_PKCS1_SHA3_512: case SIGN_BLISS_WITH_SHA3_512: return HASH_SHA3_512; } diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c deleted file mode 100644 index 5116dfefa..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "mgf1.h" - -#include "crypto/hashers/hasher.h" -#include "utils/debug.h" -#include "utils/test.h" - -typedef struct private_mgf1_t private_mgf1_t; - -/** - * Private data of an mgf1_t object. - */ -struct private_mgf1_t { - - /** - * Public mgf1_t interface. - */ - mgf1_t public; - - /** - * Hasher the MGF1 Mask Generation Function is based on - */ - hasher_t *hasher; - - /** - * Counter - */ - uint32_t counter; - - /** - * Set if counter has reached 2^32 - */ - bool overflow; - - /** - * Current state to be hashed - */ - chunk_t state; - - /** - * Position of the 4 octet counter string - */ - u_char *ctr_str; - -}; - -METHOD(mgf1_t, get_hash_size, size_t, - private_mgf1_t *this) -{ - return this->hasher->get_hash_size(this->hasher); -} - -METHOD(mgf1_t, get_mask, bool, - private_mgf1_t *this, size_t mask_len, u_char *mask) -{ - u_char buf[HASH_SIZE_SHA512]; - size_t hash_len; - - hash_len = this->hasher->get_hash_size(this->hasher); - - while (mask_len > 0) - { - /* detect overflow, set counter string and increment counter */ - if (this->overflow) - { - return FALSE; - } - htoun32(this->ctr_str, this->counter++); - if (this->counter == 0) - { - this->overflow = TRUE; - } - - /* get the next or final mask block from the hash function */ - if (!this->hasher->get_hash(this->hasher, this->state, - (mask_len < hash_len) ? buf : mask)) - { - return FALSE; - } - if (mask_len < hash_len) - { - memcpy(mask, buf, mask_len); - return TRUE; - } - mask_len -= hash_len; - mask += hash_len; - } - return TRUE; -} - -METHOD(mgf1_t, allocate_mask, bool, - private_mgf1_t *this, size_t mask_len, chunk_t *mask) -{ - if (mask_len == 0) - { - *mask = chunk_empty; - return TRUE; - } - *mask = chunk_alloc(mask_len); - - return get_mask(this, mask_len, mask->ptr); -} - -METHOD(mgf1_t, destroy, void, - private_mgf1_t *this) -{ - this->hasher->destroy(this->hasher); - chunk_clear(&this->state); - free(this); -} - -/* - * Described in header. - */ -mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed) -{ - private_mgf1_t *this; - hasher_t *hasher; - size_t state_len; - - if (seed.len == 0) - { - DBG1(DBG_LIB, "empty seed for MGF1"); - return NULL; - } - - hasher = lib->crypto->create_hasher(lib->crypto, alg); - if (!hasher) - { - DBG1(DBG_LIB, "failed to create %N hasher for MGF1", - hash_algorithm_names, alg); - return NULL; - } - state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4; - - INIT(this, - .public = { - .get_hash_size = _get_hash_size, - .allocate_mask = _allocate_mask, - .get_mask = _get_mask, - .destroy = _destroy, - }, - .hasher = hasher, - .state = chunk_alloc(state_len), - ); - - /* determine position of the 4 octet counter string */ - this->ctr_str = this->state.ptr + state_len - 4; - - if (hash_seed) - { - if (!hasher->get_hash(hasher, seed, this->state.ptr)) - { - DBG1(DBG_LIB, "failed to hash seed for MGF1"); - destroy(this); - return NULL; - } - } - else - { - memcpy(this->state.ptr, seed.ptr, seed.len); - } - - return &this->public; -} diff --git a/src/libstrongswan/crypto/mgf1/mgf1.h b/src/libstrongswan/crypto/mgf1/mgf1.h deleted file mode 100644 index 592d31596..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (C) 2013-2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup mgf1 mgf1 - * @{ @ingroup crypto - */ - -#ifndef MGF1_H_ -#define MGF1_H_ - -typedef struct mgf1_t mgf1_t; - -#include - -/** - * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function - * defined in section 10.2.1 of RFC 2437 - */ -struct mgf1_t { - - /** - * Get the hash size of the underlying hash function - * - * @return hash size in bytes - */ - size_t (*get_hash_size)(mgf1_t *this); - - /** - * Generate a mask pattern and copy it to an output buffer - * If the maximum number of requests has been reached, reseeding occurs - * - * @param mask_len number of mask bytes to generate - * @param mask output buffer of minimum size mask_len - * @return TRUE if successful - */ - bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask); - - /** - * Generate a mask pattern and return it in an allocated chunk - * - * @param mask_len number of mask bytes to generate - * @param mask chunk containing generated mask - * @return TRUE if successful - */ - bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask); - - /** - * Destroy the MGF1 object - */ - void (*destroy)(mgf1_t *this); -}; - -/** - * Create an MGF1 object - * - * @param alg hash algorithm to be used by MGF1 - * @param seed seed used by MGF1 to generate mask from - * @param hash_seed hash seed before using it as a seed for MGF1 - */ -mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed); - -#endif /** MGF1_H_ @}*/ - diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c deleted file mode 100644 index ef0a2bd01..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "mgf1_bitspender.h" - -#include - -typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t; - -/** - * Private data structure for mgf1_bitspender_t object - */ -struct private_mgf1_bitspender_t { - /** - * Public interface. - */ - mgf1_bitspender_t public; - - /** - * MGF1 bit mask generator - */ - mgf1_t *mgf1; - - /** - * Octet storage (accommodates up to 64 octets) - */ - uint8_t octets[HASH_SIZE_SHA512]; - - /** - * Length of the returned hash value in octets - */ - int hash_len; - - /** - * Number of generated octets - */ - int octets_count; - - /** - * Number of available octets - */ - int octets_left; - - /** - * Bit storage (accommodates up to 32 bits) - */ - uint32_t bits; - - /** - * Number of available bits - */ - int bits_left; - - /** - * Byte storage (accommodates up to 4 bytes) - */ - uint8_t bytes[4]; - - /** - * Number of available bytes - */ - int bytes_left; - -}; - -METHOD(mgf1_bitspender_t, get_bits, bool, - private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits) -{ - int bits_now; - - *bits = 0x00000000; - - if (bits_needed == 0) - { - /* trivial */ - return TRUE; - } - if (bits_needed > 32) - { - /* too many bits requested */ - return FALSE; - } - - while (bits_needed) - { - if (this->bits_left == 0) - { - if (this->octets_left == 0) - { - /* get another block from MGF1 */ - if (!this->mgf1->get_mask(this->mgf1, this->hash_len, - this->octets)) - { - /* no block available */ - return FALSE; - } - this->octets_left = this->hash_len; - this->octets_count += this->hash_len; - } - this->bits = untoh32(this->octets + this->hash_len - - this->octets_left); - this->bits_left = 32; - this->octets_left -= 4; - } - if (bits_needed > this->bits_left) - { - bits_now = this->bits_left; - this->bits_left = 0; - bits_needed -= bits_now; - } - else - { - bits_now = bits_needed; - this->bits_left -= bits_needed; - bits_needed = 0; - } - if (bits_now == 32) - { - *bits = this->bits; - } - else - { - *bits <<= bits_now; - *bits |= this->bits >> this->bits_left; - if (this->bits_left) - { - this->bits &= 0xffffffff >> (32 - this->bits_left); - } - } - } - return TRUE; -} - -METHOD(mgf1_bitspender_t, get_byte, bool, - private_mgf1_bitspender_t *this, uint8_t *byte) -{ - if (this->bytes_left == 0) - { - if (this->octets_left == 0) - { - /* get another block from MGF1 */ - if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets)) - { - /* no block available */ - return FALSE; - } - this->octets_left = this->hash_len; - this->octets_count += this->hash_len; - } - memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4); - this->bytes_left = 4; - this->octets_left -= 4; - } - *byte = this->bytes[4 - this->bytes_left--]; - - return TRUE; -} - -METHOD(mgf1_bitspender_t, destroy, void, - private_mgf1_bitspender_t *this) -{ - DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count); - memwipe(this->octets, sizeof(this->octets)); - this->mgf1->destroy(this->mgf1); - free(this); -} - -/** - * See header. - */ -mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed) -{ - private_mgf1_bitspender_t *this; - mgf1_t *mgf1; - - mgf1 = mgf1_create(alg, seed, hash_seed); - if (!mgf1) - { - return NULL; - } - DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets", - hash_algorithm_short_names, alg, seed.len); - - INIT(this, - .public = { - .get_bits = _get_bits, - .get_byte = _get_byte, - .destroy = _destroy, - }, - .mgf1 = mgf1, - .hash_len = mgf1->get_hash_size(mgf1), - ); - - return &this->public; -} diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h deleted file mode 100644 index f7df8e834..000000000 --- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup mgf1_bitspender mgf1_bitspender - * @{ @ingroup mgf1 - */ - -#ifndef MGF1_BITSPENDER_H_ -#define MGF1_BITSPENDER_H_ - -#include -#include - -typedef struct mgf1_bitspender_t mgf1_bitspender_t; - -/** - * Generates a given number of pseudo-random bits at a time using MGF1 - */ -struct mgf1_bitspender_t { - - /** - * Get pseudo-random bits - * - * @param bits_needed Number of needed bits (1..32) - * @param bits Pseudo-random bits - * @result FALSE if internal MGF1 error occurred - */ - bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits); - - /** - * Get a pseudo-random byte - * - * @param byte Pseudo-random byte - * @result FALSE if internal MGF1 error occurred - */ - bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte); - - /** - * Destroy mgf1_bitspender_t object - */ - void (*destroy)(mgf1_bitspender_t *this); -}; - -/** - * Create a mgf1_bitspender_t object - * - * @param alg Hash algorithm to be used with MGF1 - * @param seed Seed used to initialize MGF1 - * @param hash_seed Hash seed before using it as a seed for MFG1 - */ -mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed, - bool hash_seed); - -#endif /** MGF1_BITSPENDER_H_ @}*/ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 282d40e7b..cd4e5763c 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -154,7 +154,7 @@ METHOD(proposal_keywords_t, register_algname_parser, void, private_proposal_keywords_t *this, proposal_algname_parser_t parser) { this->lock->write_lock(this->lock); - this->tokens->insert_first(this->parsers, parser); + this->parsers->insert_first(this->parsers, parser); this->lock->unlock(this->lock); } diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index ba4c895d7..b058ad288 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -59,12 +59,12 @@ struct proposal_token { uint16_t keysize; }; -#define TOTAL_KEYWORDS 140 +#define TOTAL_KEYWORDS 141 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 11 -#define MAX_HASH_VALUE 266 -/* maximum key range = 256, duplicates = 0 */ +#define MIN_HASH_VALUE 7 +#define MAX_HASH_VALUE 282 +/* maximum key range = 276, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned short asso_values[] = { - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 71, 4, - 20, 6, 48, 32, 10, 30, 5, 3, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 97, 267, 4, 8, 18, - 56, 107, 107, 78, 10, 4, 267, 267, 3, 5, - 7, 4, 30, 92, 104, 3, 32, 145, 267, 267, - 3, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, - 267, 267, 267, 267, 267, 267, 267 + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 75, 2, + 16, 16, 30, 26, 8, 35, 3, 1, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 29, 283, 10, 2, 16, + 46, 1, 23, 78, 4, 4, 283, 283, 1, 9, + 5, 2, 124, 117, 77, 106, 85, 27, 283, 283, + 1, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283, 283, 283, 283, + 283, 283, 283, 283, 283, 283, 283 }; register int hval = len; @@ -145,23 +145,20 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, + {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, @@ -171,14 +168,17 @@ static const struct proposal_token wordlist[] = {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, @@ -187,26 +187,32 @@ static const struct proposal_token wordlist[] = {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, @@ -215,106 +221,103 @@ static const struct proposal_token wordlist[] = {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, - {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, - {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, + {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"newhope128", DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = { + -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 1, -1, -1, + -1, -1, -1, -1, -1, -1, 2, -1, -1, -1, + 3, 4, -1, 5, 6, 7, 8, -1, -1, -1, + -1, 9, -1, -1, 10, 11, -1, 12, -1, 13, + 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, -1, 27, 28, 29, 30, 31, 32, + 33, 34, 35, 36, 37, 38, -1, 39, 40, 41, + 42, 43, 44, 45, 46, -1, 47, 48, -1, 49, + 50, 51, 52, 53, 54, -1, 55, 56, 57, 58, + 59, 60, 61, 62, 63, 64, -1, 65, -1, -1, + 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, + 76, 77, 78, 79, -1, 80, 81, 82, 83, -1, + 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, + 94, 95, 96, 97, 98, 99, 100, -1, 101, -1, + -1, -1, 102, -1, 103, 104, 105, 106, -1, 107, + -1, 108, 109, 110, 111, 112, 113, 114, -1, 115, + -1, 116, 117, -1, -1, 118, 119, 120, -1, 121, + -1, -1, 122, 123, 124, -1, 125, 126, 127, -1, + 128, 129, 130, -1, 131, 132, -1, -1, -1, -1, + -1, -1, 133, 134, -1, -1, -1, 135, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 136, -1, + -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 0, -1, -1, 1, -1, -1, -1, -1, -1, - -1, -1, -1, 2, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3, - 4, -1, 5, -1, 6, 7, -1, 8, 9, -1, - -1, -1, -1, -1, -1, 10, -1, 11, 12, 13, - 14, -1, -1, -1, 15, -1, 16, 17, -1, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, - -1, -1, 28, 29, 30, -1, 31, -1, 32, 33, - 34, -1, 35, 36, 37, 38, -1, 39, 40, 41, - 42, -1, 43, 44, -1, -1, -1, -1, -1, 45, - -1, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, -1, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, - 84, -1, 85, 86, -1, 87, 88, 89, 90, 91, - 92, -1, 93, 94, 95, 96, 97, 98, 99, 100, - -1, -1, 101, 102, 103, -1, -1, 104, 105, 106, - 107, 108, 109, -1, -1, 110, -1, 111, 112, 113, - 114, -1, 115, 116, -1, 117, 118, 119, 120, 121, - -1, -1, -1, -1, 122, 123, 124, -1, 125, -1, - -1, -1, 126, 127, 128, -1, 129, 130, 131, -1, - -1, 132, 133, -1, -1, -1, 134, -1, 135, 136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 138, -1, -1, 139 + -1, -1, -1, -1, -1, -1, -1, 138, 139, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 140 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 87602430d..3ac772962 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -167,5 +167,6 @@ ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0 ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0 ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0 ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0 +newhope128, DIFFIE_HELLMAN_GROUP, NH_128_BIT, 0 noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index 7c6678b61..808cb996e 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -17,13 +17,15 @@ #include #include -ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM, +ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION, "UNDEFINED_TRANSFORM_TYPE", "HASH_ALGORITHM", "RANDOM_NUMBER_GENERATOR", "AEAD_ALGORITHM", - "COMPRESSION_ALGORITHM"); -ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM, + "COMPRESSION_ALGORITHM", + "EXTENDED OUTPUT FUNCTION"); +ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, + EXTENDED_OUTPUT_FUNCTION, "ENCRYPTION_ALGORITHM", "PSEUDO_RANDOM_FUNCTION", "INTEGRITY_ALGORITHM", @@ -60,6 +62,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type) return diffie_hellman_group_names; case EXTENDED_SEQUENCE_NUMBERS: return extended_sequence_numbers_names; + case EXTENDED_OUTPUT_FUNCTION: + return ext_out_function_names; case UNDEFINED_TRANSFORM_TYPE: case COMPRESSION_ALGORITHM: break; diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 0cb84f0f5..e043e605c 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -34,6 +34,7 @@ enum transform_type_t { RANDOM_NUMBER_GENERATOR = 243, AEAD_ALGORITHM = 244, COMPRESSION_ALGORITHM = 245, + EXTENDED_OUTPUT_FUNCTION = 246, ENCRYPTION_ALGORITHM = 1, PSEUDO_RANDOM_FUNCTION = 2, INTEGRITY_ALGORITHM = 3, diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h new file mode 100644 index 000000000..5ad3a518a --- /dev/null +++ b/src/libstrongswan/crypto/xofs/mgf1.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mgf1 mgf1 + * @{ @ingroup crypto + */ + +#ifndef MGF1_H_ +#define MGF1_H_ + +typedef struct mgf1_t mgf1_t; + +#include "xof.h" + +/** + * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function + * defined in section 10.2.1 of RFC 2437 + */ +struct mgf1_t { + + /** + * Generic xof_t interface for this Extended Output Function (XOF). + */ + xof_t xof_interface; + + /** + * Hash the seed before using it as a seed for MGF1 + * + * @param yes TRUE if seed has to be hashed first + */ + void (*set_hash_seed)(mgf1_t *this, bool yes); +}; + +#endif /** MGF1_H_ @}*/ diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c new file mode 100644 index 000000000..1e9c2834b --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof.c @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xof.h" + +ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20, + "XOF_UNDEFINED", + "XOF_MGF1_SHA1", + "XOF_MGF1_SHA256", + "XOF_MGF1_SHA512", + "XOF_SHAKE128", + "XOF_SHAKE256", + "XOF_CHACHA20" +); + diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h new file mode 100644 index 000000000..8c9ae0131 --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof.h @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup xof xof + * @{ @ingroup crypto + */ + +#ifndef XOF_H_ +#define XOF_H_ + +typedef enum ext_out_function_t ext_out_function_t; +typedef struct xof_t xof_t; + +#include + +/** + * Extendable Output Functions. + */ +enum ext_out_function_t { + XOF_UNDEFINED, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA1, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA256, + /** RFC 2437 PKCS#1 */ + XOF_MGF1_SHA512, + /** FIPS 202 */ + XOF_SHAKE_128, + /** FIPS 202 */ + XOF_SHAKE_256, + /** RFC 7539 ChaCha20 */ + XOF_CHACHA20, +}; + +/** + * enum name for ext_out_function_t. + */ +extern enum_name_t *ext_out_function_names; + +/** + * Generic interface for Extended Output Function (XOF) + */ +struct xof_t { + + /** + * Return the type of the Extended Output Function + * + * @return XOF type + */ + ext_out_function_t (*get_type)(xof_t *this); + + /** + * Generates pseudo random bytes and writes them in the buffer. + * + * @param out_len number of output bytes requested + * @param buffer pointer where the generated bytes will be written + * @return TRUE if bytes generated successfully + */ + bool (*get_bytes)(xof_t *this, size_t out_len, + uint8_t *buffer) __attribute__((warn_unused_result)); + + /** + * Generates pseudo random bytes and allocate space for them. + * + * @param out_len number of output bytes requested + * @param chunk chunk which will hold generated bytes + * @return TRUE if bytes allocated and generated successfully + */ + bool (*allocate_bytes)(xof_t *this, size_t out_len, + chunk_t *chunk) __attribute__((warn_unused_result)); + + /** + * Get the output block size + * + * @return block size in bytes + */ + size_t (*get_block_size)(xof_t *this); + + /** + * Get the recommended minimum seed size + * + * @return seed size in bytes + */ + size_t (*get_seed_size)(xof_t *this); + + /** + * Set the key for this xof_t object. + * + * @param sed seed to set + * @return TRUE if XOF initialized with seed successfully + */ + bool (*set_seed)(xof_t *this, + chunk_t seed) __attribute__((warn_unused_result)); + + /** + * Destroys a xof object. + */ + void (*destroy)(xof_t *this); +}; + +#endif /** XOF_H_ @}*/ diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c new file mode 100644 index 000000000..f18b806a3 --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "xof_bitspender.h" +#include "mgf1.h" + +typedef struct private_xof_bitspender_t private_xof_bitspender_t; + +/** + * Private data structure for xof_bitspender_t object + */ +struct private_xof_bitspender_t { + /** + * Public interface. + */ + xof_bitspender_t public; + + /** + * Extended Output Function (XOF) + */ + xof_t *xof; + + /** + * Length of the returned hash value in octets + */ + int hash_len; + + /** + * Bit storage (accommodates up to 32 bits) + */ + uint32_t bits; + + /** + * Number of available bits + */ + int bits_left; + + /** + * Byte storage (accommodates up to 4 bytes) + */ + uint8_t bytes[4]; + + /** + * Number of available bytes + */ + int bytes_left; + + /** + * Number of octets spent + */ + int octet_count; + +}; + +static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer) +{ + if (!this->xof->get_bytes(this->xof, 4, buffer)) + { + /* no block available */ + return FALSE; + } + this->octet_count += 4; + + return TRUE; +} + +METHOD(xof_bitspender_t, get_bits, bool, + private_xof_bitspender_t *this, int bits_needed, uint32_t *bits) +{ + int bits_now; + + *bits = 0x00000000; + + if (bits_needed == 0) + { + /* trivial */ + return TRUE; + } + if (bits_needed > 32) + { + /* too many bits requested */ + return FALSE; + } + + while (bits_needed) + { + if (this->bits_left == 0) + { + uint8_t buf[4]; + + if (!get_next_block(this, buf)) + { + return FALSE; + } + this->bits = untoh32(buf); + this->bits_left = 32; + } + if (bits_needed > this->bits_left) + { + bits_now = this->bits_left; + this->bits_left = 0; + bits_needed -= bits_now; + } + else + { + bits_now = bits_needed; + this->bits_left -= bits_needed; + bits_needed = 0; + } + if (bits_now == 32) + { + *bits = this->bits; + } + else + { + *bits <<= bits_now; + *bits |= this->bits >> this->bits_left; + if (this->bits_left) + { + this->bits &= 0xffffffff >> (32 - this->bits_left); + } + } + } + + return TRUE; +} + +METHOD(xof_bitspender_t, get_byte, bool, + private_xof_bitspender_t *this, uint8_t *byte) +{ + if (this->bytes_left == 0) + { + if (!get_next_block(this, this->bytes)) + { + return FALSE; + } + this->bytes_left = 4; + } + *byte = this->bytes[4 - this->bytes_left--]; + + return TRUE; +} + +METHOD(xof_bitspender_t, destroy, void, + private_xof_bitspender_t *this) +{ + DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names, + this->xof->get_type(this->xof), this->octet_count); + memwipe(this->bytes, 4); + this->xof->destroy(this->xof); + free(this); +} + +/** + * See header. + */ +xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed, + bool hash_seed) +{ + private_xof_bitspender_t *this; + xof_t *xof; + + xof = lib->crypto->create_xof(lib->crypto, alg); + if (!xof) + { + return NULL; + } + + switch (alg) + { + case XOF_MGF1_SHA1: + case XOF_MGF1_SHA256: + case XOF_MGF1_SHA512: + { + mgf1_t *mgf1 = (mgf1_t*)xof; + + mgf1->set_hash_seed(mgf1, hash_seed); + break; + } + default: + break; + } + if (!xof->set_seed(xof, seed)) + { + xof->destroy(xof); + return NULL; + } + DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names, + alg, seed.len); + + INIT(this, + .public = { + .get_bits = _get_bits, + .get_byte = _get_byte, + .destroy = _destroy, + }, + .xof = xof, + ); + + return &this->public; +} diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h new file mode 100644 index 000000000..f42207903 --- /dev/null +++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup xof_bitspender xof_bitspender + * @{ @ingroup mgf1 + */ + +#ifndef XOF_BITSPENDER_H_ +#define XOF_BITSPENDER_H_ + +#include "xof.h" + +#include + +typedef struct xof_bitspender_t xof_bitspender_t; + +/** + * Generates a given number of pseudo-random bits at a time using an + * Extended Output Function (XOF) + */ +struct xof_bitspender_t { + + /** + * Get pseudo-random bits + * + * @param bits_needed Number of needed bits (1..32) + * @param bits Pseudo-random bits + * @result FALSE if internal MGF1 error occurred + */ + bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits); + + /** + * Get a pseudo-random byte + * + * @param byte Pseudo-random byte + * @result FALSE if internal MGF1 error occurred + */ + bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte); + + /** + * Destroy xof_bitspender_t object + */ + void (*destroy)(xof_bitspender_t *this); +}; + +/** + * Create a xof_bitspender_t object + * + * @param alg XOF to be used + * @param seed Seed used to initialize XOF + * @param hash_seed Hash seed before using it as a seed for MFG1 + */ +xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed, + bool hash_seed); + +#endif /** XOF_BITSPENDER_H_ @}*/ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index e130b93ee..4f79dcc5b 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -55,6 +55,13 @@ struct private_library_t { */ bool integrity_failed; +#ifdef LEAK_DETECTIVE + /** + * Where to write leak detective output to + */ + FILE *ld_out; +#endif + /** * Number of times we have been initialized */ @@ -95,32 +102,34 @@ library_t *lib = NULL; /** * Default leak report callback */ -static void report_leaks(void *user, int count, size_t bytes, - backtrace_t *bt, bool detailed) +CALLBACK(report_leaks, void, + private_library_t *this, int count, size_t bytes, backtrace_t *bt, + bool detailed) { - fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n", + fprintf(this->ld_out, "%zu bytes total, %d allocations, %zu bytes average:\n", bytes, count, bytes / count); - bt->log(bt, stderr, detailed); + bt->log(bt, this->ld_out, detailed); } /** * Default leak report summary callback */ -static void sum_leaks(void* user, int count, size_t bytes, int whitelisted) +CALLBACK(sum_leaks, void, + private_library_t *this, int count, size_t bytes, int whitelisted) { switch (count) { case 0: - fprintf(stderr, "No leaks detected"); + fprintf(this->ld_out, "No leaks detected"); break; case 1: - fprintf(stderr, "One leak detected"); + fprintf(this->ld_out, "One leak detected"); break; default: - fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes); + fprintf(this->ld_out, "%d leaks detected, %zu bytes", count, bytes); break; } - fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted); + fprintf(this->ld_out, ", %d suppressed by whitelist\n", whitelisted); } #endif /* LEAK_DETECTIVE */ @@ -172,6 +181,12 @@ void library_deinit() lib->leak_detective->destroy(lib->leak_detective); lib->leak_detective = NULL; } +#ifdef LEAK_DETECTIVE + if (this->ld_out && this->ld_out != stderr) + { + fclose(this->ld_out); + } +#endif /* LEAK_DETECTIVE */ backtrace_deinit(); arrays_deinit(); @@ -301,11 +316,22 @@ bool library_init(char *settings, const char *namespace) backtrace_init(); #ifdef LEAK_DETECTIVE + { + FILE *out = NULL; + char *log; + + log = getenv("LEAK_DETECTIVE_LOG"); + if (log) + { + out = fopen(log, "a"); + } + this->ld_out = out ?: stderr; + } lib->leak_detective = leak_detective_create(); if (lib->leak_detective) { lib->leak_detective->set_report_cb(lib->leak_detective, - report_leaks, sum_leaks, NULL); + report_leaks, sum_leaks, this); } #endif /* LEAK_DETECTIVE */ diff --git a/src/libstrongswan/math/libnttfft/Makefile.am b/src/libstrongswan/math/libnttfft/Makefile.am new file mode 100644 index 000000000..ec98abead --- /dev/null +++ b/src/libstrongswan/math/libnttfft/Makefile.am @@ -0,0 +1,15 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libnttfft.la + +libnttfft_la_SOURCES = \ + ntt_fft_reduce.h ntt_fft.h ntt_fft.c \ + ntt_fft_params.h ntt_fft_params.c + diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in new file mode 100644 index 000000000..1a5621399 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -0,0 +1,775 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/math/libnttfft +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(ipseclibdir)" +LTLIBRARIES = $(ipseclib_LTLIBRARIES) +libnttfft_la_LIBADD = +am_libnttfft_la_OBJECTS = ntt_fft.lo ntt_fft_params.lo +libnttfft_la_OBJECTS = $(am_libnttfft_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libnttfft_la_SOURCES) +DIST_SOURCES = $(libnttfft_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libnttfft.la +libnttfft_la_SOURCES = \ + ntt_fft_reduce.h ntt_fft.h ntt_fft.c \ + ntt_fft_params.h ntt_fft_params.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ + } + +uninstall-ipseclibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ + done + +clean-ipseclibLTLIBRARIES: + -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) + @list='$(ipseclib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libnttfft.la: $(libnttfft_la_OBJECTS) $(libnttfft_la_DEPENDENCIES) $(EXTRA_libnttfft_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libnttfft_la_OBJECTS) $(libnttfft_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft_params.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(ipseclibdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipseclibLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipseclibLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipseclibLTLIBRARIES install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-ipseclibLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/math/libnttfft/ntt_fft.c b/src/libstrongswan/math/libnttfft/ntt_fft.c new file mode 100644 index 000000000..f83dbfc7e --- /dev/null +++ b/src/libstrongswan/math/libnttfft/ntt_fft.c @@ -0,0 +1,207 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntt_fft.h" +#include "ntt_fft_reduce.h" + +/** + * Described in header. + */ +void libnttfft_init(void) +{ + /* empty */ +} + +typedef struct private_ntt_fft_t private_ntt_fft_t; + +/** + * Private data structure for ntt_fft_t object + */ +struct private_ntt_fft_t { + + /** + * Public interface. + */ + ntt_fft_t public; + + /** + * FFT parameter set used as constants + */ + const ntt_fft_params_t *p; + +}; + +METHOD(ntt_fft_t, get_size, uint16_t, + private_ntt_fft_t *this) +{ + return this->p->n; +} + +METHOD(ntt_fft_t, get_modulus, uint16_t, + private_ntt_fft_t *this) +{ + return this->p->q; +} + +/** + * Do an FFT butterfly operation + * + * x[i1] ---|+|------- x[i1] + * \/ + * /\ w[iw] + * x[i2] ---|-|--|*|-- x[i2] + * + */ +static void butterfly(private_ntt_fft_t *this, uint32_t *x, int i1,int i2, int iw) +{ + uint32_t xp, xm; + + xp = x[i1] + x[i2]; + xm = x[i1] + (this->p->q - x[i2]); + if (xp >= this->p->q) + { + xp -= this->p->q; + } + x[i1] = xp; + x[i2] = ntt_fft_mreduce(xm * this->p->wr[iw], this->p); +} + +/** + * Trivial butterfly operation of last FFT stage + */ +static void butterfly_last(private_ntt_fft_t *this, uint32_t *x, int i1) +{ + uint32_t xp, xm; + int i2 = i1 + 1; + + xp = x[i1] + x[i2]; + xm = x[i1] + (this->p->q - x[i2]); + if (xp >= this->p->q) + { + xp -= this->p->q; + } + if (xm >= this->p->q) + { + xm -= this->p->q; + } + x[i1] = xp; + x[i2] = xm; +} + +METHOD(ntt_fft_t, transform, void, + private_ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse) +{ + int stage, i, j, k, m, n, s, t, iw, i_rev; + uint32_t tmp; + + /* we are going to use the transform size n a lot */ + n = this->p->n; + s = this->p->s; + + if (!inverse) + { + /* apply linear phase needed for negative wrapped convolution */ + for (i = 0; i < n; i++) + { + b[i] = ntt_fft_mreduce(a[i] * this->p->wf[s*i], this->p); + } + } + else if (a != b) + { + /* copy if input and output array are not the same */ + for (i = 0; i < n; i++) + { + b[i] = a[i]; + } + } + + m = n; + k = 1; + + for (stage = this->p->stages; stage > 0; stage--) + { + m >>= 1; + t = 0; + + for (j = 0; j < k; j++) + { + if (stage == 1) + { + butterfly_last(this, b, t); + } + else + { + for (i = 0; i < m; i++) + { + iw = s * (inverse ? (n - i * k) : (i * k)); + butterfly(this, b, t + i, t + i + m, iw); + } + } + t += 2*m; + } + k <<= 1; + } + + /* Sort output in bit-reverse order */ + for (i = 0; i < n; i++) + { + i_rev = this->p->rev[i]; + + if (i_rev > i) + { + tmp = b[i]; + b[i] = b[i_rev]; + b[i_rev] = tmp; + } + } + + /** + * Compensate the linear phase needed for negative wrapped convolution + * and normalize the output array with 1/n mod q after the inverse FFT. + */ + if (inverse) + { + for (i = 0; i < n; i++) + { + b[i] = ntt_fft_mreduce(b[i] * this->p->wi[i], this->p); + } + } +} + +METHOD(ntt_fft_t, destroy, void, + private_ntt_fft_t *this) +{ + free(this); +} + +/** + * See header. + */ +ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params) +{ + private_ntt_fft_t *this; + + INIT(this, + .public = { + .get_size = _get_size, + .get_modulus = _get_modulus, + .transform = _transform, + .destroy = _destroy, + }, + .p = params, + ); + + return &this->public; +} diff --git a/src/libstrongswan/math/libnttfft/ntt_fft.h b/src/libstrongswan/math/libnttfft/ntt_fft.h new file mode 100644 index 000000000..c05bb4e37 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/ntt_fft.h @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntt_p libnttfft + * + * @defgroup ntt_fft ntt_fft + * @{ @ingroup ntt_p + */ + +#ifndef NTT_FFT_H_ +#define NTT_FFT_H_ + +#include "ntt_fft_params.h" + +#include + +typedef struct ntt_fft_t ntt_fft_t; + +/** + * Implements a Number Theoretic Transform (NTT) via the FFT algorithm + */ +struct ntt_fft_t { + + /** + * Get the size of the Number Theoretic Transform + * + * @result Transform size + */ + uint16_t (*get_size)(ntt_fft_t *this); + + /** + * Get the prime modulus of the Number Theoretic Transform + * + * @result Prime modulus + */ + uint16_t (*get_modulus)(ntt_fft_t *this); + + /** + * Compute the [inverse] NTT of a polynomial + * + * @param a Coefficient of input polynomial + * @param b Coefficient of output polynomial + * @param inverse TRUE if the inverse NTT has to be computed + */ + void (*transform)(ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse); + + /** + * Destroy ntt_fft_t object + */ + void (*destroy)(ntt_fft_t *this); +}; + +/** + * Create a ntt_fft_t object for a given FFT parameter set + * + * @param params FFT parameters + */ +ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params); + +/** + * Dummy libnttfft initialization function needed for integrity test + */ +void libnttfft_init(void); + + +#endif /** NTT_FFT_H_ @}*/ diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.c b/src/libstrongswan/math/libnttfft/ntt_fft_params.c new file mode 100644 index 000000000..4daac272a --- /dev/null +++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.c @@ -0,0 +1,652 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntt_fft_params.h" + +/** + * FFT twiddle factors in Montgomery form for q = 12289 and n = 1024 + */ +static const uint16_t wr_12289_1024[] = { + 4075, 3051, 2031, 1207, 9987, 10092, 2948, 9273, 11973, 9094, + 3202, 9430, 7377, 5092, 3728, 10626, 4536, 1062, 2882, 6039, + 975, 10908, 6065, 2249, 11889, 4978, 10431, 7270, 12138, 4890, + 6119, 4895, 6364, 4611, 4737, 10911, 6212, 9452, 8455, 8758, + 11316, 1479, 11026, 11847, 2920, 7901, 6190, 8374, 4789, 1170, + 8174, 7278, 241, 11809, 1058, 2686, 8724, 9650, 5868, 4885, + 5874, 5179, 7991, 10600, 3262, 81, 3969, 10146, 5594, 3748, + 11606, 3400, 6843, 3504, 11939, 7428, 7591, 3289, 1404, 7351, + 3818, 2747, 11713, 8643, 5681, 8011, 11580, 2126, 5862, 4591, + 3757, 12047, 431, 8830, 2555, 2305, 2344, 4255, 11871, 4096, + + 4080, 3296, 1747, 11869, 3998, 11567, 1489, 11516, 11279, 11955, + 8212, 9140, 5456, 9275, 12071, 1607, 5009, 11950, 7967, 9424, + 7083, 2975, 10596, 3066, 2766, 355, 5106, 4414, 7373, 4896, + 6413, 7012, 11785, 12171, 6507, 11618, 3988, 11077, 2057, 2481, + 10968, 9005, 11130, 4654, 6844, 3553, 2051, 2187, 8851, 3584, + 3570, 2884, 6137, 5777, 426, 8585, 2839, 3932, 8333, 2780, + 1041, 1853, 4774, 435, 9026, 12159, 5919, 7384, 5435, 8246, + 10806, 1067, 3127, 5755, 11637, 4919, 7540, 790, 1843, 4284, + 1003, 12280, 11848, 2969, 10302, 949, 9634, 5084, 3336, 3707, + 9597, 3271, 522, 1000, 12133, 4645, 6403, 6522, 64, 3136, + + 6196, 8668, 6906, 6591, 3445, 9048, 948, 9585, 2683, 8577, + 2447, 9302, 1105, 4989, 10970, 9103, 3643, 6461, 9364, 4143, + 6383, 5542, 1200, 9644, 5574, 2768, 453, 9908, 6221, 9893, + 5486, 10745, 10367, 4134, 5942, 8511, 11502, 10593, 2919, 7852, + 3789, 1326, 3529, 875, 6008, 11745, 10211, 8779, 56, 2744, + 11566, 1440, 9115, 4231, 10695, 7917, 6974, 9923, 6956, 9041, + 605, 5067, 2503, 12046, 382, 6429, 7796, 1045, 2049, 2089, + 4049, 1777, 1050, 2294, 1805, 2422, 8077, 2525, 835, 4048, + 1728, 10938, 7535, 545, 2127, 5911, 6992, 10805, 1018, 726, + 10996, 10377, 4624, 5374, 5257, 11813, 1254, 1, 49, 2401, + + 7048, 1260, 295, 2166, 7822, 2319, 3030, 1002, 12231, 9447, + 8210, 9042, 654, 7468, 9551, 1017, 677, 8595, 3329, 3364, + 5079, 3091, 3991, 11224, 9260, 11336, 2459, 9890, 5339, 3542, + 1512, 354, 5057, 2013, 325, 3636, 6118, 4846, 3963, 9852, + 3477, 10616, 4046, 1630, 6136, 5728, 10314, 1537, 1579, 3637, + 6167, 7247, 11011, 11112, 3772, 493, 11868, 3949, 9166, 6730, + 10256, 10984, 9789, 390, 6821, 2426, 8273, 12129, 4449, 9088, + 2908, 7313, 1956, 9821, 1958, 9919, 6760, 11726, 9280, 27, + 1323, 3382, 5961, 9442, 7965, 9326, 2281, 1168, 8076, 2476, + 10723, 9289, 468, 10643, 5369, 5012, 12097, 2881, 5990, 10863, + + 3860, 4805, 1954, 9723, 9445, 8112, 4240, 11136, 4948, 8961, + 8974, 9611, 3957, 9558, 1360, 5195, 8775, 12149, 5429, 7952, + 8689, 7935, 7856, 3985, 10930, 7143, 5915, 7188, 8120, 4632, + 5766, 12176, 6752, 11334, 2361, 5088, 3532, 1022, 922, 8311, + 1702, 9664, 6554, 1632, 6234, 10530, 12121, 4057, 2169, 7969, + 9522, 11885, 4782, 827, 3656, 7098, 3710, 9744, 10474, 9377, + 4780, 729, 11143, 5291, 1190, 9154, 6142, 6022, 142, 6958, + 9139, 5407, 6874, 5023, 347, 4714, 9784, 145, 7105, 4053, + 1973, 10654, 5908, 6845, 3602, 4452, 9235, 10111, 3879, 5736, + 10706, 8456, 8807, 1428, 8527, 12286, 12142, 5086, 3434, 8509, + + 11404, 5791, 1112, 5332, 3199, 9283, 174, 8526, 12237, 9741, + 10327, 2174, 8214, 9238, 10258, 11082, 2302, 2197, 9341, 3016, + 316, 3195, 9087, 2859, 4912, 7197, 8561, 1663, 7753, 11227, + 9407, 6250, 11314, 1381, 6224, 10040, 400, 7311, 1858, 5019, + 151, 7399, 6170, 7394, 5925, 7678, 7552, 1378, 6077, 2837, + 3834, 3531, 973, 10810, 1263, 442, 9369, 4388, 6099, 3915, + 7500, 11119, 4115, 5011, 12048, 480, 11231, 9603, 3565, 2639, + 6421, 7404, 6415, 7110, 4298, 1689, 9027, 12208, 8320, 2143, + 6695, 8541, 683, 8889, 5446, 8785, 350, 4861, 4698, 9000, + 10885, 4938, 8471, 9542, 576, 3646, 6608, 4278, 709, 10163, + + 6427, 7698, 8532, 242, 11858, 3459, 9734, 9984, 9945, 8034, + 418, 8193, 8209, 8993, 10542, 420, 8291, 722, 10800, 773, + 1010, 334, 4077, 3149, 6833, 3014, 218, 10682, 7280, 339, + 4322, 2865, 5206, 9314, 1693, 9223, 9523, 11934, 7183, 7875, + 4916, 7393, 5876, 5277, 504, 118, 5782, 671, 8301, 1212, + 10232, 9808, 1321, 3284, 1159, 7635, 5445, 8736, 10238, 10102, + 3438, 8705, 8719, 9405, 6152, 6512, 11863, 3704, 9450, 8357, + 3956, 9509, 11248, 10436, 7515, 11854, 3263, 130, 6370, 4905, + 6854, 4043, 1483, 11222, 9162, 6534, 652, 7370, 4749, 11499, + 10446, 8005, 11286, 9, 441, 9320, 1987, 11340, 2655, 7205, + + 8953, 8582, 2692, 9018, 11767, 11289, 156, 7644, 5886, 5767, + 12225, 9153, 6093, 3621, 5383, 5698, 8844, 3241, 11341, 2704, + 9606, 3712, 9842, 2987, 11184, 7300, 1319, 3186, 8646, 5828, + 2925, 8146, 5906, 6747, 11089, 2645, 6715, 9521, 11836, 2381, + 6068, 2396, 6803, 1544, 1922, 8155, 6347, 3778, 787, 1696, + 9370, 4437, 8500, 10963, 8760, 11414, 6281, 544, 2078, 3510, + 12233, 9545, 723, 10849, 3174, 8058, 1594, 4372, 5315, 2366, + 5333, 3248, 11684, 7222, 9786, 243, 11907, 5860, 4493, 11244, + 10240, 10200, 8240, 10512, 11239, 9995, 10484, 9867, 4212, 9764, + 11454, 8241, 10561, 1351, 4754, 11744, 10162, 6378, 5297, 1484, + + 11271, 11563, 1293, 1912, 7665, 6915, 7032, 476, 11035, 12288, + 12240, 9888, 5241, 11029, 11994, 10123, 4467, 9970, 9259, 11287, + 58, 2842, 4079, 3247, 11635, 4821, 2738, 11272, 11612, 3694, + 8960, 8925, 7210, 9198, 8298, 1065, 3029, 953, 9830, 2399, + 6950, 8747, 10777, 11935, 7232, 10276, 11964, 8653, 6171, 7443, + 8326, 2437, 8812, 1673, 8243, 10659, 6153, 6561, 1975, 10752, + 10710, 8652, 6122, 5042, 1278, 1177, 8517, 11796, 421, 8340, + 3123, 5559, 2033, 1305, 2500, 11899, 5468, 9863, 4016, 160, + 7840, 3201, 9381, 4976, 10333, 2468, 10331, 2370, 5529, 563, + 3009, 12262, 10966, 8907, 6328, 2847, 4324, 2963, 10008, 11121, + + 4213, 9813, 1566, 3000, 11821, 1646, 6920, 7277, 192, 9408, + 6299, 1426, 8429, 7484, 10335, 2566, 2844, 4177, 8049, 1153, + 7341, 3328, 3315, 2678, 8332, 2731, 10929, 7094, 3514, 140, + 6860, 4337, 3600, 4354, 4433, 8304, 1359, 5146, 6374, 5101, + 4169, 7657, 6523, 113, 5537, 955, 9928, 7201, 8757, 11267, + 11367, 3978, 10587, 2625, 5735, 10657, 6055, 1759, 168, 8232, + 10120, 4320, 2767, 404, 7507, 11462, 8633, 5191, 8579, 2545, + 1815, 2912, 7509, 11560, 1146, 6998, 11099, 3135, 6147, 6267, + 12147, 5331, 3150, 6882, 5415, 7266, 11942, 7575, 2505, 12144, + 5184, 8236, 10316, 1635, 6381, 5444, 8687, 7837, 3054, 2178, + + 8410, 6553, 1583, 3833, 3482, 10861, 3762, 3, 147, 7203, + 8855, 3780, 885, 6498, 11177, 6957, 9090, 3006, 12115, 3763, + 52, 2548, 1962, 10115, 4075 +}; + +/** + * FFT phase shift in forward transform for q = 12289 and n = 1024 + */ +static const uint16_t wf_12289_1024[] = { + 3186, 10013, 8646, 11366, 5828, 3929, 2925, 8186, 8146, 7866, + 5906, 4475, 6747, 10362, 11089, 3889, 2645, 6226, 6715, 10138, + 9521, 5202, 11836, 9118, 2381, 4378, 6068, 5609, 2396, 4483, + 6803, 10754, 1544, 10808, 1922, 1165, 8155, 7929, 6347, 7562, + 3778, 1868, 787, 5509, 1696, 11872, 9370, 4145, 4437, 6481, + 8500, 10344, 10963, 3007, 8760, 12164, 11414, 6164, 6281, 7100, + 544, 3808, 2078, 2257, 3510, 12281, 12233, 11897, 9545, 5370, + 723, 5061, 10849, 2209, 3174, 9929, 8058, 7250, 1594, 11158, + 4372, 6026, 5315, 338, 2366, 4273, 5333, 464, 3248, 10447, + 11684, 8054, 7222, 1398, 9786, 7057, 243, 1701, 11907, 9615, + + 5860, 4153, 4493, 6873, 11244, 4974, 10240, 10235, 10200, 9955, + 8240, 8524, 10512, 12139, 11239, 4939, 9995, 8520, 10484, 11943, + 9867, 7624, 4212, 4906, 9764, 6903, 11454, 6444, 8241, 8531, + 10561, 193, 1351, 9457, 4754, 8700, 11744, 8474, 10162, 9689, + 6378, 7779, 5297, 212, 1484, 10388, 11271, 5163, 11563, 7207, + 1293, 9051, 1912, 1095, 7665, 4499, 6915, 11538, 7032, 68, + 476, 3332, 11035, 3511, 12288, 12282, 12240, 11946, 9888, 7771, + 5241, 12109, 11029, 3469, 11994, 10224, 10123, 9416, 4467, 6691, + 9970, 8345, 9259, 3368, 11287, 5275, 58, 406, 2842, 7605, + 4079, 3975, 3247, 10440, 11635, 7711, 4821, 9169, 2738, 6877, + + 11272, 5170, 11612, 7550, 3694, 1280, 8960, 1275, 8925, 1030, + 7210, 1314, 9198, 2941, 8298, 8930, 1065, 7455, 3029, 8914, + 953, 6671, 9830, 7365, 2399, 4504, 6950, 11783, 8747, 12073, + 10777, 1705, 11935, 9811, 7232, 1468, 10276, 10487, 11964, 10014, + 8653, 11415, 6171, 6330, 7443, 2945, 8326, 9126, 2437, 4770, + 8812, 239, 1673, 11711, 8243, 8545, 10659, 879, 6153, 6204, + 6561, 9060, 1975, 1536, 10752, 1530, 10710, 1236, 8652, 11408, + 6122, 5987, 5042, 10716, 1278, 8946, 1177, 8239, 8517, 10463, + 11796, 8838, 421, 2947, 8340, 9224, 3123, 9572, 5559, 2046, + 2033, 1942, 1305, 9135, 2500, 5211, 11899, 9559, 5468, 1409, + + 9863, 7596, 4016, 3534, 160, 1120, 7840, 5724, 3201, 10118, + 9381, 4222, 4976, 10254, 10333, 10886, 2468, 4987, 10331, 10872, + 2370, 4301, 5529, 1836, 563, 3941, 3009, 8774, 12262, 12100, + 10966, 3028, 8907, 904, 6328, 7429, 2847, 7640, 4324, 5690, + 2963, 8452, 10008, 8611, 11121, 4113, 4213, 4913, 9813, 7246, + 1566, 10962, 3000, 8711, 11821, 9013, 1646, 11522, 6920, 11573, + 7277, 1783, 192, 1344, 9408, 4411, 6299, 7226, 1426, 9982, + 8429, 9847, 7484, 3232, 10335, 10900, 2566, 5673, 2844, 7619, + 4177, 4661, 8049, 7187, 1153, 8071, 7341, 2231, 3328, 11007, + 3315, 10916, 2678, 6457, 8332, 9168, 2731, 6828, 10929, 2769, + + 7094, 502, 3514, 20, 140, 980, 6860, 11153, 4337, 5781, + 3600, 622, 4354, 5900, 4433, 6453, 8304, 8972, 1359, 9513, + 5146, 11444, 6374, 7751, 5101, 11129, 4169, 4605, 7657, 4443, + 6523, 8794, 113, 791, 5537, 1892, 955, 6685, 9928, 8051, + 7201, 1251, 8757, 12143, 11267, 5135, 11367, 5835, 3978, 3268, + 10587, 375, 2625, 6086, 5735, 3278, 10657, 865, 6055, 5518, + 1759, 24, 168, 1176, 8232, 8468, 10120, 9395, 4320, 5662, + 2767, 7080, 404, 2828, 7507, 3393, 11462, 6500, 8633, 11275, + 5191, 11759, 8579, 10897, 2545, 5526, 1815, 416, 2912, 8095, + 7509, 3407, 11560, 7186, 1146, 8022, 6998, 12119, 11099, 3959, + + 3135, 9656, 6147, 6162, 6267, 7002, 12147, 11295, 5331, 450, + 3150, 9761, 6882, 11307, 5415, 1038, 7266, 1706, 11942, 9860, + 7575, 3869, 2505, 5246, 12144, 11274, 5184, 11710, 8236, 8496, + 10316, 10767, 1635, 11445, 6381, 7800, 5444, 1241, 8687, 11653, + 7837, 5703, 3054, 9089, 2178, 2957, 8410, 9714, 6553, 9004, + 1583, 11081, 3833, 2253, 3482, 12085, 10861, 2293, 3762, 1756, + 3, 21, 147, 1029, 7203, 1265, 8855, 540, 3780, 1882, + 885, 6195, 6498, 8619, 11177, 4505, 6957, 11832, 9090, 2185, + 3006, 8753, 12115, 11071, 3763, 1763, 52, 364, 2548, 5547, + 1962, 1445, 10115, 9360, 4075, 3947, 3051, 9068, 2031, 1928, + + 1207, 8449, 9987, 8464, 10092, 9199, 2948, 8347, 9273, 3466, + 11973, 10077, 9094, 2213, 3202, 10125, 9430, 4565, 7377, 2483, + 5092, 11066, 3728, 1518, 10626, 648, 4536, 7174, 1062, 7434, + 2882, 7885, 6039, 5406, 975, 6825, 10908, 2622, 6065, 5588, + 2249, 3454, 11889, 9489, 4978, 10268, 10431, 11572, 7270, 1734, + 12138, 11232, 4890, 9652, 6119, 5966, 4895, 9687, 6364, 7681, + 4611, 7699, 4737, 8581, 10911, 2643, 6212, 6617, 9452, 4719, + 8455, 10029, 8758, 12150, 11316, 5478, 1479, 10353, 11026, 3448, + 11847, 9195, 2920, 8151, 7901, 6151, 6190, 6463, 8374, 9462, + 4789, 8945, 1170, 8190, 8174, 8062, 7278, 1790, 241, 1687, + + 11809, 8929, 1058, 7406, 2686, 6513, 8724, 11912, 9650, 6105, + 5868, 4209, 4885, 9617, 5874, 4251, 5179, 11675, 7991, 6781, + 10600, 466, 3262, 10545, 81, 567, 3969, 3205, 10146, 9577, + 5594, 2291, 3748, 1658, 11606, 7508, 3400, 11511, 6843, 11034, + 3504, 12239, 11939, 9839, 7428, 2840, 7591, 3981, 3289, 10734, + 1404, 9828, 7351, 2301, 3818, 2148, 2747, 6940, 11713, 8257, + 8643, 11345, 5681, 2900, 8011, 6921, 11580, 7326, 2126, 2593, + 5862, 4167, 4591, 7559, 3757, 1721, 12047, 10595, 431, 3017, + 8830, 365, 2555, 5596, 2305, 3846, 2344, 4119, 4255, 5207, + 11871, 9363, 4096, 4094, 4080, 3982, 3296, 10783, 1747, 12229, + + 11869, 9349, 3998, 3408, 11567, 7235, 1489, 10423, 11516, 6878, + 11279, 5219, 11955, 9951, 8212, 8328, 9140, 2535, 5456, 1325, + 9275, 3480, 12071, 10763, 1607, 11249, 5009, 10485, 11950, 9916, + 7967, 6613, 9424, 4523, 7083, 425, 2975, 8536, 10596, 438, + 3066, 9173, 2766, 7073, 355, 2485, 5106, 11164, 4414, 6320, + 7373, 2455, 4896, 9694, 6413, 8024, 7012, 12217, 11785, 8761, + 12171, 11463, 6507, 8682, 11618, 7592, 3988, 3338, 11077, 3805, + 2057, 2110, 2481, 5078, 10968, 3042, 9005, 1590, 11130, 4176, + 4654, 8000, 6844, 11041, 3553, 293, 2051, 2068, 2187, 3020, + 8851, 512, 3584, 510, 3570, 412, 2884, 7899, 6137, 6092, + + 5777, 3572, 426, 2982, 8585, 10939, 2839, 7584, 3932, 2946, + 8333, 9175, 2780, 7171, 1041, 7287, 1853, 682, 4774, 8840, + 435, 3045, 9026, 1737, 12159, 11379, 5919, 4566, 7384, 2532, + 5435, 1178, 8246, 8566, 10806, 1908, 1067, 7469, 3127, 9600, + 5755, 3418, 11637, 7725, 4919, 9855, 7540, 3624, 790, 5530, + 1843, 612, 4284, 5410, 1003, 7021, 12280, 12226, 11848, 9202, + 2969, 8494, 10302, 10669, 949, 6643, 9634, 5993, 5084, 11010, + 3336, 11063, 3707, 1371, 9597, 5734, 3271, 10608, 522, 3654, + 1000, 7000, 12133, 11197, 4645, 7937, 6403, 7954, 6522, 8787, + 64, 448, 3136, 9663, 6196, 6505, 8668, 11520, 6906, 11475, + + 6591, 9270, 3445, 11826, 9048, 1891, 948, 6636, 9585, 5650, + 2683, 6492, 8577, 10883, 2447, 4840, 9302, 3669, 1105, 7735, + 4989, 10345, 10970, 3056 +}; + +/** + * FFT phase shift and scaling inverse transform for q = 12289 and n = 1024 + */ +static const uint16_t wi_12289_1024[] = { + 12277, 5265, 9530, 3117, 5712, 816, 10650, 3277, 9246, 4832, + 5957, 851, 10655, 10300, 3227, 461, 3577, 511, 73, 1766, + 5519, 2544, 2119, 7325, 2802, 5667, 11343, 3376, 5749, 6088, + 7892, 2883, 3923, 2316, 3842, 4060, 580, 3594, 2269, 9102, + 6567, 9716, 1388, 5465, 7803, 8137, 2918, 3928, 9339, 10112, + 11978, 10489, 3254, 3976, 568, 8859, 11799, 12219, 12279, 10532, + 12038, 8742, 4760, 680, 8875, 4779, 7705, 8123, 2916, 10950, + 6831, 4487, 641, 10625, 5029, 2474, 2109, 5568, 2551, 2120, + 3814, 4056, 2335, 10867, 3308, 11006, 6839, 977, 10673, 8547, + 1221, 1930, 7298, 11576, 8676, 2995, 3939, 7585, 11617, 12193, + + 5253, 2506, 358, 8829, 6528, 11466, 1638, 234, 1789, 10789, + 6808, 11506, 8666, 1238, 3688, 4038, 4088, 584, 1839, 7285, + 8063, 4663, 9444, 10127, 8469, 4721, 2430, 9125, 11837, 1691, + 10775, 6806, 6239, 6158, 7902, 4640, 4174, 5863, 11371, 3380, + 3994, 11104, 6853, 979, 3651, 11055, 6846, 978, 7162, 9801, + 10178, 1454, 7230, 4544, 9427, 8369, 11729, 12209, 10522, 10281, + 8491, 1213, 5440, 9555, 1365, 195, 3539, 11039, 1577, 5492, + 11318, 5128, 11266, 3365, 7503, 4583, 7677, 8119, 4671, 5934, + 7870, 6391, 913, 1886, 2025, 5556, 7816, 11650, 6931, 9768, + 3151, 9228, 6585, 7963, 11671, 6934, 11524, 6913, 11521, 5157, + + 7759, 2864, 9187, 3068, 5705, 815, 1872, 2023, 289, 5308, + 6025, 7883, 9904, 4926, 7726, 8126, 4672, 2423, 9124, 3059, + 437, 1818, 7282, 6307, 901, 7151, 11555, 8673, 1239, 177, + 5292, 756, 108, 1771, 253, 8814, 10037, 4945, 2462, 7374, + 2809, 5668, 7832, 4630, 2417, 5612, 7824, 8140, 4674, 7690, + 11632, 8684, 11774, 1682, 5507, 7809, 11649, 10442, 8514, 6483, + 9704, 6653, 2706, 10920, 1560, 3734, 2289, 327, 7069, 4521, + 4157, 4105, 2342, 10868, 12086, 12260, 3507, 501, 10605, 1515, + 1972, 7304, 2799, 3911, 7581, 1083, 7177, 6292, 4410, 630, + 90, 3524, 2259, 7345, 6316, 6169, 6148, 6145, 4389, 627, + + 10623, 12051, 12255, 8773, 6520, 2687, 3895, 2312, 5597, 11333, + 1619, 5498, 2541, 363, 3563, 509, 7095, 11547, 12183, 3496, + 2255, 9100, 1300, 7208, 8052, 6417, 7939, 9912, 1416, 5469, + 6048, 864, 1879, 2024, 9067, 6562, 2693, 7407, 9836, 10183, + 8477, 1211, 173, 7047, 8029, 1147, 3675, 525, 75, 7033, + 8027, 8169, 1167, 7189, 1027, 7169, 9802, 6667, 2708, 3898, + 4068, 9359, 1337, 191, 5294, 6023, 2616, 7396, 11590, 8678, + 8262, 6447, 921, 10665, 12057, 3478, 4008, 11106, 12120, 3487, + 9276, 10103, 6710, 11492, 8664, 8260, 1180, 10702, 5040, 720, + 3614, 5783, 9604, 1372, 196, 28, 4, 10534, 5016, 11250, + + 10385, 12017, 8739, 3004, 9207, 6582, 6207, 7909, 4641, 663, + 7117, 8039, 2904, 3926, 4072, 7604, 6353, 11441, 3390, 5751, + 11355, 10400, 8508, 2971, 2180, 2067, 5562, 11328, 6885, 11517, + 6912, 2743, 3903, 11091, 3340, 9255, 10100, 4954, 7730, 6371, + 9688, 1384, 7220, 2787, 9176, 4822, 4200, 600, 7108, 2771, + 3907, 9336, 8356, 8216, 8196, 4682, 4180, 9375, 6606, 7966, + 1138, 10696, 1528, 5485, 11317, 8639, 10012, 6697, 7979, 4651, + 2420, 7368, 11586, 10433, 3246, 7486, 2825, 10937, 3318, 474, + 7090, 4524, 5913, 7867, 4635, 9440, 11882, 3453, 5760, 4334, + 9397, 3098, 10976, 1568, 224, 32, 10538, 3261, 3977, 9346, + + 10113, 8467, 11743, 12211, 3500, 500, 1827, 261, 5304, 7780, + 2867, 10943, 6830, 7998, 11676, 1668, 5505, 2542, 9141, 4817, + 9466, 6619, 11479, 5151, 4247, 7629, 4601, 5924, 6113, 6140, + 9655, 6646, 2705, 2142, 306, 7066, 2765, 395, 1812, 3770, + 11072, 8604, 10007, 11963, 1709, 9022, 4800, 7708, 9879, 6678, + 954, 5403, 4283, 4123, 589, 8862, 1266, 3692, 2283, 9104, + 11834, 12224, 7013, 4513, 7667, 6362, 4420, 2387, 341, 7071, + 9788, 6665, 9730, 1390, 10732, 10311, 1473, 1966, 3792, 7564, + 11614, 10437, 1491, 213, 1786, 9033, 3046, 9213, 10094, 1442, + 206, 1785, 255, 1792, 256, 10570, 1510, 7238, 1034, 7170, + + 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647, + 1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, + 3796, 5809, 4341, 9398, 11876, 12230, 10525, 12037, 12253, 3506, + 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, + 7387, 6322, 9681, 1383, 10731, 1533, 219, 5298, 4268, 7632, + 6357, 9686, 8406, 4712, 9451, 10128, 4958, 5975, 11387, 8649, + 11769, 6948, 11526, 12180, 1740, 10782, 6807, 2728, 7412, 4570, + 4164, 4106, 11120, 12122, 8754, 11784, 3439, 5758, 11356, 6889, + 9762, 11928, 1704, 1999, 10819, 12079, 12259, 7018, 11536, 1648, + 1991, 2040, 2047, 2048, 10826, 12080, 8748, 8272, 8204, 1172, + + 1923, 7297, 2798, 7422, 6327, 4415, 7653, 6360, 11442, 12168, + 7005, 8023, 9924, 8440, 8228, 2931, 7441, 1063, 3663, 5790, + 9605, 10150, 1450, 8985, 11817, 10466, 10273, 12001, 3470, 7518, + 1074, 1909, 7295, 9820, 4914, 702, 5367, 7789, 8135, 9940, + 1420, 3714, 11064, 12114, 12264, 1752, 5517, 9566, 11900, 1700, + 3754, 5803, 829, 1874, 7290, 2797, 10933, 5073, 7747, 8129, + 6428, 6185, 11417, 1631, 233, 5300, 9535, 10140, 11982, 8734, + 8270, 2937, 10953, 8587, 8249, 2934, 9197, 4825, 5956, 4362, + 9401, 1343, 3703, 529, 10609, 12049, 6988, 6265, 895, 3639, + 4031, 4087, 4095, 585, 10617, 8539, 4731, 4187, 9376, 3095, + + 9220, 10095, 10220, 1460, 10742, 12068, 1724, 5513, 11321, 6884, + 2739, 5658, 6075, 4379, 11159, 10372, 8504, 4726, 9453, 3106, + 7466, 11600, 10435, 8513, 9994, 8450, 9985, 3182, 10988, 8592, + 2983, 9204, 4826, 2445, 5616, 6069, 867, 3635, 5786, 11360, + 5134, 2489, 10889, 12089, 1727, 7269, 2794, 9177, 1311, 5454, + 9557, 6632, 2703, 9164, 10087, 1441, 3717, 531, 3587, 2268, + 324, 5313, 759, 1864, 5533, 2546, 7386, 9833, 8427, 4715, + 11207, 1601, 7251, 4547, 11183, 12131, 1733, 10781, 10318, 1474, + 10744, 5046, 4232, 11138, 10369, 6748, 964, 7160, 4534, 7670, + 8118, 8182, 4680, 11202, 6867, 981, 8918, 1274, 182, 26, + + 7026, 8026, 11680, 12202, 10521, 1503, 7237, 4545, 5916, 9623, + 8397, 11733, 10454, 3249, 9242, 6587, 941, 1890, 270, 10572, + 6777, 9746, 6659, 6218, 6155, 6146, 878, 1881, 7291, 11575, + 12187, 1741, 7271, 8061, 11685, 6936, 4502, 9421, 4857, 4205, + 7623, 1089, 10689, 1527, 8996, 10063, 11971, 10488, 6765, 2722, + 3900, 9335, 11867, 6962, 11528, 5158, 4248, 4118, 5855, 2592, + 5637, 6072, 2623, 7397, 8079, 9932, 4930, 5971, 853, 3633, + 519, 8852, 11798, 3441, 11025, 1575, 225, 8810, 11792, 12218, + 3501, 9278, 3081, 9218, 4828, 7712, 8124, 11694, 12204, 3499, + 4011, 573, 3593, 5780, 7848, 9899, 10192, 1456, 208, 7052, + + 2763, 7417, 11593, 10434, 12024, 8740, 11782, 10461, 3250, 5731, + 7841, 9898, 1414, 202, 3540, 7528, 2831, 2160, 10842, 5060, + 4234, 4116, 588, 84 +}; + +/** + * Bit-reversed indices for n = 1024 + */ +static const uint16_t rev_1024[] = { + 0, 512, 256, 768, 128, 640, 384, 896, 64, 576, + 320, 832, 192, 704, 448, 960, 32, 544, 288, 800, + 160, 672, 416, 928, 96, 608, 352, 864, 224, 736, + 480, 992, 16, 528, 272, 784, 144, 656, 400, 912, + 80, 592, 336, 848, 208, 720, 464, 976, 48, 560, + 304, 816, 176, 688, 432, 944, 112, 624, 368, 880, + 240, 752, 496, 1008, 8, 520, 264, 776, 136, 648, + 392, 904, 72, 584, 328, 840, 200, 712, 456, 968, + 40, 552, 296, 808, 168, 680, 424, 936, 104, 616, + 360, 872, 232, 744, 488, 1000, 24, 536, 280, 792, + + 152, 664, 408, 920, 88, 600, 344, 856, 216, 728, + 472, 984, 56, 568, 312, 824, 184, 696, 440, 952, + 120, 632, 376, 888, 248, 760, 504, 1016, 4, 516, + 260, 772, 132, 644, 388, 900, 68, 580, 324, 836, + 196, 708, 452, 964, 36, 548, 292, 804, 164, 676, + 420, 932, 100, 612, 356, 868, 228, 740, 484, 996, + 20, 532, 276, 788, 148, 660, 404, 916, 84, 596, + 340, 852, 212, 724, 468, 980, 52, 564, 308, 820, + 180, 692, 436, 948, 116, 628, 372, 884, 244, 756, + 500, 1012, 12, 524, 268, 780, 140, 652, 396, 908, + + 76, 588, 332, 844, 204, 716, 460, 972, 44, 556, + 300, 812, 172, 684, 428, 940, 108, 620, 364, 876, + 236, 748, 492, 1004, 28, 540, 284, 796, 156, 668, + 412, 924, 92, 604, 348, 860, 220, 732, 476, 988, + 60, 572, 316, 828, 188, 700, 444, 956, 124, 636, + 380, 892, 252, 764, 508, 1020, 2, 514, 258, 770, + 130, 642, 386, 898, 66, 578, 322, 834, 194, 706, + 450, 962, 34, 546, 290, 802, 162, 674, 418, 930, + 98, 610, 354, 866, 226, 738, 482, 994, 18, 530, + 274, 786, 146, 658, 402, 914, 82, 594, 338, 850, + + 210, 722, 466, 978, 50, 562, 306, 818, 178, 690, + 434, 946, 114, 626, 370, 882, 242, 754, 498, 1010, + 10, 522, 266, 778, 138, 650, 394, 906, 74, 586, + 330, 842, 202, 714, 458, 970, 42, 554, 298, 810, + 170, 682, 426, 938, 106, 618, 362, 874, 234, 746, + 490, 1002, 26, 538, 282, 794, 154, 666, 410, 922, + 90, 602, 346, 858, 218, 730, 474, 986, 58, 570, + 314, 826, 186, 698, 442, 954, 122, 634, 378, 890, + 250, 762, 506, 1018, 6, 518, 262, 774, 134, 646, + 390, 902, 70, 582, 326, 838, 198, 710, 454, 966, + + 38, 550, 294, 806, 166, 678, 422, 934, 102, 614, + 358, 870, 230, 742, 486, 998, 22, 534, 278, 790, + 150, 662, 406, 918, 86, 598, 342, 854, 214, 726, + 470, 982, 54, 566, 310, 822, 182, 694, 438, 950, + 118, 630, 374, 886, 246, 758, 502, 1014, 14, 526, + 270, 782, 142, 654, 398, 910, 78, 590, 334, 846, + 206, 718, 462, 974, 46, 558, 302, 814, 174, 686, + 430, 942, 110, 622, 366, 878, 238, 750, 494, 1006, + 30, 542, 286, 798, 158, 670, 414, 926, 94, 606, + 350, 862, 222, 734, 478, 990, 62, 574, 318, 830, + + 190, 702, 446, 958, 126, 638, 382, 894, 254, 766, + 510, 1022, 1, 513, 257, 769, 129, 641, 385, 897, + 65, 577, 321, 833, 193, 705, 449, 961, 33, 545, + 289, 801, 161, 673, 417, 929, 97, 609, 353, 865, + 225, 737, 481, 993, 17, 529, 273, 785, 145, 657, + 401, 913, 81, 593, 337, 849, 209, 721, 465, 977, + 49, 561, 305, 817, 177, 689, 433, 945, 113, 625, + 369, 881, 241, 753, 497, 1009, 9, 521, 265, 777, + 137, 649, 393, 905, 73, 585, 329, 841, 201, 713, + 457, 969, 41, 553, 297, 809, 169, 681, 425, 937, + + 105, 617, 361, 873, 233, 745, 489, 1001, 25, 537, + 281, 793, 153, 665, 409, 921, 89, 601, 345, 857, + 217, 729, 473, 985, 57, 569, 313, 825, 185, 697, + 441, 953, 121, 633, 377, 889, 249, 761, 505, 1017, + 5, 517, 261, 773, 133, 645, 389, 901, 69, 581, + 325, 837, 197, 709, 453, 965, 37, 549, 293, 805, + 165, 677, 421, 933, 101, 613, 357, 869, 229, 741, + 485, 997, 21, 533, 277, 789, 149, 661, 405, 917, + 85, 597, 341, 853, 213, 725, 469, 981, 53, 565, + 309, 821, 181, 693, 437, 949, 117, 629, 373, 885, + + 245, 757, 501, 1013, 13, 525, 269, 781, 141, 653, + 397, 909, 77, 589, 333, 845, 205, 717, 461, 973, + 45, 557, 301, 813, 173, 685, 429, 941, 109, 621, + 365, 877, 237, 749, 493, 1005, 29, 541, 285, 797, + 157, 669, 413, 925, 93, 605, 349, 861, 221, 733, + 477, 989, 61, 573, 317, 829, 189, 701, 445, 957, + 125, 637, 381, 893, 253, 765, 509, 1021, 3, 515, + 259, 771, 131, 643, 387, 899, 67, 579, 323, 835, + 195, 707, 451, 963, 35, 547, 291, 803, 163, 675, + 419, 931, 99, 611, 355, 867, 227, 739, 483, 995, + + 19, 531, 275, 787, 147, 659, 403, 915, 83, 595, + 339, 851, 211, 723, 467, 979, 51, 563, 307, 819, + 179, 691, 435, 947, 115, 627, 371, 883, 243, 755, + 499, 1011, 11, 523, 267, 779, 139, 651, 395, 907, + 75, 587, 331, 843, 203, 715, 459, 971, 43, 555, + 299, 811, 171, 683, 427, 939, 107, 619, 363, 875, + 235, 747, 491, 1003, 27, 539, 283, 795, 155, 667, + 411, 923, 91, 603, 347, 859, 219, 731, 475, 987, + 59, 571, 315, 827, 187, 699, 443, 955, 123, 635, + 379, 891, 251, 763, 507, 1019, 7, 519, 263, 775, + + 135, 647, 391, 903, 71, 583, 327, 839, 199, 711, + 455, 967, 39, 551, 295, 807, 167, 679, 423, 935, + 103, 615, 359, 871, 231, 743, 487, 999, 23, 535, + 279, 791, 151, 663, 407, 919, 87, 599, 343, 855, + 215, 727, 471, 983, 55, 567, 311, 823, 183, 695, + 439, 951, 119, 631, 375, 887, 247, 759, 503, 1015, + 15, 527, 271, 783, 143, 655, 399, 911, 79, 591, + 335, 847, 207, 719, 463, 975, 47, 559, 303, 815, + 175, 687, 431, 943, 111, 623, 367, 879, 239, 751, + 495, 1007, 31, 543, 287, 799, 159, 671, 415, 927, + + 95, 607, 351, 863, 223, 735, 479, 991, 63, 575, + 319, 831, 191, 703, 447, 959, 127, 639, 383, 895, + 255, 767, 511, 1023 +}; + +const ntt_fft_params_t ntt_fft_12289_1024 = { + 12289, 12287, 18, 3186, (1<<18)-1, 1024, 12277, 10, + wr_12289_1024, wf_12289_1024, wi_12289_1024, 1, rev_1024 +}; + +/** + * FFT phase shift and scaling inverse transform for q = 12289 and n = 512 + */ +static const uint16_t wi_12289_512[] = { + 12265, 6771, 11424, 9011, 6203, 11914, 9021, 6454, 7154, 146, + 11038, 4238, 5604, 10397, 11498, 3495, 7846, 7684, 1160, 4538, + 845, 2776, 3317, 5836, 6389, 11667, 6508, 1136, 11309, 12269, + 11787, 9520, 5461, 3121, 5832, 1373, 1282, 10058, 4218, 5102, + 7628, 4670, 6616, 1389, 9057, 2442, 2307, 5063, 7878, 10945, + 10506, 716, 767, 3276, 3578, 1327, 5043, 7376, 8176, 3678, + 3837, 6599, 4649, 4860, 11385, 9261, 189, 3515, 8348, 10453, + 7988, 1417, 7302, 1403, 2035, 8067, 2171, 6565, 11169, 8755, + 4693, 10880, 2730, 7078, 3154, 10347, 10243, 2717, 3065, 9342, + 3451, 1826, 4050, 3343, 1573, 6302, 881, 11053, 10759, 10753, + + 3229, 6085, 11410, 3744, 578, 12050, 7519, 3163, 9344, 5959, + 874, 2275, 1802, 10821, 2478, 10584, 216, 506, 7785, 4924, + 5618, 3375, 4834, 3359, 9348, 10975, 11259, 11014, 11009, 4739, + 7119, 5412, 3120, 4578, 1849, 8314, 4684, 11883, 7014, 8921, + 3944, 5598, 2873, 2065, 8820, 180, 4518, 343, 7, 8778, + 8957, 12221, 751, 7790, 11194, 3238, 5082, 7126, 1901, 12077, + 4510, 2600, 3815, 3589, 2832, 12096, 3758, 5845, 5386, 7383, + 4665, 346, 3769, 7350, 150, 3765, 2334, 2054, 7315, 5416, + 8136, 2674, 10588, 5232, 10891, 4235, 1842, 11825, 8016, 11951, + 6263, 1131, 5039, 2360, 10080, 7228, 6919, 392, 8, 10032, + + 8481, 5189, 6125, 125, 9282, 1945, 5808, 8144, 417, 6780, + 10421, 4727, 4360, 11124, 1481, 1535, 7806, 6680, 7911, 3171, + 7087, 2151, 6063, 8400, 1927, 7814, 4423, 4103, 8360, 923, + 2276, 3056, 10345, 7735, 3669, 4840, 10883, 6492, 5650, 6636, + 1891, 11826, 9270, 11475, 11520, 6505, 9663, 448, 8787, 7954, + 7937, 11197, 7000, 3654, 10608, 5734, 1371, 11063, 11010, 5993, + 6643, 10669, 8494, 9202, 12226, 7021, 5410, 612, 5530, 3624, + 9855, 7725, 3418, 9600, 7469, 1908, 8566, 1178, 2532, 4566, + 11379, 1737, 3045, 8840, 682, 7287, 7171, 9175, 2946, 7584, + 10939, 2982, 3572, 6092, 7899, 412, 510, 512, 3020, 2068, + + 293, 11041, 8000, 4176, 1590, 3042, 5078, 2110, 3805, 3338, + 7592, 8682, 11463, 8761, 12217, 8024, 9694, 2455, 6320, 11164, + 2485, 7073, 9173, 438, 8536, 425, 4523, 6613, 9916, 10485, + 11249, 10763, 3480, 1325, 2535, 8328, 9951, 5219, 6878, 10423, + 7235, 3408, 9349, 12229, 10783, 3982, 4094, 9363, 5207, 4119, + 3846, 5596, 365, 3017, 10595, 1721, 7559, 4167, 2593, 7326, + 6921, 2900, 11345, 8257, 6940, 2148, 2301, 9828, 10734, 3981, + 2840, 9839, 12239, 11034, 11511, 7508, 1658, 2291, 9577, 3205, + 567, 10545, 466, 6781, 11675, 4251, 9617, 4209, 6105, 11912, + 6513, 7406, 8929, 1687, 1790, 8062, 8190, 8945, 9462, 6463, + + 6151, 8151, 9195, 3448, 10353, 5478, 12150, 10029, 4719, 6617, + 2643, 8581, 7699, 7681, 9687, 5966, 9652, 11232, 1734, 11572, + 10268, 9489, 3454, 5588, 2622, 6825, 5406, 7885, 7434, 7174, + 648, 1518, 11066, 2483, 4565, 10125, 2213, 10077, 3466, 8347, + 9199, 8464, 8449, 1928, 9068, 3947, 9360, 1445, 5547, 364, + 1763, 11071, 8753, 2185, 11832, 4505, 8619, 6195, 1882, 540, + 1265, 1029, 21, 1756, 2293, 12085, 2253, 11081, 9004, 9714, + 2957, 9089, 5703, 11653, 1241, 7800, 11445, 10767, 8496, 11710, + 11274, 5246, 3869, 9860, 1706, 1038, 11307, 9761, 450, 11295, + 7002, 6162, 9656, 3959, 12119, 8022, 7186, 3407, 8095, 416, + + 5526, 10897, 11759, 11275, 6500, 3393, 2828, 7080, 5662, 9395, + 8468, 1176 +}; + +/** + * Bit-reversed indices for n = 512 + */ +static const uint16_t rev_512[] = { + 0, 256, 128, 384, 64, 320, 192, 448, 32, 288, + 160, 416, 96, 352, 224, 480, 16, 272, 144, 400, + 80, 336, 208, 464, 48, 304, 176, 432, 112, 368, + 240, 496, 8, 264, 136, 392, 72, 328, 200, 456, + 40, 296, 168, 424, 104, 360, 232, 488, 24, 280, + 152, 408, 88, 344, 216, 472, 56, 312, 184, 440, + 120, 376, 248, 504, 4, 260, 132, 388, 68, 324, + 196, 452, 36, 292, 164, 420, 100, 356, 228, 484, + 20, 276, 148, 404, 84, 340, 212, 468, 52, 308, + 180, 436, 116, 372, 244, 500, 12, 268, 140, 396, + + 76, 332, 204, 460, 44, 300, 172, 428, 108, 364, + 236, 492, 28, 284, 156, 412, 92, 348, 220, 476, + 60, 316, 188, 444, 124, 380, 252, 508, 2, 258, + 130, 386, 66, 322, 194, 450, 34, 290, 162, 418, + 98, 354, 226, 482, 18, 274, 146, 402, 82, 338, + 210, 466, 50, 306, 178, 434, 114, 370, 242, 498, + 10, 266, 138, 394, 74, 330, 202, 458, 42, 298, + 170, 426, 106, 362, 234, 490, 26, 282, 154, 410, + 90, 346, 218, 474, 58, 314, 186, 442, 122, 378, + 250, 506, 6, 262, 134, 390, 70, 326, 198, 454, + + 38, 294, 166, 422, 102, 358, 230, 486, 22, 278, + 150, 406, 86, 342, 214, 470, 54, 310, 182, 438, + 118, 374, 246, 502, 14, 270, 142, 398, 78, 334, + 206, 462, 46, 302, 174, 430, 110, 366, 238, 494, + 30, 286, 158, 414, 94, 350, 222, 478, 62, 318, + 190, 446, 126, 382, 254, 510, 1, 257, 129, 385, + 65, 321, 193, 449, 33, 289, 161, 417, 97, 353, + 225, 481, 17, 273, 145, 401, 81, 337, 209, 465, + 49, 305, 177, 433, 113, 369, 241, 497, 9, 265, + 137, 393, 73, 329, 201, 457, 41, 297, 169, 425, + + 105, 361, 233, 489, 25, 281, 153, 409, 89, 345, + 217, 473, 57, 313, 185, 441, 121, 377, 249, 505, + 5, 261, 133, 389, 69, 325, 197, 453, 37, 293, + 165, 421, 101, 357, 229, 485, 21, 277, 149, 405, + 85, 341, 213, 469, 53, 309, 181, 437, 117, 373, + 245, 501, 13, 269, 141, 397, 77, 333, 205, 461, + 45, 301, 173, 429, 109, 365, 237, 493, 29, 285, + 157, 413, 93, 349, 221, 477, 61, 317, 189, 445, + 125, 381, 253, 509, 3, 259, 131, 387, 67, 323, + 195, 451, 35, 291, 163, 419, 99, 355, 227, 483, + + 19, 275, 147, 403, 83, 339, 211, 467, 51, 307, + 179, 435, 115, 371, 243, 499, 11, 267, 139, 395, + 75, 331, 203, 459, 43, 299, 171, 427, 107, 363, + 235, 491, 27, 283, 155, 411, 91, 347, 219, 475, + 59, 315, 187, 443, 123, 379, 251, 507, 7, 263, + 135, 391, 71, 327, 199, 455, 39, 295, 167, 423, + 103, 359, 231, 487, 23, 279, 151, 407, 87, 343, + 215, 471, 55, 311, 183, 439, 119, 375, 247, 503, + 15, 271, 143, 399, 79, 335, 207, 463, 47, 303, + 175, 431, 111, 367, 239, 495, 31, 287, 159, 415, + + 95, 351, 223, 479, 63, 319, 191, 447, 127, 383, + 255, 511 +}; + +const ntt_fft_params_t ntt_fft_12289_512 = { + 12289, 12287, 18, 3186, (1<<18)-1, 512, 12265, 9, + wr_12289_1024, wf_12289_1024, wi_12289_512, 2, rev_512 +}; + +/** + * FFT twiddle factors in Montgomery form for q = 17 and n = 8 + */ +static const uint16_t wr_17_8[] = { 15, 16, 8, 4, 2, 1, 9, 13, 15 }; + +/** + * FFT phase shift in forward transform for q = 17 and n = 8 + */ +static const uint16_t wf_17_8[] = { 4, 12, 2, 6, 1, 3, 9, 10 }; + +/** + * FFT phase shift and scaling inverse transform for q = 17 and n = 8 + */ +static const uint16_t wi_17_8[] = { 15, 5, 13, 10, 9, 3, 1, 6 }; + +/** + * Bit-reversed indices for n = 8 + */ +static const uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 }; + +const ntt_fft_params_t ntt_fft_17_8 = { + 17, 15, 5, 4, (1<<5)-1, 8, 15, 3, wr_17_8, wf_17_8, wi_17_8, 1, rev_8 +}; diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.h b/src/libstrongswan/math/libnttfft/ntt_fft_params.h new file mode 100644 index 000000000..27fabe7c4 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.h @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntt_fft_params ntt_fft_params + * @{ @ingroup ntt_p + */ + +#ifndef NTT_FFT_PARAMS_H_ +#define NTT_FFT_PARAMS_H_ + +#include + +typedef struct ntt_fft_params_t ntt_fft_params_t; + +/** + * Defines the parameters for an NTT computed via the FFT algorithm + */ +struct ntt_fft_params_t { + + /** + * Prime modulus + */ + uint16_t q; + + /** + * Inverse of Prime modulus (-q_inv * q mod r = 1) + */ + uint16_t q_inv; + + /** + * Logarithm of Montgomery radix: log2(r) + */ + uint16_t rlog; + + /** + * Square of Montgomery radix: r^2 mod q + */ + const uint32_t r2; + + /** + * Montgomery radix mask: (1<. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntt_fft ntt_fft + * @{ @ingroup ntt_p + */ + +#ifndef NTT_REDUCE_H_ +#define NTT_REDUCE_H_ + +#include "ntt_fft_params.h" + +/** + * Montgomery Reduction + * + * Montgomery, P. L. Modular multiplication without trial division. + * Mathematics of Computation 44, 170 (1985), 519–521. + */ +static inline uint32_t ntt_fft_mreduce(uint32_t x, const ntt_fft_params_t *p) +{ + uint32_t m, t; + + m = (x * p->q_inv) & p->rmask; + t = (x + m * p->q) >> p->rlog; + + return (t < p->q) ? t : t - p->q; +} + +#endif /** NTT_REDUCE_H_ @}*/ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.am b/src/libstrongswan/math/libnttfft/tests/Makefile.am new file mode 100644 index 000000000..55e6fff94 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.am @@ -0,0 +1,21 @@ +TESTS = ntt_fft_tests + +check_PROGRAMS = $(TESTS) + +ntt_fft_tests_SOURCES = \ + suites/test_ntt_fft.c \ + ntt_fft_tests.h ntt_fft_tests.c + +ntt_fft_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +ntt_fft_tests_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + ../libnttfft.la diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in new file mode 100644 index 000000000..54e02edc0 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -0,0 +1,888 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +TESTS = ntt_fft_tests$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) +subdir = src/libstrongswan/math/libnttfft/tests +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = ntt_fft_tests$(EXEEXT) +am__dirstamp = $(am__leading_dot)dirstamp +am_ntt_fft_tests_OBJECTS = \ + suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT) \ + ntt_fft_tests-ntt_fft_tests.$(OBJEXT) +ntt_fft_tests_OBJECTS = $(am_ntt_fft_tests_OBJECTS) +ntt_fft_tests_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + ../libnttfft.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +ntt_fft_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(ntt_fft_tests_CFLAGS) \ + $(CFLAGS) $(ntt_fft_tests_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(ntt_fft_tests_SOURCES) +DIST_SOURCES = $(ntt_fft_tests_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +ntt_fft_tests_SOURCES = \ + suites/test_ntt_fft.c \ + ntt_fft_tests.h ntt_fft_tests.c + +ntt_fft_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +ntt_fft_tests_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + ../libnttfft.la + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +suites/$(am__dirstamp): + @$(MKDIR_P) suites + @: > suites/$(am__dirstamp) +suites/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) suites/$(DEPDIR) + @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) + +ntt_fft_tests$(EXEEXT): $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_DEPENDENCIES) $(EXTRA_ntt_fft_tests_DEPENDENCIES) + @rm -f ntt_fft_tests$(EXEEXT) + $(AM_V_CCLD)$(ntt_fft_tests_LINK) $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f suites/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +suites/ntt_fft_tests-test_ntt_fft.o: suites/test_ntt_fft.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.o -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c + +suites/ntt_fft_tests-test_ntt_fft.obj: suites/test_ntt_fft.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.obj -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi` + +ntt_fft_tests-ntt_fft_tests.o: ntt_fft_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.o -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c + +ntt_fft_tests-ntt_fft_tests.obj: ntt_fft_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.obj -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f suites/$(DEPDIR)/$(am__dirstamp) + -rm -f suites/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c new file mode 100644 index 000000000..71f566426 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#include "ntt_fft_tests.h" +#undef TEST_SUITE + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#include "ntt_fft_tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + char *plugins, *plugindir; + + plugins = lib->settings->get_str(lib->settings, + "tests.load", PLUGINS); + plugindir = lib->settings->get_str(lib->settings, + "tests.plugindir", PLUGINDIR); + plugin_loader_add_plugindirs(plugindir, plugins); + if (!lib->plugins->load(lib->plugins, plugins)) + { + return FALSE; + } + } + else + { + lib->processor->set_threads(lib->processor, 0); + lib->processor->cancel(lib->processor); + lib->plugins->unload(lib->plugins); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("ntt_fft", tests, test_runner_init); +} diff --git a/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h new file mode 100644 index 000000000..200b5b087 --- /dev/null +++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(ntt_fft_suite_create) + diff --git a/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c new file mode 100644 index 000000000..d8277183e --- /dev/null +++ b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c @@ -0,0 +1,154 @@ +/* + * Copyright (C) 2014-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include +#include + +#include + +static const ntt_fft_params_t *fft_params[] = { + &ntt_fft_17_8, + &ntt_fft_12289_512, + &ntt_fft_12289_1024 +}; + +START_TEST(test_ntt_fft_impulse) +{ + ntt_fft_t *fft; + uint16_t n = fft_params[_i]->n; + uint32_t rq = (1 << fft_params[_i]->rlog) % fft_params[_i]->q; + uint32_t x[n], X[n]; + int i; + + for (i = 0; i < n; i++) + { + x[i] = 0; + } + x[0] = 1; + + fft = ntt_fft_create(fft_params[_i]); + fft->transform(fft, x, X, FALSE); + + for (i = 0; i < n; i++) + { + ck_assert(X[i] == rq); + } + fft->transform(fft, X, x, TRUE); + + for (i = 0; i < n; i++) + { + ck_assert(x[i] == (i == 0)); + } + fft->destroy(fft); +} +END_TEST + +START_TEST(test_ntt_fft_wrap) +{ + ntt_fft_t *fft; + uint16_t n = fft_params[_i]->n; + uint16_t q = fft_params[_i]->q; + uint32_t x[n],y[n], X[n], Y[n]; + int i, j; + + for (i = 0; i < n; i++) + { + x[i] = i; + y[i] = 0; + } + fft = ntt_fft_create(fft_params[_i]); + ck_assert(fft->get_size(fft) == n); + ck_assert(fft->get_modulus(fft) == q); + fft->transform(fft, x, X, FALSE); + + for (j = 0; j < n; j++) + { + y[j] = 1; + fft->transform(fft, y, Y, FALSE); + + for (i = 0; i < n; i++) + { + Y[i] = ntt_fft_mreduce(X[i] * Y[i], fft_params[_i]); + } + fft->transform(fft, Y, Y, TRUE); + + for (i = 0; i < n; i++) + { + ck_assert(Y[i] == ( i < j ? q - n - i + j : i - j)); + } + y[j] = 0; + } + fft->destroy(fft); +} +END_TEST + +START_TEST(test_ntt_fft_speed) +{ + ntt_fft_t *fft; + struct timespec start, stop; + int i, m, count = 10000; + int n = fft_params[_i]->n; + uint32_t x[n], X[n]; + + for (i = 0; i < n; i++) + { + x[i] = i; + } + fft = ntt_fft_create(fft_params[_i]); + + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start); + for (m = 0; m < count; m++) + { + fft->transform(fft, x, X, FALSE); + fft->transform(fft, X, x, TRUE); + } + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop); + + DBG0(DBG_LIB, "%d FFT-%d loops in %d ms\n", count, n, + (stop.tv_nsec - start.tv_nsec) / 1000000 + + (stop.tv_sec - start.tv_sec) * 1000); + + for (i = 0; i < n; i++) + { + ck_assert(x[i] == i); + } + fft->destroy(fft); +} +END_TEST + +Suite *ntt_fft_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ntt_fft"); + + tc = tcase_create("impulse"); + tcase_add_loop_test(tc, test_ntt_fft_impulse, 0, countof(fft_params)); + suite_add_tcase(s, tc); + + tc = tcase_create("negative_wrap"); + tcase_add_loop_test(tc, test_ntt_fft_wrap, 0, countof(fft_params)); + suite_add_tcase(s, tc); + + tc = tcase_create("speed"); + tcase_set_timeout(tc, 10); + tcase_add_loop_test(tc, test_ntt_fft_speed, 1, countof(fft_params)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index a1ee0f83e..210d7c227 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 02cd0f832..9e926ac19 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index 576b6dafc..ea41ab353 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 1f092287b..aa3be4220 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 5e1b1f38a..4441558fa 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am index e2aaaf55c..b2d09427e 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.am +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -1,5 +1,6 @@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ $(PLUGIN_CFLAGS) \ @@ -7,9 +8,12 @@ AM_CFLAGS = \ # these file are also used by bliss_huffman noinst_LTLIBRARIES = libbliss-params.la + libbliss_params_la_SOURCES = \ - bliss_param_set.h bliss_param_set.c \ - bliss_fft_params.h bliss_fft_params.c + bliss_param_set.h bliss_param_set.c + +libbliss_params_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la # these files are also used by the tests, we can't directly refer to them # because of the subdirectory, which would cause distclean to fail @@ -20,12 +24,14 @@ libbliss_la_SOURCES = \ bliss_signature.h bliss_signature.c \ bliss_utils.h bliss_utils.c \ bliss_bitpacker.h bliss_bitpacker.c \ - bliss_fft.h bliss_fft.c \ bliss_huffman_code.h bliss_huffman_code.c \ bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \ bliss_huffman_coder.h bliss_huffman_coder.c \ bliss_sampler.h bliss_sampler.c -libbliss_la_LIBADD = libbliss-params.la + +libbliss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la if MONOLITHIC noinst_LTLIBRARIES += libstrongswan-bliss.la @@ -43,7 +49,10 @@ libstrongswan_bliss_la_LIBADD = libbliss.la noinst_PROGRAMS = bliss_huffman bliss_huffman_SOURCES = bliss_huffman.c -bliss_huffman_LDADD = -lm libbliss-params.la + +bliss_huffman_LDADD = -lm \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h $(AM_V_GEN) \ diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index 389e20ed4..746709b23 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -139,17 +139,20 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libbliss_params_la_LIBADD = -am_libbliss_params_la_OBJECTS = bliss_param_set.lo bliss_fft_params.lo +libbliss_params_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la +am_libbliss_params_la_OBJECTS = bliss_param_set.lo libbliss_params_la_OBJECTS = $(am_libbliss_params_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libbliss_la_DEPENDENCIES = libbliss-params.la +libbliss_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la am_libbliss_la_OBJECTS = bliss_private_key.lo bliss_public_key.lo \ bliss_signature.lo bliss_utils.lo bliss_bitpacker.lo \ - bliss_fft.lo bliss_huffman_code.lo bliss_huffman_code_1.lo \ + bliss_huffman_code.lo bliss_huffman_code_1.lo \ bliss_huffman_code_3.lo bliss_huffman_code_4.lo \ bliss_huffman_coder.lo bliss_sampler.lo libbliss_la_OBJECTS = $(am_libbliss_la_OBJECTS) @@ -166,7 +169,9 @@ libstrongswan_bliss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ PROGRAMS = $(noinst_PROGRAMS) am_bliss_huffman_OBJECTS = bliss_huffman.$(OBJEXT) bliss_huffman_OBJECTS = $(am_bliss_huffman_OBJECTS) -bliss_huffman_DEPENDENCIES = libbliss-params.la +bliss_huffman_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -370,7 +375,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -404,8 +408,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -459,11 +461,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ $(PLUGIN_CFLAGS) \ @@ -476,8 +481,10 @@ AM_CFLAGS = \ # because of the subdirectory, which would cause distclean to fail noinst_LTLIBRARIES = libbliss-params.la libbliss.la $(am__append_1) libbliss_params_la_SOURCES = \ - bliss_param_set.h bliss_param_set.c \ - bliss_fft_params.h bliss_fft_params.c + bliss_param_set.h bliss_param_set.c + +libbliss_params_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la libbliss_la_SOURCES = \ bliss_private_key.h bliss_private_key.c \ @@ -485,13 +492,15 @@ libbliss_la_SOURCES = \ bliss_signature.h bliss_signature.c \ bliss_utils.h bliss_utils.c \ bliss_bitpacker.h bliss_bitpacker.c \ - bliss_fft.h bliss_fft.c \ bliss_huffman_code.h bliss_huffman_code.c \ bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \ bliss_huffman_coder.h bliss_huffman_coder.c \ bliss_sampler.h bliss_sampler.c -libbliss_la_LIBADD = libbliss-params.la +libbliss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la + @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-bliss.la libstrongswan_bliss_la_SOURCES = \ bliss_plugin.h bliss_plugin.c @@ -499,7 +508,10 @@ libstrongswan_bliss_la_SOURCES = \ libstrongswan_bliss_la_LDFLAGS = -module -avoid-version libstrongswan_bliss_la_LIBADD = libbliss.la bliss_huffman_SOURCES = bliss_huffman.c -bliss_huffman_LDADD = -lm libbliss-params.la +bliss_huffman_LDADD = -lm \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la + all: all-am .SUFFIXES: @@ -609,8 +621,6 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_bitpacker.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft_params.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code_1.Plo@am__quote@ diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.c b/src/libstrongswan/plugins/bliss/bliss_fft.c deleted file mode 100644 index 033c2144e..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "bliss_fft.h" - -typedef struct private_bliss_fft_t private_bliss_fft_t; - -/** - * Private data structure for bliss_fft_t object - */ -struct private_bliss_fft_t { - /** - * Public interface. - */ - bliss_fft_t public; - - /** - * FFT parameter set used as constants - */ - bliss_fft_params_t *p; - -}; - -METHOD(bliss_fft_t, get_size, uint16_t, - private_bliss_fft_t *this) -{ - return this->p->n; -} - -METHOD(bliss_fft_t, get_modulus, uint16_t, - private_bliss_fft_t *this) -{ - return this->p->q; -} - -/** - * Do an FFT butterfly operation - * - * x[i1] ---|+|------- x[i1] - * \/ - * /\ w[iw] - * x[i2] ---|-|--|*|-- x[i2] - * - */ -static void butterfly(private_bliss_fft_t *this, uint32_t *x, int i1,int i2, - int iw) -{ - uint32_t xp, xm; - - xp = x[i1] + x[i2]; - xm = x[i1] + (this->p->q - x[i2]); - if (xp >= this->p->q) - { - xp -= this->p->q; - } - x[i1] = xp; - x[i2] = (xm * this->p->w[iw]) % this->p->q; -} - -/** - * Trivial butterfly operation of last FFT stage - */ -static void butterfly_last(private_bliss_fft_t *this, uint32_t *x, int i1) -{ - uint32_t xp, xm; - int i2 = i1 + 1; - - xp = x[i1] + x[i2]; - xm = x[i1] + (this->p->q - x[i2]); - if (xp >= this->p->q) - { - xp -= this->p->q; - } - if (xm >= this->p->q) - { - xm -= this->p->q; - } - x[i1] = xp; - x[i2] = xm; -} - -METHOD(bliss_fft_t, transform, void, - private_bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse) -{ - int stage, i, j, k, m, n, t, iw, i_rev; - uint16_t q; - uint32_t tmp; - - /* we are going to use the transform size n and the modulus q a lot */ - n = this->p->n; - q = this->p->q; - - if (!inverse) - { - /* apply linear phase needed for negative wrapped convolution */ - for (i = 0; i < n; i++) - { - b[i] = (a[i] * this->p->w[i]) % q; - } - } - else if (a != b) - { - /* copy if input and output array are not the same */ - for (i = 0; i < n; i++) - { - b[i] = a[i]; - } - } - - m = n; - k = 1; - - for (stage = this->p->stages; stage > 0; stage--) - { - m >>= 1; - t = 0; - - for (j = 0; j < k; j++) - { - if (stage == 1) - { - butterfly_last(this, b, t); - } - else - { - for (i = 0; i < m; i++) - { - iw = 2 * (inverse ? (n - i * k) : (i * k)); - butterfly(this, b, t + i, t + i + m, iw); - } - } - t += 2*m; - } - k <<= 1; - } - - /* Sort output in bit-reverse order */ - for (i = 0; i < n; i++) - { - i_rev = this->p->rev[i]; - - if (i_rev > i) - { - tmp = b[i]; - b[i] = b[i_rev]; - b[i_rev] = tmp; - } - } - - /** - * Compensate the linear phase needed for negative wrapped convolution - * and normalize the output array with 1/n mod q after the inverse FFT. - */ - if (inverse) - { - for (i = 0; i < n; i++) - { - b[i] = (((b[i] * this->p->w[2*n - i]) % q) * this->p->n_inv) % q; - } - } -} - -METHOD(bliss_fft_t, destroy, void, - private_bliss_fft_t *this) -{ - free(this); -} - -/** - * See header. - */ -bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params) -{ - private_bliss_fft_t *this; - - INIT(this, - .public = { - .get_size = _get_size, - .get_modulus = _get_modulus, - .transform = _transform, - .destroy = _destroy, - }, - .p = params, - ); - - return &this->public; -} diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.h b/src/libstrongswan/plugins/bliss/bliss_fft.h deleted file mode 100644 index a79edd2be..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup bliss_fft bliss_fft - * @{ @ingroup bliss_p - */ - -#ifndef BLISS_FFT_H_ -#define BLISS_FFT_H_ - -#include "bliss_fft_params.h" - -#include - -typedef struct bliss_fft_t bliss_fft_t; - -/** - * Implements a Number Theoretic Transform (NTT) via the FFT algorithm - */ -struct bliss_fft_t { - - /** - * Get the size of the Number Theoretic Transform - * - * @result Transform size - */ - uint16_t (*get_size)(bliss_fft_t *this); - - /** - * Get the prime modulus of the Number Theoretic Transform - * - * @result Prime modulus - */ - uint16_t (*get_modulus)(bliss_fft_t *this); - - /** - * Compute the [inverse] NTT of a polynomial - * - * @param a Coefficient of input polynomial - * @param b Coefficient of output polynomial - * @param inverse TRUE if the inverse NTT has to be computed - */ - void (*transform)(bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse); - - /** - * Destroy bliss_fft_t object - */ - void (*destroy)(bliss_fft_t *this); -}; - -/** - * Create a bliss_fft_t object for a given FFT parameter set - * - * @param params FFT parameters - */ -bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params); - -#endif /** BLISS_FFT_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.c b/src/libstrongswan/plugins/bliss/bliss_fft_params.c deleted file mode 100644 index c892c06e6..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft_params.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "bliss_fft_params.h" - -/** - * FFT parameters for q = 12289 and 2n = 1024 - */ -static uint16_t w_12289_1024[] = { - 1, 49, 2401, 7048, 1260, 295, 2166, 7822, 2319, 3030, - 1002, 12231, 9447, 8210, 9042, 654, 7468, 9551, 1017, 677, - 8595, 3329, 3364, 5079, 3091, 3991, 11224, 9260, 11336, 2459, - 9890, 5339, 3542, 1512, 354, 5057, 2013, 325, 3636, 6118, - 4846, 3963, 9852, 3477, 10616, 4046, 1630, 6136, 5728, 10314, - 1537, 1579, 3637, 6167, 7247, 11011, 11112, 3772, 493, 11868, - 3949, 9166, 6730, 10256, 10984, 9789, 390, 6821, 2426, 8273, - 12129, 4449, 9088, 2908, 7313, 1956, 9821, 1958, 9919, 6760, - 11726, 9280, 27, 1323, 3382, 5961, 9442, 7965, 9326, 2281, - 1168, 8076, 2476, 10723, 9289, 468, 10643, 5369, 5012, 12097, - - 2881, 5990, 10863, 3860, 4805, 1954, 9723, 9445, 8112, 4240, - 11136, 4948, 8961, 8974, 9611, 3957, 9558, 1360, 5195, 8775, - 12149, 5429, 7952, 8689, 7935, 7856, 3985, 10930, 7143, 5915, - 7188, 8120, 4632, 5766, 12176, 6752, 11334, 2361, 5088, 3532, - 1022, 922, 8311, 1702, 9664, 6554, 1632, 6234, 10530, 12121, - 4057, 2169, 7969, 9522, 11885, 4782, 827, 3656, 7098, 3710, - 9744, 10474, 9377, 4780, 729, 11143, 5291, 1190, 9154, 6142, - 6022, 142, 6958, 9139, 5407, 6874, 5023, 347, 4714, 9784, - 145, 7105, 4053, 1973, 10654, 5908, 6845, 3602, 4452, 9235, - 10111, 3879, 5736, 10706, 8456, 8807, 1428, 8527, 12286, 12142, - - 5086, 3434, 8509, 11404, 5791, 1112, 5332, 3199, 9283, 174, - 8526, 12237, 9741, 10327, 2174, 8214, 9238, 10258, 11082, 2302, - 2197, 9341, 3016, 316, 3195, 9087, 2859, 4912, 7197, 8561, - 1663, 7753, 11227, 9407, 6250, 11314, 1381, 6224, 10040, 400, - 7311, 1858, 5019, 151, 7399, 6170, 7394, 5925, 7678, 7552, - 1378, 6077, 2837, 3834, 3531, 973, 10810, 1263, 442, 9369, - 4388, 6099, 3915, 7500, 11119, 4115, 5011, 12048, 480, 11231, - 9603, 3565, 2639, 6421, 7404, 6415, 7110, 4298, 1689, 9027, - 12208, 8320, 2143, 6695, 8541, 683, 8889, 5446, 8785, 350, - 4861, 4698, 9000, 10885, 4938, 8471, 9542, 576, 3646, 6608, - - 4278, 709, 10163, 6427, 7698, 8532, 242, 11858, 3459, 9734, - 9984, 9945, 8034, 418, 8193, 8209, 8993, 10542, 420, 8291, - 722, 10800, 773, 1010, 334, 4077, 3149, 6833, 3014, 218, - 10682, 7280, 339, 4322, 2865, 5206, 9314, 1693, 9223, 9523, - 11934, 7183, 7875, 4916, 7393, 5876, 5277, 504, 118, 5782, - 671, 8301, 1212, 10232, 9808, 1321, 3284, 1159, 7635, 5445, - 8736, 10238, 10102, 3438, 8705, 8719, 9405, 6152, 6512, 11863, - 3704, 9450, 8357, 3956, 9509, 11248, 10436, 7515, 11854, 3263, - 130, 6370, 4905, 6854, 4043, 1483, 11222, 9162, 6534, 652, - 7370, 4749, 11499, 10446, 8005, 11286, 9, 441, 9320, 1987, - - 11340, 2655, 7205, 8953, 8582, 2692, 9018, 11767, 11289, 156, - 7644, 5886, 5767, 12225, 9153, 6093, 3621, 5383, 5698, 8844, - 3241, 11341, 2704, 9606, 3712, 9842, 2987, 11184, 7300, 1319, - 3186, 8646, 5828, 2925, 8146, 5906, 6747, 11089, 2645, 6715, - 9521, 11836, 2381, 6068, 2396, 6803, 1544, 1922, 8155, 6347, - 3778, 787, 1696, 9370, 4437, 8500, 10963, 8760, 11414, 6281, - 544, 2078, 3510, 12233, 9545, 723, 10849, 3174, 8058, 1594, - 4372, 5315, 2366, 5333, 3248, 11684, 7222, 9786, 243, 11907, - 5860, 4493, 11244, 10240, 10200, 8240, 10512, 11239, 9995, 10484, - 9867, 4212, 9764, 11454, 8241, 10561, 1351, 4754, 11744, 10162, - - 6378, 5297, 1484, 11271, 11563, 1293, 1912, 7665, 6915, 7032, - 476, 11035, 12288, 12240, 9888, 5241, 11029, 11994, 10123, 4467, - 9970, 9259, 11287, 58, 2842, 4079, 3247, 11635, 4821, 2738, - 11272, 11612, 3694, 8960, 8925, 7210, 9198, 8298, 1065, 3029, - 953, 9830, 2399, 6950, 8747, 10777, 11935, 7232, 10276, 11964, - 8653, 6171, 7443, 8326, 2437, 8812, 1673, 8243, 10659, 6153, - 6561, 1975, 10752, 10710, 8652, 6122, 5042, 1278, 1177, 8517, - 11796, 421, 8340, 3123, 5559, 2033, 1305, 2500, 11899, 5468, - 9863, 4016, 160, 7840, 3201, 9381, 4976, 10333, 2468, 10331, - 2370, 5529, 563, 3009, 12262, 10966, 8907, 6328, 2847, 4324, - - 2963, 10008, 11121, 4213, 9813, 1566, 3000, 11821, 1646, 6920, - 7277, 192, 9408, 6299, 1426, 8429, 7484, 10335, 2566, 2844, - 4177, 8049, 1153, 7341, 3328, 3315, 2678, 8332, 2731, 10929, - 7094, 3514, 140, 6860, 4337, 3600, 4354, 4433, 8304, 1359, - 5146, 6374, 5101, 4169, 7657, 6523, 113, 5537, 955, 9928, - 7201, 8757, 11267, 11367, 3978, 10587, 2625, 5735, 10657, 6055, - 1759, 168, 8232, 10120, 4320, 2767, 404, 7507, 11462, 8633, - 5191, 8579, 2545, 1815, 2912, 7509, 11560, 1146, 6998, 11099, - 3135, 6147, 6267, 12147, 5331, 3150, 6882, 5415, 7266, 11942, - 7575, 2505, 12144, 5184, 8236, 10316, 1635, 6381, 5444, 8687, - - 7837, 3054, 2178, 8410, 6553, 1583, 3833, 3482, 10861, 3762, - 3, 147, 7203, 8855, 3780, 885, 6498, 11177, 6957, 9090, - 3006, 12115, 3763, 52, 2548, 1962, 10115, 4075, 3051, 2031, - 1207, 9987, 10092, 2948, 9273, 11973, 9094, 3202, 9430, 7377, - 5092, 3728, 10626, 4536, 1062, 2882, 6039, 975, 10908, 6065, - 2249, 11889, 4978, 10431, 7270, 12138, 4890, 6119, 4895, 6364, - 4611, 4737, 10911, 6212, 9452, 8455, 8758, 11316, 1479, 11026, - 11847, 2920, 7901, 6190, 8374, 4789, 1170, 8174, 7278, 241, - 11809, 1058, 2686, 8724, 9650, 5868, 4885, 5874, 5179, 7991, - 10600, 3262, 81, 3969, 10146, 5594, 3748, 11606, 3400, 6843, - - 3504, 11939, 7428, 7591, 3289, 1404, 7351, 3818, 2747, 11713, - 8643, 5681, 8011, 11580, 2126, 5862, 4591, 3757, 12047, 431, - 8830, 2555, 2305, 2344, 4255, 11871, 4096, 4080, 3296, 1747, - 11869, 3998, 11567, 1489, 11516, 11279, 11955, 8212, 9140, 5456, - 9275, 12071, 1607, 5009, 11950, 7967, 9424, 7083, 2975, 10596, - 3066, 2766, 355, 5106, 4414, 7373, 4896, 6413, 7012, 11785, - 12171, 6507, 11618, 3988, 11077, 2057, 2481, 10968, 9005, 11130, - 4654, 6844, 3553, 2051, 2187, 8851, 3584, 3570, 2884, 6137, - 5777, 426, 8585, 2839, 3932, 8333, 2780, 1041, 1853, 4774, - 435, 9026, 12159, 5919, 7384, 5435, 8246, 10806, 1067, 3127, - - 5755, 11637, 4919, 7540, 790, 1843, 4284, 1003, 12280, 11848, - 2969, 10302, 949, 9634, 5084, 3336, 3707, 9597, 3271, 522, - 1000, 12133, 4645, 6403, 6522, 64, 3136, 6196, 8668, 6906, - 6591, 3445, 9048, 948, 9585, 2683, 8577, 2447, 9302, 1105, - 4989, 10970, 9103, 3643, 6461, 9364, 4143, 6383, 5542, 1200, - 9644, 5574, 2768, 453, 9908, 6221, 9893, 5486, 10745, 10367, - 4134, 5942, 8511, 11502, 10593, 2919, 7852, 3789, 1326, 3529, - 875, 6008, 11745, 10211, 8779, 56, 2744, 11566, 1440, 9115, - 4231, 10695, 7917, 6974, 9923, 6956, 9041, 605, 5067, 2503, - 12046, 382, 6429, 7796, 1045, 2049, 2089, 4049, 1777, 1050, - - 2294, 1805, 2422, 8077, 2525, 835, 4048, 1728, 10938, 7535, - 545, 2127, 5911, 6992, 10805, 1018, 726, 10996, 10377, 4624, - 5374, 5257, 11813, 1254, 1 -}; - -/** - * Bit-reversed indices for n = 512 - */ -static uint16_t rev_512[] = { - 0, 256, 128, 384, 64, 320, 192, 448, 32, 288, - 160, 416, 96, 352, 224, 480, 16, 272, 144, 400, - 80, 336, 208, 464, 48, 304, 176, 432, 112, 368, - 240, 496, 8, 264, 136, 392, 72, 328, 200, 456, - 40, 296, 168, 424, 104, 360, 232, 488, 24, 280, - 152, 408, 88, 344, 216, 472, 56, 312, 184, 440, - 120, 376, 248, 504, 4, 260, 132, 388, 68, 324, - 196, 452, 36, 292, 164, 420, 100, 356, 228, 484, - 20, 276, 148, 404, 84, 340, 212, 468, 52, 308, - 180, 436, 116, 372, 244, 500, 12, 268, 140, 396, - - 76, 332, 204, 460, 44, 300, 172, 428, 108, 364, - 236, 492, 28, 284, 156, 412, 92, 348, 220, 476, - 60, 316, 188, 444, 124, 380, 252, 508, 2, 258, - 130, 386, 66, 322, 194, 450, 34, 290, 162, 418, - 98, 354, 226, 482, 18, 274, 146, 402, 82, 338, - 210, 466, 50, 306, 178, 434, 114, 370, 242, 498, - 10, 266, 138, 394, 74, 330, 202, 458, 42, 298, - 170, 426, 106, 362, 234, 490, 26, 282, 154, 410, - 90, 346, 218, 474, 58, 314, 186, 442, 122, 378, - 250, 506, 6, 262, 134, 390, 70, 326, 198, 454, - - 38, 294, 166, 422, 102, 358, 230, 486, 22, 278, - 150, 406, 86, 342, 214, 470, 54, 310, 182, 438, - 118, 374, 246, 502, 14, 270, 142, 398, 78, 334, - 206, 462, 46, 302, 174, 430, 110, 366, 238, 494, - 30, 286, 158, 414, 94, 350, 222, 478, 62, 318, - 190, 446, 126, 382, 254, 510, 1, 257, 129, 385, - 65, 321, 193, 449, 33, 289, 161, 417, 97, 353, - 225, 481, 17, 273, 145, 401, 81, 337, 209, 465, - 49, 305, 177, 433, 113, 369, 241, 497, 9, 265, - 137, 393, 73, 329, 201, 457, 41, 297, 169, 425, - - 105, 361, 233, 489, 25, 281, 153, 409, 89, 345, - 217, 473, 57, 313, 185, 441, 121, 377, 249, 505, - 5, 261, 133, 389, 69, 325, 197, 453, 37, 293, - 165, 421, 101, 357, 229, 485, 21, 277, 149, 405, - 85, 341, 213, 469, 53, 309, 181, 437, 117, 373, - 245, 501, 13, 269, 141, 397, 77, 333, 205, 461, - 45, 301, 173, 429, 109, 365, 237, 493, 29, 285, - 157, 413, 93, 349, 221, 477, 61, 317, 189, 445, - 125, 381, 253, 509, 3, 259, 131, 387, 67, 323, - 195, 451, 35, 291, 163, 419, 99, 355, 227, 483, - - 19, 275, 147, 403, 83, 339, 211, 467, 51, 307, - 179, 435, 115, 371, 243, 499, 11, 267, 139, 395, - 75, 331, 203, 459, 43, 299, 171, 427, 107, 363, - 235, 491, 27, 283, 155, 411, 91, 347, 219, 475, - 59, 315, 187, 443, 123, 379, 251, 507, 7, 263, - 135, 391, 71, 327, 199, 455, 39, 295, 167, 423, - 103, 359, 231, 487, 23, 279, 151, 407, 87, 343, - 215, 471, 55, 311, 183, 439, 119, 375, 247, 503, - 15, 271, 143, 399, 79, 335, 207, 463, 47, 303, - 175, 431, 111, 367, 239, 495, 31, 287, 159, 415, - - 95, 351, 223, 479, 63, 319, 191, 447, 127, 383, - 255, 511 -}; - -bliss_fft_params_t bliss_fft_12289_512 = { - 12289, 512, 12265, 9, w_12289_1024, rev_512 -}; - -/** - * FFT parameters for q = 17 and n = 16 - */ -static uint16_t w_17_16[] = { - 1, 3, 9, 10, 13, 5, 15, 11, 16, 14, 8, 7, 4, 12, 2, 6, 1 }; - -/** - * Bit-reversed indices for n = 8 - */ -static uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 }; - -bliss_fft_params_t bliss_fft_17_8 = { 17, 8, 15, 3, w_17_16, rev_8 }; diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.h b/src/libstrongswan/plugins/bliss/bliss_fft_params.h deleted file mode 100644 index 31b151b67..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft_params.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup bliss_fft_params bliss_fft_params - * @{ @ingroup bliss_p - */ - -#ifndef BLISS_FFT_PARAMS_H_ -#define BLISS_FFT_PARAMS_H_ - -#include - -typedef struct bliss_fft_params_t bliss_fft_params_t; - -/** - * Defines the parameters for an NTT computed via the FFT algorithm - */ -struct bliss_fft_params_t { - - /** - * Prime modulus - */ - uint16_t q; - - /** - * Size of the FFT with the condition k * n = q-1 - */ - uint16_t n; - - /** - * Inverse of n mod q used for normalization of the FFT - */ - uint16_t n_inv; - - /** - * Number of FFT stages stages = log2(n) - */ - uint16_t stages; - - /** - * FFT twiddle factors (n-th roots of unity) - */ - uint16_t *w; - - /** - * FFT bit reversal - */ - uint16_t *rev; - -}; - -/** - * FFT parameters for q = 12289 and n = 512 - */ -extern bliss_fft_params_t bliss_fft_12289_512; - -/** - * FFT parameters for q = 17 and n = 8 - */ -extern bliss_fft_params_t bliss_fft_17_8; - -#endif /** BLISS_FFT_PARAMS_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_huffman.c b/src/libstrongswan/plugins/bliss/bliss_huffman.c index 647234fd8..71e75d6bf 100644 --- a/src/libstrongswan/plugins/bliss/bliss_huffman.c +++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c @@ -209,7 +209,7 @@ static void remove_node(node_t *list, node_t **last, node_t *node) */ int main(int argc, char *argv[]) { - bliss_param_set_t *set; + const bliss_param_set_t *set; int dx, bliss_type, depth = 1, groups, groups_left, pairs = 1; int i_max = 9, k_max = 8, index_max = (2*k_max - 1) * i_max; int i, i_top, k, k_top; diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c index 3781a588f..b6649d771 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.c +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c @@ -33,7 +33,7 @@ ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV, * * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9 */ -static uint8_t c_bliss_i[] = { +static const uint8_t c_bliss_i[] = { 255, 255, 75, 191, 247, 94, 30, 51, 147, 246, 89, 59, 99, 248, 26, 128, 255, 254, 151, 128, 109, 166, 88, 143, 30, 175, 149, 20, 240, 81, 138, 111, 255, 253, 47, 2, 214, 243, 188, 76, 236, 235, 40, 62, 54, 35, 33, 205, @@ -62,7 +62,7 @@ static uint8_t c_bliss_i[] = { * * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5 */ -static uint8_t c_bliss_iii[] = { +static const uint8_t c_bliss_iii[] = { 255, 255, 122, 95, 16, 128, 14, 195, 60, 90, 166, 191, 205, 26, 144, 204, 255, 254, 244, 190, 102, 192, 187, 141, 169, 92, 33, 30, 170, 141, 184, 56, 255, 253, 233, 125, 228, 131, 93, 148, 121, 92, 52, 122, 149, 96, 29, 66, @@ -91,7 +91,7 @@ static uint8_t c_bliss_iii[] = { * * c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0 */ -static uint8_t c_bliss_iv[] = { +static const uint8_t c_bliss_iv[] = { 255, 255, 142, 111, 102, 2, 141, 87, 150, 42, 18, 70, 6, 224, 18, 70, 255, 255, 28, 222, 254, 102, 20, 78, 133, 78, 189, 107, 29, 7, 23, 193, 255, 254, 57, 190, 198, 79, 181, 181, 108, 75, 142, 145, 45, 238, 193, 29, @@ -119,7 +119,7 @@ static uint8_t c_bliss_iv[] = { /** * BLISS signature parameter set definitions */ -static bliss_param_set_t bliss_param_sets[] = { +static const bliss_param_set_t bliss_param_sets[] = { /* BLISS-I scheme */ { @@ -131,7 +131,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 154, .non_zero2 = 0, .kappa = 23, @@ -161,7 +161,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 216, .non_zero2 = 16, .kappa = 30, @@ -191,7 +191,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 231, .non_zero2 = 31, .kappa = 39, @@ -221,7 +221,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 154, .non_zero2 = 0, .kappa = 23, @@ -251,7 +251,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 216, .non_zero2 = 16, .kappa = 30, @@ -281,7 +281,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 231, .non_zero2 = 31, .kappa = 39, @@ -306,7 +306,7 @@ static bliss_param_set_t bliss_param_sets[] = { /** * See header. */ -bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) +const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) { int i; @@ -324,7 +324,7 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) /** * See header. */ -bliss_param_set_t* bliss_param_set_get_by_oid(int oid) +const bliss_param_set_t* bliss_param_set_get_by_oid(int oid) { int i; diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h index 33a8009ff..8c043b925 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.h +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h @@ -24,7 +24,7 @@ typedef enum bliss_param_set_id_t bliss_param_set_id_t; typedef struct bliss_param_set_t bliss_param_set_t; -#include "bliss_fft_params.h" +#include "ntt_fft_params.h" #include "bliss_huffman_code.h" #include @@ -53,132 +53,132 @@ struct bliss_param_set_t { /** * BLISS parameter set ID */ - bliss_param_set_id_t id; + const bliss_param_set_id_t id; /** * BLISS parameter set OID */ - int oid; + const int oid; /** * Security strength in bits */ - uint16_t strength; + const uint16_t strength; /** * Prime modulus */ - uint16_t q; + const uint16_t q; /** * Number of bits in q */ - uint16_t q_bits; + const uint16_t q_bits; /** * Inverse of (q + 2) mod 2q */ - uint16_t q2_inv; + const uint16_t q2_inv; /** * Ring dimension equal to the number of polynomial coefficients */ - uint16_t n; + const uint16_t n; /** * Number of bits in n */ - uint16_t n_bits; + const uint16_t n_bits; /** * FFT parameters */ - bliss_fft_params_t *fft_params; + const ntt_fft_params_t *fft_params; /** * Number of [-1, +1] secret key coefficients */ - uint16_t non_zero1; + const uint16_t non_zero1; /** * Number of [-2, +2] secret key coefficients */ - uint16_t non_zero2; + const uint16_t non_zero2; /** * Number of secret key terms that go into Nk(S) norm */ - uint16_t kappa; + const uint16_t kappa; /** * Maximum Nk(S) tolerable NK(S) norm (BLISS only) */ - uint32_t nks_max; + const uint32_t nks_max; /** * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only) */ - uint32_t p_max; + const uint32_t p_max; /** * Standard deviation sigma */ - uint16_t sigma; + const uint16_t sigma; /** * k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] */ - uint16_t k_sigma; + const uint16_t k_sigma; /** * Number of bits in k_sigma */ - uint16_t k_sigma_bits; + const uint16_t k_sigma_bits; /** * Coefficients for Bernoulli sampling with exponential biases */ - uint8_t *c; + const uint8_t *c; /** * Number of columns in Bernoulli coefficient table */ - size_t c_cols; + const size_t c_cols; /** * Number of rows in Bernoulli coefficient table */ - size_t c_rows; + const size_t c_rows; /** * Number of bits in z1 */ - uint16_t z1_bits; + const uint16_t z1_bits; /** * Number of z2 bits to be dropped after rounding */ - uint16_t d; + const uint16_t d; /** * Modulus p = floor(2q / 2^d) applied after bit dropping */ - uint16_t p; + const uint16_t p; /** * M = sigma^2 / alpha_rejection^2 */ - uint32_t M; + const uint32_t M; /** * B_infinity bound */ - uint16_t B_inf; + const uint16_t B_inf; /** * B_verify bound */ - uint32_t B_l2; + const uint32_t B_l2; }; @@ -188,7 +188,7 @@ struct bliss_param_set_t { * @param id BLISS parameter set ID * @return BLISS parameter set */ -bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); +const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); /** * Get BLISS signature parameter set by BLISS parameter set OID @@ -196,6 +196,6 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); * @param oid BLISS parameter set OID * @return BLISS parameter set */ -bliss_param_set_t* bliss_param_set_get_by_oid(int oid); +const bliss_param_set_t* bliss_param_set_get_by_oid(int oid); #endif /** BLISS_PARAM_SET_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c index 4adcf1e76..cdf3e96ea 100644 --- a/src/libstrongswan/plugins/bliss/bliss_plugin.c +++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,6 +50,8 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE), PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS), PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256), PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_BLISS), PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), @@ -57,29 +59,41 @@ METHOD(plugin_t, get_features, int, /* signature schemes, private */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256), PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384), PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512), PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), /* signature verification schemes */ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256), PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384), PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512), PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), }; *features = f; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 20bbc6ac5..25253ed37 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,9 +20,10 @@ #include "bliss_sampler.h" #include "bliss_signature.h" #include "bliss_bitpacker.h" -#include "bliss_fft.h" +#include "ntt_fft.h" +#include "ntt_fft_reduce.h" -#include +#include #include #include #include @@ -46,7 +47,7 @@ struct private_bliss_private_key_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * BLISS secret key S1 (coefficients of polynomial f) @@ -63,6 +64,11 @@ struct private_bliss_private_key_t { */ uint32_t *A; + /** + * NTT of BLISS public key in Montgomery representation Ar = rA mod + */ + uint32_t *Ar; + /** * reference count */ @@ -163,12 +169,12 @@ static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices, static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, chunk_t data, chunk_t *signature) { - bliss_fft_t *fft; + ntt_fft_t *fft; bliss_signature_t *sig; bliss_sampler_t *sampler = NULL; rng_t *rng; hasher_t *hasher; - hash_algorithm_t mgf1_alg, oracle_alg; + ext_out_function_t mgf1_alg, oracle_alg; size_t mgf1_seed_len; uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512]; chunk_t mgf1_seed, data_hash; @@ -203,12 +209,12 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, /* Set MGF1 hash algorithm and seed length based on security strength */ if (this->set->strength > 160) { - mgf1_alg = HASH_SHA256; + mgf1_alg = XOF_MGF1_SHA256; mgf1_seed_len = HASH_SIZE_SHA256; } else { - mgf1_alg = HASH_SHA1; + mgf1_alg = XOF_MGF1_SHA1; mgf1_seed_len = HASH_SIZE_SHA1; } mgf1_seed = chunk_create(mgf1_seed_buf, mgf1_seed_len); @@ -220,7 +226,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, } /* MGF1 hash algorithm to be used for random oracle */ - oracle_alg = HASH_SHA512; + oracle_alg = XOF_MGF1_SHA512; /* Initialize a couple of needed variables */ n = this->set->n; @@ -241,7 +247,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, y2 = z2; ud = z2d; - fft = bliss_fft_create(this->set->fft_params); + fft = ntt_fft_create(this->set->fft_params); /* Use of the enhanced BLISS-B signature algorithm? */ switch (this->set->id) @@ -337,7 +343,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, for (i = 0; i < n; i++) { - ay[i] = (this->A[i] * ay[i]) % q; + ay[i] = ntt_fft_mreduce(this->Ar[i] * ay[i], this->set->fft_params); } fft->transform(fft, ay, ay, TRUE); @@ -668,6 +674,7 @@ METHOD(private_key_t, destroy, void, free(this->s2); } free(this->A); + free(this->Ar); free(this); } } @@ -795,13 +802,13 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa) /** * Compute the inverse x1 of x modulo q as x^(-1) = x^(q-2) mod q */ -static uint32_t invert(uint32_t x, uint16_t q) +static uint32_t invert(private_bliss_private_key_t *this, uint32_t x) { uint32_t x1, x2; uint16_t q2; int i, i_max; - q2 = q - 2; + q2 = this->set->q - 2; x1 = (q2 & 1) ? x : 1; x2 = x; i_max = 15; @@ -812,11 +819,11 @@ static uint32_t invert(uint32_t x, uint16_t q) } for (i = 1; i <= i_max; i++) { - x2 = (x2 * x2) % q; + x2 = ntt_fft_mreduce(x2 * x2, this->set->fft_params); if (q2 & (1 << i)) { - x1 = (x1 * x2) % q; + x1 = ntt_fft_mreduce(x1 * x2, this->set->fft_params); } } @@ -827,14 +834,14 @@ static uint32_t invert(uint32_t x, uint16_t q) * Create a vector with sparse and small coefficients from seed */ static int8_t* create_vector_from_seed(private_bliss_private_key_t *this, - hash_algorithm_t alg, chunk_t seed) + ext_out_function_t alg, chunk_t seed) { - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; uint32_t index, sign; int8_t *vector; int non_zero; - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; @@ -903,7 +910,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, int i, n; chunk_t seed; size_t seed_len; - hash_algorithm_t alg; + ext_out_function_t alg; n = this->set->n; *s1 = NULL; @@ -912,12 +919,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, /* Set MGF1 hash algorithm and seed length based on security strength */ if (this->set->strength > 160) { - alg = HASH_SHA256; + alg = XOF_MGF1_SHA256; seed_len = HASH_SIZE_SHA256; } else { - alg = HASH_SHA1; + alg = XOF_MGF1_SHA1; seed_len = HASH_SIZE_SHA1; } seed = chunk_create(seed_buf, seed_len); @@ -1000,8 +1007,8 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) uint32_t *S1, *S2, *a; uint16_t q; bool success = FALSE; - bliss_param_set_t *set; - bliss_fft_t *fft; + const bliss_param_set_t *set; + ntt_fft_t *fft; rng_t *rng; while (TRUE) @@ -1062,13 +1069,14 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) this->set = set; /* We derive the public key from the private key using the FFT */ - fft = bliss_fft_create(set->fft_params); + fft = ntt_fft_create(set->fft_params); /* Some vectors needed to derive the publi key */ S1 = malloc(n * sizeof(uint32_t)); S2 = malloc(n * sizeof(uint32_t)); a = malloc(n * sizeof(uint32_t)); - this->A = malloc(n * sizeof(uint32_t)); + this->A = malloc(n * sizeof(uint32_t)); + this->Ar = malloc(n * sizeof(uint32_t)); /* Instantiate a true random generator */ rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); @@ -1091,6 +1099,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) fft->transform(fft, S2, S2, FALSE); success = TRUE; + for (i = 0; i < n; i++) { if (S1[i] == 0) @@ -1103,8 +1112,9 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) success = FALSE; break; } - this->A[i] = invert(S1[i], q); - this->A[i] = (S2[i] * this->A[i]) % q; + this->Ar[i] = invert(this, S1[i]); + this->Ar[i] = ntt_fft_mreduce(S2[i] * this->Ar[i], set->fft_params); + this->A[i] = ntt_fft_mreduce(this->Ar[i], set->fft_params); } } while (!success && trials < SECRET_KEY_TRIALS_MAX); @@ -1114,13 +1124,15 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) if (success) { - fft->transform(fft, this->A, a, TRUE); + fft->transform(fft, this->Ar, a, TRUE); DBG4(DBG_LIB, " i f g a F G A"); for (i = 0; i < n; i++) { DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u", - i, this->s1[i], this->s2[i], a[i], S1[i], S2[i], this->A[i]); + i, this->s1[i], this->s2[i], + ntt_fft_mreduce(a[i], set->fft_params), + S1[i], S2[i], this->A[i]); } } else @@ -1167,7 +1179,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) asn1_parser_t *parser; size_t s_bits = 0; int8_t s, s_min = 0, s_max = 0; - uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value; + uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value, r2; bool success = FALSE; int objectID, oid, i; @@ -1248,6 +1260,14 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) { goto end; } + this->Ar = malloc(this->set->n * sizeof(uint32_t)); + r2 = this->set->fft_params->r2; + + for (i = 0; i < this->set->n; i++) + { + this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2, + this->set->fft_params); + } break; case PRIV_KEY_SECRET1: if (object.len != 1 + (s_bits * this->set->n + 7)/8) diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index 93d1165eb..f7ddbbfd2 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,7 +16,8 @@ #include "bliss_public_key.h" #include "bliss_signature.h" #include "bliss_bitpacker.h" -#include "bliss_fft.h" +#include "ntt_fft.h" +#include "ntt_fft_reduce.h" #include "bliss_utils.h" #include @@ -37,13 +38,18 @@ struct private_bliss_public_key_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f) */ uint32_t *A; + /** + * NTT of BLISS public key in Montgomery representation Ar = rA mod + */ + uint32_t *Ar; + /** * reference counter */ @@ -70,8 +76,8 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, uint8_t data_hash_buf[HASH_SIZE_SHA512]; chunk_t data_hash; hasher_t *hasher; - hash_algorithm_t oracle_alg; - bliss_fft_t *fft; + ext_out_function_t oracle_alg; + ntt_fft_t *fft; bliss_signature_t *sig; bool success = FALSE; @@ -104,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, } /* MGF1 hash algorithm to be used for random oracle */ - oracle_alg = HASH_SHA512; + oracle_alg = XOF_MGF1_SHA512; /* Initialize a couple of needed variables */ n = this->set->n; @@ -120,12 +126,12 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, { az[i] = z1[i] < 0 ? q + z1[i] : z1[i]; } - fft = bliss_fft_create(this->set->fft_params); + fft = ntt_fft_create(this->set->fft_params); fft->transform(fft, az, az, FALSE); for (i = 0; i < n; i++) { - az[i] = (this->A[i] * az[i]) % q; + az[i] = ntt_fft_mreduce(this->Ar[i] * az[i], this->set->fft_params); } fft->transform(fft, az, az, TRUE); @@ -279,6 +285,7 @@ METHOD(public_key_t, destroy, void, { lib->encoding->clear_cache(lib->encoding, this); free(this->A); + free(this->Ar); free(this); } } @@ -304,7 +311,8 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args) chunk_t blob = chunk_empty, object, param; asn1_parser_t *parser; bool success = FALSE; - int objectID, oid; + int objectID, oid, i; + uint32_t r2; while (TRUE) { @@ -380,6 +388,14 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args) { goto end; } + this->Ar = malloc(this->set->n * sizeof(uint32_t)); + r2 = this->set->fft_params->r2; + + for (i = 0; i < this->set->n; i++) + { + this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2, + this->set->fft_params); + } break; } } @@ -399,7 +415,7 @@ end: /** * See header. */ -bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, +bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set, uint32_t **pubkey) { bliss_bitpacker_t *packer; @@ -438,7 +454,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, /** * See header. */ -chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set) +chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set) { bliss_bitpacker_t *packer; chunk_t encoding; @@ -460,7 +476,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set) * See header. */ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, - bliss_param_set_t *set) + const bliss_param_set_t *set) { chunk_t encoding, pubkey_encoding; @@ -479,7 +495,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, * See header. */ bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey, - bliss_param_set_t *set, + const bliss_param_set_t *set, cred_encoding_type_t type, chunk_t *fp) { hasher_t *hasher; diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h index cd8f231b2..d8dd2df5c 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.h +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.h @@ -61,7 +61,7 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args); * @param pubkey coefficients of public key vector * @return TRUE if parsing successful */ -bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, +bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set, uint32_t **pubkey); /** @@ -71,7 +71,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, * @param set BLISS parameter set for the public key vector * @result ASN.1 encoded subjectPublicKey */ -chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set); +chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set); /** * Encode a BLISS subjectPublicKeyInfo record in ASN.1 DER format @@ -82,7 +82,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set); * @result ASN.1 encoded subjectPublicKeyInfo record */ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, - bliss_param_set_t *set); + const bliss_param_set_t *set); /** * Generate a BLISS public key fingerprint @@ -95,7 +95,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, * @result TRUE if generation was successful */ bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey, - bliss_param_set_t *set, + const bliss_param_set_t *set, cred_encoding_type_t type, chunk_t *fp); #endif /** BLISS_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.c b/src/libstrongswan/plugins/bliss/bliss_sampler.c index fa45a2fac..fb29d6622 100644 --- a/src/libstrongswan/plugins/bliss/bliss_sampler.c +++ b/src/libstrongswan/plugins/bliss/bliss_sampler.c @@ -17,7 +17,7 @@ typedef struct private_bliss_sampler_t private_bliss_sampler_t; -#include +#include /** * Private data of a bliss_sampler_t object. @@ -32,12 +32,12 @@ struct private_bliss_sampler_t { /** * BLISS parameter the rejection sampling is to be based on */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * Bitspender used for random rejection sampling */ - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; }; @@ -45,7 +45,8 @@ METHOD(bliss_sampler_t, bernoulli_exp, bool, private_bliss_sampler_t *this, uint32_t x, bool *accepted) { uint32_t x_mask; - uint8_t *c, u; + uint8_t u; + const uint8_t *c; int i; x_mask = 1 << (this->set->c_rows - 1); @@ -221,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void, /** * See header. */ -bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed, - bliss_param_set_t *set) +bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed, + const bliss_param_set_t *set) { private_bliss_sampler_t *this; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.h b/src/libstrongswan/plugins/bliss/bliss_sampler.h index 2c75d4480..3e6d3d003 100644 --- a/src/libstrongswan/plugins/bliss/bliss_sampler.h +++ b/src/libstrongswan/plugins/bliss/bliss_sampler.h @@ -84,11 +84,11 @@ struct bliss_sampler_t { /** * Create a bliss_sampler_t object. * - * @param alg Hash algorithm to be used for the internal bitspender + * @param alg XOF to be used for the internal bitspender * @param seed Seed used to initialize the internal bitspender * @param set BLISS parameter set to be used */ -bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed, - bliss_param_set_t *set); +bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed, + const bliss_param_set_t *set); #endif /** BLISS_SAMPLER_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.c b/src/libstrongswan/plugins/bliss/bliss_signature.c index e603da399..f4e1bff30 100644 --- a/src/libstrongswan/plugins/bliss/bliss_signature.c +++ b/src/libstrongswan/plugins/bliss/bliss_signature.c @@ -32,7 +32,7 @@ struct private_bliss_signature_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * BLISS signature vector z1 of size n @@ -134,7 +134,7 @@ METHOD(bliss_signature_t, destroy, void, /** * See header. */ -bliss_signature_t *bliss_signature_create(bliss_param_set_t *set) +bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set) { private_bliss_signature_t *this; @@ -156,7 +156,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set) /** * See header. */ -bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, +bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set, chunk_t encoding) { private_bliss_signature_t *this; diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.h b/src/libstrongswan/plugins/bliss/bliss_signature.h index d37f5398b..20ed6c0a2 100644 --- a/src/libstrongswan/plugins/bliss/bliss_signature.h +++ b/src/libstrongswan/plugins/bliss/bliss_signature.h @@ -61,7 +61,7 @@ struct bliss_signature_t { * * @param set BLISS parameter set */ -bliss_signature_t *bliss_signature_create(bliss_param_set_t *set); +bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set); /** * Create a BLISS signature object from encoding. @@ -69,7 +69,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set); * @param set BLISS parameter set * @param encoding binary signature encoding */ -bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, +bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set, chunk_t encoding); #endif /** BLISS_SIGNATURE_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.c b/src/libstrongswan/plugins/bliss/bliss_utils.c index 5e313ff26..5baa1f89a 100644 --- a/src/libstrongswan/plugins/bliss/bliss_utils.c +++ b/src/libstrongswan/plugins/bliss/bliss_utils.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,7 +17,7 @@ #include #include -#include +#include #include /** @@ -39,7 +39,8 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n) /** * See header. */ -void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd) +void bliss_utils_round_and_drop(const bliss_param_set_t *set, + int32_t *x, int16_t *xd) { int32_t factor; int i; @@ -55,8 +56,8 @@ void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd) /** * See header. */ -bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, - uint16_t *ud, bliss_param_set_t *set, +bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash, + uint16_t *ud, const bliss_param_set_t *set, uint16_t *c_indices) { int i, index_trials = 0, index_found = 0; @@ -64,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, uint32_t index; uint8_t *seed_pos; chunk_t seed; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t)); @@ -79,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, seed_pos += sizeof(uint16_t); } - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; @@ -117,7 +118,8 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, /** * See header. */ -bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d) +bool bliss_utils_check_norms(const bliss_param_set_t *set, + int32_t *z1, int16_t *z2d) { int32_t z2ds[set->n]; int32_t z1_min, z1_max, norm; diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.h b/src/libstrongswan/plugins/bliss/bliss_utils.h index 156968dd7..bfaf3c475 100644 --- a/src/libstrongswan/plugins/bliss/bliss_utils.h +++ b/src/libstrongswan/plugins/bliss/bliss_utils.h @@ -42,29 +42,31 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n); * @param x input vector x of size n * @param xd rounded vector x with d bits dropped */ -void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd); +void bliss_utils_round_and_drop(const bliss_param_set_t *set, + int32_t *x, int16_t *xd); /** * Generate the binary challenge vector c as an array of kappa indices * - * @param alg hash algorithm to be used for the internal oracle - * @param data_hash hash of the data to be signed - * @param ud input vector ud of size n - * @param set BLISS parameter set to be used (n, n_bits, kappa) - * @param c_indices indexes of non-zero challenge coefficients + * @param alg XOF to be used for the internal oracle + * @param data_hash hash of the data to be signed + * @param ud input vector ud of size n + * @param set BLISS parameter set to be used (n, n_bits, kappa) + * @param c_indices indexes of non-zero challenge coefficients */ -bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, - uint16_t *ud, bliss_param_set_t *set, +bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash, + uint16_t *ud, const bliss_param_set_t *set, uint16_t *c_indices); /** * Check the infinity and l2 norms of the vectors z1 and z2d << d * - * @param set BLISS parameter set - * @param z1 input vector - * @param z2d input vector - * @result TRUE if infinite and l2 norms do not exceed boundaries + * @param set BLISS parameter set + * @param z1 input vector + * @param z2d input vector + * @result TRUE if infinite and l2 norms do not exceed boundaries */ -bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d); +bool bliss_utils_check_norms(const bliss_param_set_t *set, + int32_t *z1, int16_t *z2d); #endif /** BLISS_UTILS_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.am b/src/libstrongswan/plugins/bliss/tests/Makefile.am index bd87753f5..1ec8d551f 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.am +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.am @@ -3,7 +3,6 @@ TESTS = bliss_tests check_PROGRAMS = $(TESTS) bliss_tests_SOURCES = \ - suites/test_bliss_fft.c \ suites/test_bliss_bitpacker.c \ suites/test_bliss_huffman.c \ suites/test_bliss_keys.c \ @@ -15,6 +14,7 @@ bliss_tests_SOURCES = \ bliss_tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ -I$(top_srcdir)/src/libstrongswan/plugins/bliss \ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ @@ -24,4 +24,5 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@ bliss_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 85619c551..05f95dc61 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -110,7 +110,7 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__EXEEXT_1 = bliss_tests$(EXEEXT) am__dirstamp = $(am__leading_dot)dirstamp -am_bliss_tests_OBJECTS = suites/bliss_tests-test_bliss_fft.$(OBJEXT) \ +am_bliss_tests_OBJECTS = \ suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT) \ suites/bliss_tests-test_bliss_huffman.$(OBJEXT) \ suites/bliss_tests-test_bliss_keys.$(OBJEXT) \ @@ -122,6 +122,7 @@ bliss_tests_OBJECTS = $(am_bliss_tests_OBJECTS) bliss_tests_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -353,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,11 +440,12 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ bliss_tests_SOURCES = \ - suites/test_bliss_fft.c \ suites/test_bliss_bitpacker.c \ suites/test_bliss_huffman.c \ suites/test_bliss_keys.c \ @@ -458,6 +457,7 @@ bliss_tests_SOURCES = \ bliss_tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ -I$(top_srcdir)/src/libstrongswan/plugins/bliss \ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ @@ -467,6 +467,7 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@ bliss_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la all: all-am @@ -517,8 +518,6 @@ suites/$(am__dirstamp): suites/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) suites/$(DEPDIR) @: > suites/$(DEPDIR)/$(am__dirstamp) -suites/bliss_tests-test_bliss_fft.$(OBJEXT): suites/$(am__dirstamp) \ - suites/$(DEPDIR)/$(am__dirstamp) suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/bliss_tests-test_bliss_huffman.$(OBJEXT): \ @@ -545,7 +544,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_tests-bliss_tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_huffman.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_keys.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_sampler.Po@am__quote@ @@ -576,20 +574,6 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -suites/bliss_tests-test_bliss_fft.o: suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c - -suites/bliss_tests-test_bliss_fft.obj: suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.obj -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi` - suites/bliss_tests-test_bliss_bitpacker.o: suites/test_bliss_bitpacker.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_bitpacker.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo -c -o suites/bliss_tests-test_bliss_bitpacker.o `test -f 'suites/test_bliss_bitpacker.c' || echo '$(srcdir)/'`suites/test_bliss_bitpacker.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h index f0959cc08..61f37d5a1 100644 --- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h +++ b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,7 +13,6 @@ * for more details. */ -TEST_SUITE(bliss_fft_suite_create) TEST_SUITE(bliss_bitpacker_suite_create) TEST_SUITE(bliss_huffman_suite_create) TEST_SUITE(bliss_keys_suite_create) diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c deleted file mode 100644 index 009aaf802..000000000 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "test_suite.h" - -#include - -static bliss_fft_params_t *fft_params[] = { - &bliss_fft_17_8, - &bliss_fft_12289_512 -}; - -START_TEST(test_bliss_fft_impulse) -{ - bliss_fft_t *fft; - uint16_t n = fft_params[_i]->n; - uint32_t x[n], X[n]; - int i; - - for (i = 0; i < n; i++) - { - x[i] = 0; - } - x[0] = 1; - - fft = bliss_fft_create(fft_params[_i]); - fft->transform(fft, x, X, FALSE); - - for (i = 0; i < n; i++) - { - ck_assert(X[i] == 1); - } - fft->transform(fft, X, x, TRUE); - - for (i = 0; i < n; i++) - { - ck_assert(x[i] == (i == 0)); - } - fft->destroy(fft); -} -END_TEST - -START_TEST(test_bliss_fft_wrap) -{ - bliss_fft_t *fft; - uint16_t n = fft_params[_i]->n; - uint16_t q = fft_params[_i]->q; - uint32_t x[n],y[n], X[n], Y[n]; - int i, j; - - for (i = 0; i < n; i++) - { - x[i] = i; - y[i] = 0; - } - fft = bliss_fft_create(fft_params[_i]); - ck_assert(fft->get_size(fft) == n); - ck_assert(fft->get_modulus(fft) == q); - fft->transform(fft, x, X, FALSE); - - for (j = 0; j < n; j++) - { - y[j] = 1; - fft->transform(fft, y, Y, FALSE); - - for (i = 0; i < n; i++) - { - Y[i] = (X[i] * Y[i]) % q; - } - fft->transform(fft, Y, Y, TRUE); - - for (i = 0; i < n; i++) - { - ck_assert(Y[i] == ( i < j ? q - n - i + j : i - j)); - } - y[j] = 0; - } - fft->destroy(fft); -} -END_TEST - -Suite *bliss_fft_suite_create() -{ - Suite *s; - TCase *tc; - - s = suite_create("bliss_fft"); - - tc = tcase_create("impulse"); - tcase_add_loop_test(tc, test_bliss_fft_impulse, 0, countof(fft_params)); - suite_add_tcase(s, tc); - - tc = tcase_create("negative_wrap"); - tcase_add_loop_test(tc, test_bliss_fft_wrap, 0, countof(fft_params)); - suite_add_tcase(s, tc); - - return s; -} diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c index 1bd1266ad..26c5b60e6 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c @@ -22,16 +22,16 @@ static u_int key_size[] = { 1, 3, 4}; START_TEST(test_bliss_sampler_gaussian) { bliss_sampler_t *sampler; - bliss_param_set_t *set; + const bliss_param_set_t *set; int i, k, count; uint32_t hist[8], sign[3]; int32_t z; - hash_algorithm_t alg; + ext_out_function_t alg; size_t seed_len; chunk_t seed; set = bliss_param_set_get_by_id(key_size[_i]); - alg = HASH_SHA256; + alg = XOF_MGF1_SHA256; seed_len = 32; count = 10000000; diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c index 2a2f48c53..6f566506a 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c @@ -95,8 +95,8 @@ static chunk_t data = chunk_from_chars( START_TEST(test_bliss_signature_fail) { - bliss_param_set_t set2 = { .id = BLISS_B_II }; - bliss_param_set_t *set; + const bliss_param_set_t set2 = { .id = BLISS_B_II }; + const bliss_param_set_t *set; bliss_signature_t *signature; chunk_t encoding; int k; diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index d54331163..895af626b 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index d93b0479c..39caacdcd 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.am b/src/libstrongswan/plugins/chapoly/Makefile.am index 1753de0c7..d6d577c86 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.am +++ b/src/libstrongswan/plugins/chapoly/Makefile.am @@ -15,7 +15,8 @@ libstrongswan_chapoly_la_SOURCES = \ chapoly_plugin.h chapoly_plugin.c \ chapoly_drv.h chapoly_drv.c \ chapoly_drv_portable.h chapoly_drv_portable.c \ - chapoly_aead.h chapoly_aead.c + chapoly_aead.h chapoly_aead.c \ + chapoly_xof.h chapoly_xof.c noinst_LTLIBRARIES += libchapoly-drv-ssse3.la libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index d5b77a990..c0de9d83d 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -152,7 +152,7 @@ libchapoly_drv_ssse3_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(LDFLAGS) -o $@ libstrongswan_chapoly_la_DEPENDENCIES = libchapoly-drv-ssse3.la am_libstrongswan_chapoly_la_OBJECTS = chapoly_plugin.lo chapoly_drv.lo \ - chapoly_drv_portable.lo chapoly_aead.lo + chapoly_drv_portable.lo chapoly_aead.lo chapoly_xof.lo libstrongswan_chapoly_la_OBJECTS = \ $(am_libstrongswan_chapoly_la_OBJECTS) libstrongswan_chapoly_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ @@ -365,7 +365,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -399,8 +398,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -454,6 +451,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -469,7 +468,8 @@ libstrongswan_chapoly_la_SOURCES = \ chapoly_plugin.h chapoly_plugin.c \ chapoly_drv.h chapoly_drv.c \ chapoly_drv_portable.h chapoly_drv_portable.c \ - chapoly_aead.h chapoly_aead.c + chapoly_aead.h chapoly_aead.c \ + chapoly_xof.h chapoly_xof.c libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c @USE_X86X64_TRUE@libchapoly_drv_ssse3_la_CFLAGS = $(PLUGIN_CFLAGS) -mssse3 @@ -573,6 +573,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_drv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_drv_portable.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chapoly_xof.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libchapoly_drv_ssse3_la-chapoly_drv_ssse3.Plo@am__quote@ .c.o: diff --git a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c index 02e7121d6..447960bd0 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c @@ -15,6 +15,7 @@ #include "chapoly_plugin.h" #include "chapoly_aead.h" +#include "chapoly_xof.h" #include @@ -43,6 +44,8 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_REGISTER(AEAD, chapoly_aead_create), PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32), + PLUGIN_REGISTER(XOF, chapoly_xof_create), + PLUGIN_PROVIDE(XOF, XOF_CHACHA20), }; *features = f; return countof(f); diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.c b/src/libstrongswan/plugins/chapoly/chapoly_xof.c new file mode 100644 index 000000000..2740a55b4 --- /dev/null +++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.c @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "chapoly_xof.h" +#include "chapoly_drv.h" + +typedef struct private_chapoly_xof_t private_chapoly_xof_t; + +/** + * Private data of an chapoly_xof_t object. + */ +struct private_chapoly_xof_t { + + /** + * Public chapoly_xof_t interface. + */ + chapoly_xof_t public; + + /** + * Latest block of the ChaCha20 stream. + */ + uint8_t stream[CHACHA_BLOCK_SIZE]; + + /** + * Index pointing to the current position in the stream + */ + u_int stream_index; + + /** + * Driver backend + */ + chapoly_drv_t *drv; +}; + +METHOD(xof_t, get_type, ext_out_function_t, + private_chapoly_xof_t *this) +{ + return XOF_CHACHA20; +} + +METHOD(xof_t, get_bytes, bool, + private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer) +{ + size_t index = 0, len, blocks; + + /* empty the stream buffer first */ + len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index); + if (len) + { + memcpy(buffer, this->stream + this->stream_index, len); + index += len; + this->stream_index += len; + } + + /* copy whole stream blocks directly to output buffer */ + blocks = (out_len - index) / CHACHA_BLOCK_SIZE; + while (blocks--) + { + if (!this->drv->chacha(this->drv, buffer + index)) + { + return FALSE; + } + index += CHACHA_BLOCK_SIZE; + } + + /* refill the stream buffer if some more output bytes are needed */ + len = out_len - index; + if (len) + { + if (!this->drv->chacha(this->drv, this->stream)) + { + return FALSE; + } + memcpy(buffer + index, this->stream, len); + this->stream_index = len; + } + + return TRUE; +} + +METHOD(xof_t, allocate_bytes, bool, + private_chapoly_xof_t *this, size_t out_len, chunk_t *chunk) +{ + *chunk = chunk_alloc(out_len); + + if (!get_bytes(this, out_len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + + return TRUE; +} + +METHOD(xof_t, get_block_size, size_t, + private_chapoly_xof_t *this) +{ + return CHACHA_BLOCK_SIZE; +} + +METHOD(xof_t, get_seed_size, size_t, + private_chapoly_xof_t *this) +{ + return CHACHA_KEY_SIZE + CHACHA_SALT_SIZE + CHACHA_IV_SIZE; +} + +METHOD(xof_t, set_seed, bool, + private_chapoly_xof_t *this, chunk_t seed) +{ + this->stream_index = CHACHA_BLOCK_SIZE; + + return seed.len == get_seed_size(this) && + this->drv->set_key(this->drv, "expand 32-byte k", + seed.ptr, seed.ptr + CHACHA_KEY_SIZE) && + this->drv->init(this->drv, + seed.ptr + CHACHA_KEY_SIZE + CHACHA_SALT_SIZE); +} + +METHOD(xof_t, destroy, void, + private_chapoly_xof_t *this) +{ + this->drv->destroy(this->drv); + free(this); +} + +/** + * See header + */ +chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm) +{ + private_chapoly_xof_t *this; + chapoly_drv_t *drv; + + if (algorithm != XOF_CHACHA20) + { + return NULL; + } + + drv = chapoly_drv_probe(); + if (!drv) + { + return NULL; + } + + INIT(this, + .public = { + .xof_interface = { + .get_type = _get_type, + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_seed_size = _get_seed_size, + .set_seed = _set_seed, + .destroy = _destroy, + }, + }, + .drv = drv, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.h b/src/libstrongswan/plugins/chapoly/chapoly_xof.h new file mode 100644 index 000000000..cd0586fad --- /dev/null +++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup chapoly_xof chapoly_xof + * @{ @ingroup chapoly + */ + +#ifndef CHAPOLY_XOF_H_ +#define CHAPOLY_XOF_H_ + +#include + +typedef struct chapoly_xof_t chapoly_xof_t; + +/** + * ChaCha20 XOF implementation + * + * Based on RFC 7539 ChaCha20 stream initialized with block counter = 1 + */ +struct chapoly_xof_t { + + /** + * Generic xof_t interface for this Extended Output Function (XOF). + */ + xof_t xof_interface; +}; + +/** + * Create a chapoly_xof instance. + * + * @param algorithm XOF_CHACHA20 + * @return chapoly_xof_t object, NULL if not supported + */ +chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm); + +#endif /** CHAPOLY_XOF_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 2703dc4cc..24702df73 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 90fd6bd6b..56b4835fd 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 94a7f112c..16d177e8a 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 5092c542c..7aad683cc 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index c2e49b66f..78905859b 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 1481f8dd8..327ebd36a 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 7623a9507..4bfe127bb 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 7c2ae7ce5..cceb70548 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index eb4a0aef0..fb649f4b3 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 727cc2497..f2396f4cd 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 938a46490..15b876b3f 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return sign_raw(this, data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); case SIGN_RSA_EMSA_PKCS1_MD5: return sign_pkcs1(this, HASH_MD5, "md5", data, sig); default: diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 291287a8f..90829e052 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_raw(this, data, signature); - case SIGN_RSA_EMSA_PKCS1_MD5: - return verify_pkcs1(this, HASH_MD5, "md5", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); + case SIGN_RSA_EMSA_PKCS1_MD5: + return verify_pkcs1(this, HASH_MD5, "md5", data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 32d5bebf0..bee1f8042 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index ea75896a1..c75975301 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY, KEY_RSA), /* signature schemes, private */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), - PLUGIN_DEPENDS(HASHER, HASH_SHA1), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_DEPENDS(HASHER, HASH_MD5), /* signature verification schemes */ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), - PLUGIN_DEPENDS(HASHER, HASH_SHA1), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_DEPENDS(HASHER, HASH_MD5), /* en-/decryption schemes */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index e5d418ea4..21b420866 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature); default: diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index e738908e2..2b2c7f249 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature); - case SIGN_RSA_EMSA_PKCS1_MD5: - return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); + case SIGN_RSA_EMSA_PKCS1_MD5: + return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 6d8a845c0..c6e4e8d93 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index e290c807d..1f5ae3549 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 429cd9e8e..9c448cd9f 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index fe4c55545..635d5fc0e 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -93,8 +93,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } else { - DBG1(DBG_LIB, "finding first LDAP entry failed: %s", - ldap_err2string(ldap_result2error(ldap, entry, 0))); + DBG1(DBG_LIB, "finding first LDAP entry failed"); } return success; } diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 669856c59..d336a5342 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index d937ca348..a31d0a245 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.am b/src/libstrongswan/plugins/mgf1/Makefile.am new file mode 100644 index 000000000..8df227f9f --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/Makefile.am @@ -0,0 +1,17 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-mgf1.la +else +plugin_LTLIBRARIES = libstrongswan-mgf1.la +endif + +libstrongswan_mgf1_la_SOURCES = \ + mgf1_plugin.h mgf1_plugin.c \ + mgf1_xof.h mgf1_xof.c + +libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in new file mode 100644 index 000000000..189e214d7 --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -0,0 +1,791 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/mgf1 +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_mgf1_la_LIBADD = +am_libstrongswan_mgf1_la_OBJECTS = mgf1_plugin.lo mgf1_xof.lo +libstrongswan_mgf1_la_OBJECTS = $(am_libstrongswan_mgf1_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_mgf1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_mgf1_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_mgf1_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_mgf1_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_mgf1_la_SOURCES) +DIST_SOURCES = $(libstrongswan_mgf1_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mgf1.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mgf1.la +libstrongswan_mgf1_la_SOURCES = \ + mgf1_plugin.h mgf1_plugin.c \ + mgf1_xof.h mgf1_xof.c + +libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-mgf1.la: $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_DEPENDENCIES) $(EXTRA_libstrongswan_mgf1_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_mgf1_la_LINK) $(am_libstrongswan_mgf1_la_rpath) $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mgf1_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mgf1_xof.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c new file mode 100644 index 000000000..8df3ac261 --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mgf1_plugin.h" +#include "mgf1_xof.h" + +#include + +typedef struct private_mgf1_plugin_t private_mgf1_plugin_t; + +/** + * private data of mgf1_plugin + */ +struct private_mgf1_plugin_t { + + /** + * public functions + */ + mgf1_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_mgf1_plugin_t *this) +{ + return "mgf1"; +} + +METHOD(plugin_t, get_features, int, + private_mgf1_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(XOF, mgf1_xof_create), + PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_mgf1_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *mgf1_plugin_create() +{ + private_mgf1_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.h b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h new file mode 100644 index 000000000..50105ca29 --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mgf1_p mgf1 + * @ingroup plugins + * + * @defgroup mgf1_plugin mgf1_plugin + * @{ @ingroup mgf1_p + */ + +#ifndef MGF1_PLUGIN_H_ +#define MGF1_PLUGIN_H_ + +#include + +typedef struct mgf1_plugin_t mgf1_plugin_t; + +/** + * Plugin implementing the MGF1 Mask Generator Function in software. + */ +struct mgf1_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** MGF1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.c b/src/libstrongswan/plugins/mgf1/mgf1_xof.c new file mode 100644 index 000000000..0f5fda952 --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.c @@ -0,0 +1,285 @@ +/* + * Copyright (C) 2013-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mgf1_xof.h" + +#include "crypto/hashers/hasher.h" +#include "utils/debug.h" + +typedef struct private_mgf1_xof_t private_mgf1_xof_t; + +/** + * Private data of an mgf1_xof_t object. + */ +struct private_mgf1_xof_t { + + /** + * Public mgf1_xof_t interface. + */ + mgf1_xof_t public; + + /** + * XOF type of the MGF1 Mask Generation Function + */ + ext_out_function_t type; + + /** + * Hasher the MGF1 Mask Generation Function is based on + */ + hasher_t *hasher; + + /** + * Is the seed hashed before using it as a seed for MGF1 ? + */ + bool hash_seed; + + /** + * Counter + */ + uint32_t counter; + + /** + * Set if counter has reached 2^32 + */ + bool overflow; + + /** + * Current state to be hashed + */ + chunk_t state; + + /** + * Position of the 4 octet counter string + */ + uint8_t *ctr_str; + + /** + * Latest hash block + */ + uint8_t buf[HASH_SIZE_SHA512]; + + /** + * Index pointing to the current position in the hash block + */ + size_t buf_index; + +}; + +METHOD(xof_t, get_type, ext_out_function_t, + private_mgf1_xof_t *this) +{ + return this->type; +} + +static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer) +{ + /* detect overflow, set counter string and increment counter */ + if (this->overflow) + { + DBG1(DBG_LIB, "MGF1 overflow occurred"); + return FALSE; + } + htoun32(this->ctr_str, this->counter++); + if (this->counter == 0) + { + this->overflow = TRUE; + } + + /* get the next block from the hash function */ + if (!this->hasher->get_hash(this->hasher, this->state, buffer)) + { + return FALSE; + } + + return TRUE; +} + +METHOD(xof_t, get_bytes, bool, + private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer) +{ + size_t index = 0, blocks, len, hash_size; + + hash_size = this->hasher->get_hash_size(this->hasher); + + /* empty the current hash block buffer first */ + len = min(out_len, hash_size - this->buf_index); + if (len) + { + memcpy(buffer, this->buf + this->buf_index, len); + index += len; + this->buf_index += len; + } + + /* copy whole hash blocks directly to output buffer */ + blocks = (out_len - index) / hash_size; + while (blocks--) + { + if (!get_next_block(this, buffer + index)) + { + return FALSE; + } + index += hash_size; + } + + /* get another hash block if some more output bytes are needed */ + len = out_len - index; + if (len) + { + if (!get_next_block(this, this->buf)) + { + return FALSE; + } + memcpy(buffer + index, this->buf, len); + this->buf_index = len; + } + + return TRUE; +} + +METHOD(xof_t, allocate_bytes, bool, + private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk) +{ + *chunk = chunk_alloc(out_len); + + if (!get_bytes(this, out_len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + + return TRUE; +} + +METHOD(xof_t, get_block_size, size_t, + private_mgf1_xof_t *this) +{ + return this->hasher->get_hash_size(this->hasher); +} + +METHOD(xof_t, get_seed_size, size_t, + private_mgf1_xof_t *this) +{ + return this->hasher->get_hash_size(this->hasher); +} + +METHOD(xof_t, set_seed, bool, + private_mgf1_xof_t *this, chunk_t seed) +{ + size_t hash_size, state_len; + + if (seed.len == 0) + { + DBG1(DBG_LIB, "empty seed for MGF1"); + return FALSE; + } + + /* determine state size and allocate space accordingly */ + hash_size = this->hasher->get_hash_size(this->hasher); + state_len = (this->hash_seed ? hash_size : seed.len) + 4; + chunk_clear(&this->state); + this->state = chunk_alloc(state_len); + + /* hash block buffer is empty */ + this->buf_index = hash_size; + + /* reset counter */ + this->counter = 0; + + /* determine position of the 4 octet counter string */ + this->ctr_str = this->state.ptr + state_len - 4; + + if (this->hash_seed) + { + if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr)) + { + DBG1(DBG_LIB, "failed to hash seed for MGF1"); + return FALSE; + } + } + else + { + memcpy(this->state.ptr, seed.ptr, seed.len); + } + + return TRUE; +} + +METHOD(xof_t, destroy, void, + private_mgf1_xof_t *this) +{ + this->hasher->destroy(this->hasher); + chunk_clear(&this->state); + free(this); +} + +METHOD(mgf1_t, set_hash_seed, void, + private_mgf1_xof_t *this, bool yes) +{ + this->hash_seed = yes; +} + +/* + * Described in header. + */ +mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm) +{ + private_mgf1_xof_t *this; + hash_algorithm_t hash_alg; + hasher_t *hasher; + + switch (algorithm) + { + case XOF_MGF1_SHA1: + hash_alg = HASH_SHA1; + break; + case XOF_MGF1_SHA256: + hash_alg = HASH_SHA256; + break; + case XOF_MGF1_SHA512: + hash_alg = HASH_SHA512; + break; + default: + return NULL; + } + + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher) + { + DBG1(DBG_LIB, "failed to create %N hasher for MGF1", + hash_algorithm_names, hash_alg); + return NULL; + } + + INIT(this, + .public = { + .mgf1_interface = { + .xof_interface = { + .get_type = _get_type, + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_seed_size = _get_seed_size, + .set_seed = _set_seed, + .destroy = _destroy, + }, + .set_hash_seed = _set_hash_seed, + }, + }, + .type = algorithm, + .hasher = hasher, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.h b/src/libstrongswan/plugins/mgf1/mgf1_xof.h new file mode 100644 index 000000000..9d60a807d --- /dev/null +++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mgf1_xof mgf1_xof + * @{ @ingroup crypto + */ + +#ifndef MGF1_XOF_H_ +#define MGF1_XOF_H_ + +typedef struct mgf1_xof_t mgf1_xof_t; + +#include + +/** + * Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash + * function defined in section 10.2.1 of RFC 2437 + */ +struct mgf1_xof_t { + + /** + * mgf1_t interface for this Extended Output Function (XOF). + */ + mgf1_t mgf1_interface; +}; + +/** + * Create an mgf1_xof_t object + * + * @param algorithm XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512 + * @return mgf1_xof_t object, NULL if not supported + */ +mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm); + +#endif /** MGF1_XOF_H_ @}*/ + diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 821dbc138..57dab351e 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/newhope/Makefile.am b/src/libstrongswan/plugins/newhope/Makefile.am new file mode 100644 index 000000000..b01987d22 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/Makefile.am @@ -0,0 +1,33 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + @COVERAGE_CFLAGS@ + +# these files are also used by the tests, we can't directly refer to them +# because of the subdirectory, which would cause distclean to fail +noinst_LTLIBRARIES = libnewhope.la +libnewhope_la_SOURCES = \ + newhope_ke.h newhope_ke.c \ + newhope_noise.h newhope_noise.c \ + newhope_reconciliation.h newhope_reconciliation.c + +libnewhope_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la + +if MONOLITHIC +noinst_LTLIBRARIES += libstrongswan-newhope.la +else +plugin_LTLIBRARIES = libstrongswan-newhope.la +endif + +libstrongswan_newhope_la_SOURCES = \ + newhope_plugin.h newhope_plugin.c + +libstrongswan_newhope_la_LDFLAGS = -module -avoid-version + +libstrongswan_newhope_la_LIBADD = libnewhope.la + + diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in new file mode 100644 index 000000000..be31fb29c --- /dev/null +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -0,0 +1,818 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@MONOLITHIC_TRUE@am__append_1 = libstrongswan-newhope.la +subdir = src/libstrongswan/plugins/newhope +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libnewhope_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la +am_libnewhope_la_OBJECTS = newhope_ke.lo newhope_noise.lo \ + newhope_reconciliation.lo +libnewhope_la_OBJECTS = $(am_libnewhope_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_newhope_la_DEPENDENCIES = libnewhope.la +am_libstrongswan_newhope_la_OBJECTS = newhope_plugin.lo +libstrongswan_newhope_la_OBJECTS = \ + $(am_libstrongswan_newhope_la_OBJECTS) +libstrongswan_newhope_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_newhope_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_newhope_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_newhope_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libnewhope_la_SOURCES) $(libstrongswan_newhope_la_SOURCES) +DIST_SOURCES = $(libnewhope_la_SOURCES) \ + $(libstrongswan_newhope_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + @COVERAGE_CFLAGS@ + + +# these files are also used by the tests, we can't directly refer to them +# because of the subdirectory, which would cause distclean to fail +noinst_LTLIBRARIES = libnewhope.la $(am__append_1) +libnewhope_la_SOURCES = \ + newhope_ke.h newhope_ke.c \ + newhope_noise.h newhope_noise.c \ + newhope_reconciliation.h newhope_reconciliation.c + +libnewhope_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la + +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-newhope.la +libstrongswan_newhope_la_SOURCES = \ + newhope_plugin.h newhope_plugin.c + +libstrongswan_newhope_la_LDFLAGS = -module -avoid-version +libstrongswan_newhope_la_LIBADD = libnewhope.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libnewhope.la: $(libnewhope_la_OBJECTS) $(libnewhope_la_DEPENDENCIES) $(EXTRA_libnewhope_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libnewhope_la_OBJECTS) $(libnewhope_la_LIBADD) $(LIBS) + +libstrongswan-newhope.la: $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_DEPENDENCIES) $(EXTRA_libstrongswan_newhope_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_newhope_la_LINK) $(am_libstrongswan_newhope_la_rpath) $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_ke.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_noise.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_reconciliation.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c new file mode 100644 index 000000000..28956d5fb --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_ke.c @@ -0,0 +1,622 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann, + * and Peter Schwabe. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "newhope_ke.h" +#include "newhope_noise.h" +#include "newhope_reconciliation.h" + +#include +#include +#include +#include + +static const int seed_len = 32; /* 256 bits */ +static const int poly_len = 1792; /* size of 1024 packed 14-bit coefficients */ +static const int rec_len = 256; /* size of 1024 packed 2-bit coefficients */ + +typedef struct private_newhope_ke_t private_newhope_ke_t; + +/** + * Private data of an newhope_ke_t object. + */ +struct private_newhope_ke_t { + + /** + * Public newhope_ke_t interface. + */ + newhope_ke_t public; + + /** + * FFT parameter set + */ + const ntt_fft_params_t *params; + + /** + * Secret noise polynomial s + */ + uint32_t *s; + + /** + * Output polynomial u = a * NTT(s') + NTT(e') + */ + uint32_t *u; + + /** + * Error reconciliation help bits + */ + uint8_t *r; + + /** + * Shared secret + */ + chunk_t shared_secret; + +}; + +/** + * Derive 14-bit coefficients of polynomial a from 256 bit random seed + * using the SHAKE128 extended output function + */ +static uint32_t* derive_a_poly(private_newhope_ke_t *this, chunk_t seed) +{ + uint32_t *a; + uint8_t x[2]; + int i = 0; + xof_t *xof; + + xof = lib->crypto->create_xof(lib->crypto, XOF_SHAKE_128); + if (!xof) + { + DBG1(DBG_LIB, "could not instantiate SHAKE128 XOF"); + return NULL; + } + + if (!xof->set_seed(xof, seed)) + { + DBG1(DBG_LIB, "could not set seed of SHAKE128 XOF"); + xof->destroy(xof); + return NULL; + } + + /* allocate dynamic memory for polynomial a */ + a = (uint32_t*)malloc(this->params->n * sizeof(uint32_t)); + + while (i < this->params->n) + { + if (!xof->get_bytes(xof, sizeof(x), x)) + { + DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF"); + xof->destroy(xof); + free(a); + return NULL; + } + + /* + * Treat x as a 16 bit unsigned little endian integer + * and truncate to 14 bits + */ + a[i] = uletoh16(x) & 0x3fff; + + if (a[i] < this->params->q) + { + i++; + } + } + xof->destroy(xof); + + return a; +} + +/** + * Pack four 14-bit coefficients into seven consecutive bytes + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |L 0 0 0 0 0 0 0|L 1 H 0 0 0 0 0|M 1 1 1 1 1 1 1|L 2 2 2 H 1 1 1| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |M 2 2 2 2 2 2 2|L 3 3 3 3 3 H 2|H 3 3 3 3 3 3 3|L 0 0 0 0 0 0 0| + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ +static void pack_poly(private_newhope_ke_t *this, uint8_t *x, uint32_t *p) +{ + int i; + + for (i = 0; i < this->params->n; i += 4) + { + *x++ = (p[i] & 0xff ); + *x++ = (p[i] >> 8) | (p[i+1] << 6); + *x++ = (p[i+1] >> 2); + *x++ = (p[i+1] >> 10) | (p[i+2] << 4); + *x++ = (p[i+2] >> 4); + *x++ = (p[i+2] >> 12) | (p[i+3] << 2); + *x++ = (p[i+3] >> 6); + } +} + +/** + * Unpack seven consecutive bytes into four 14-bit coefficients + */ +static uint32_t* unpack_poly(private_newhope_ke_t * this, uint8_t *x) +{ + uint32_t *p; + int i; + + p = (uint32_t*)malloc(this->params->n * sizeof(uint32_t)); + + for (i = 0; i < this->params->n; i += 4) + { + p[i] = x[0] | (((uint32_t)x[1] & 0x3f) << 8); + p[i+1] = (x[1] >> 6) | (((uint32_t)x[2]) << 2) + | (((uint32_t)x[3] & 0x0f) << 10); + p[i+2] = (x[3] >> 4) | (((uint32_t)x[4]) << 4) + | (((uint32_t)x[5] & 0x03) << 12); + p[i+3] = (x[5] >> 2) | (((uint32_t)x[6]) << 6); + x += 7; + } + for (i = 0; i < this->params->n; i++) + { + if (p[i] >= this->params->q) + { + DBG1(DBG_LIB, "polynomial coefficient must be smaller than %u", + this->params->q); + free(p); + return NULL; + } + } + return p; +} + +/** + * Multiply and add polynomials in the frequency domain + */ +static uint32_t* multiply_add_poly(private_newhope_ke_t *this, + uint32_t *a, uint32_t *e) +{ + ntt_fft_t *fft; + uint32_t *b, t; + int i; + + /* transform s and h to frequency domain */ + fft = ntt_fft_create(this->params); + fft->transform(fft, this->s, this->s, FALSE); + fft->transform(fft, e, e, FALSE); + fft->destroy(fft); + + b = (uint32_t*)malloc(this->params->n * sizeof(uint32_t)); + + /* compute b = a * s + e in the frequency domain */ + for (i = 0; i < this->params->n; i++) + { + /* convert a[i] to Montgomery domain */ + t = ntt_fft_mreduce(a[i] * this->params->r2, this->params); + + /* compute b[i] = a[i] * s[i] + e[i] in Montgomery domain */ + t = ntt_fft_mreduce(t * this->s[i], this->params) + e[i]; + + /* exit Montgomery domain before transmitting polynomial b */ + b[i] = ntt_fft_mreduce(t, this->params); + } + memwipe(e, this->params->n * sizeof(uint32_t)); + + return b; +} + +/** + * Multiply polynomials in the frequency domain and return to time domain + */ +static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b) +{ + ntt_fft_t *fft; + uint32_t *v, t; + int i; + + v = (uint32_t*)malloc(this->params->n * sizeof(uint32_t)); + + for (i = 0; i < this->params->n; i++) + { + /* convert b[i] to Montgomery domain */ + t = ntt_fft_mreduce(b[i] * this->params->r2, this->params); + + /* compute v[i] = b[i] * s[i] in Montgomery domain */ + v[i] = ntt_fft_mreduce(t * this->s[i], this->params); + } + + /* transform v back to time domain */ + fft = ntt_fft_create(this->params); + fft->transform(fft, v, v, TRUE); + fft->destroy(fft); + + return v; +} + +/** + * Pack four 2-bit coefficents into one byte + */ +static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r) +{ + int i; + + for (i = 0; i < this->params->n; i += 4) + { + *x++ = r[i] | r[i+1] << 2 | r[i+2] << 4 | r[i+3] << 6; + } +} + +static uint8_t* unpack_rec(private_newhope_ke_t *this, uint8_t *x) +{ + uint8_t *r; + int i; + + r = (uint8_t*)malloc(this->params->n); + + for (i = 0; i < this->params->n; i += 4) + { + r[i] = (*x) & 0x03; + r[i+1] = (*x >> 2) & 0x03; + r[i+2] = (*x >> 4) & 0x03; + r[i+3] = (*x >> 6) & 0x03; + x++; + } + + return r; +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_newhope_ke_t *this, chunk_t *value) +{ + uint16_t n, q; + int i; + + /* Define some often-used constants */ + n = this->params->n; + q = this->params->q; + + /* are we the initiator? */ + if (this->u == NULL) + { + rng_t *rng; + uint32_t *a = NULL, *b = NULL, *e = NULL; + uint8_t noise_seed_buf[seed_len]; + chunk_t noise_seed = { noise_seed_buf, seed_len}; + chunk_t a_seed; + newhope_noise_t *noise = NULL; + bool success = FALSE; + + /* allocate space for public output value */ + *value = chunk_alloc(poly_len + seed_len); + a_seed = chunk_create(value->ptr + poly_len, seed_len); + + /* create polynomial a from 256 bit random seed */ + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng) + { + DBG1(DBG_LIB, "could not instatiate random source"); + return FALSE; + } + if (!rng->get_bytes(rng, seed_len, a_seed.ptr)) + { + DBG1(DBG_LIB, "could not generate seed for polynomial a"); + goto end; + } + + a = derive_a_poly(this, a_seed); + if (a == NULL) + { + goto end; + } + + /* generate random seed for the derivation of noise polynomials */ + if (!rng->get_bytes(rng, seed_len, noise_seed.ptr)) + { + DBG1(DBG_LIB, "could not generate seed for noise polynomials"); + goto end; + } + + /* create noise polynomial generator */ + noise = newhope_noise_create(noise_seed); + if (!noise) + { + goto end; + } + + /* create noise polynomial s from seed with nonce = 0x00 */ + this->s = noise->get_binomial_words(noise, 0x00, n, q); + if (this->s == NULL) + { + goto end; + } + + /* create noise polynomial e from seed with nonce = 0x01 */ + e = noise->get_binomial_words(noise, 0x01, n, q); + if (e == NULL) + { + goto end; + } + + /* compute b = a * NTT(s) + NTT(e) */ + b = multiply_add_poly(this, a, e); + + DBG3(DBG_LIB, " i a[i] b[i]"); + for (i = 0; i < n; i++) + { + DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]); + } + + /* pack coefficients of polynomial b */ + pack_poly(this, value->ptr, b); + success = TRUE; + + end: + rng->destroy(rng); + DESTROY_IF(noise); + free(a); + free(b); + free(e); + + if (!success) + { + chunk_free(value); + } + return success; + } + else + { + DBG3(DBG_LIB, " i u[i] r[i]"); + for (i = 0; i < n; i++) + { + DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]); + } + + /* allocate space for public output value */ + *value = chunk_alloc(poly_len + rec_len); + + /* pack coefficients of polynomial u */ + pack_poly(this, value->ptr, this->u); + + /* pack coefficients of polynomial r */ + pack_rec(this, value->ptr + poly_len, this->r); + + return TRUE; + } +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_newhope_ke_t *this, chunk_t *secret) +{ + if (this->shared_secret.len == 0) + { + *secret = chunk_empty; + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + + return TRUE; +} + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_newhope_ke_t *this, chunk_t value) +{ + newhope_reconciliation_t * rec; + uint16_t n, q; + int i; + + /* Define some often-used constants */ + n = this->params->n; + q = this->params->q; + + /* are we the responder? */ + if (this->s == NULL) + { + uint32_t *a = NULL, *b = NULL, *e1 = NULL, *e2 = NULL, *v = NULL, t; + uint8_t *rbits = NULL; + uint8_t noise_seed_buf[seed_len]; + chunk_t noise_seed = { noise_seed_buf, seed_len }; + chunk_t a_seed; + newhope_noise_t *noise = NULL; + rng_t *rng = NULL; + bool success = FALSE; + + if (value.len != poly_len + seed_len) + { + DBG1(DBG_LIB, "received %N KE payload of incorrect size", + diffie_hellman_group_names, NH_128_BIT); + return FALSE; + } + a_seed = chunk_create(value.ptr + poly_len, seed_len); + + a = derive_a_poly(this, a_seed); + if (a == NULL) + { + return FALSE; + } + + b = unpack_poly(this, value.ptr); + if (b == NULL) + { + goto end; + } + + /* debug output of polynomials a and b */ + DBG3(DBG_LIB, " i a[i] b[i]"); + for (i = 0; i < n; i++) + { + DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]); + } + + /* generate random seed for the derivation of noise polynomials */ + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng) + { + DBG1(DBG_LIB, "could not instatiate random source"); + goto end; + } + if (!rng->get_bytes(rng, seed_len, noise_seed.ptr)) + { + DBG1(DBG_LIB, "could not generate seed for noise polynomials"); + goto end; + } + + /* create noise polynomial generator */ + noise = newhope_noise_create(noise_seed); + if (!noise) + { + goto end; + } + + /* create noise polynomial s' from seed with nonce = 0x00 */ + this->s = noise->get_binomial_words(noise, 0x00, n, q); + if (this->s == NULL) + { + goto end; + } + + /* create noise polynomial e' from seed with nonce = 0x01 */ + e1 = noise->get_binomial_words(noise, 0x01, n, q); + if (e1 == NULL) + { + goto end; + } + + /* create noise polynomial e'' from seed with nonce = 0x02 */ + e2 = noise->get_binomial_words(noise, 0x02, n, q); + if (e2 == NULL) + { + goto end; + } + + /* compute u = a * NTT(s') + NTT(e') */ + this->u = multiply_add_poly(this, a, e1); + + /* compute v = NTT_inv( b * NTT(s') ) */ + v = multiply_ntt_inv_poly(this, b); + + /* compute v = v + e'' */ + for (i = 0; i < n; i++) + { + t = v[i] + e2[i]; + v[i] = (t < q) ? t : t - q; + } + memwipe(e2, n * sizeof(uint32_t)); + + /* create uniform noise bytes from seed with nonce = 0x02 */ + rbits = noise->get_uniform_bytes(noise, 0x03, n/(4*8)); + + rec = newhope_reconciliation_create(n, q); + this->r = rec->help_reconcile(rec, v, rbits); + free(rbits); + this->shared_secret = rec->reconcile(rec, v, this->r); + rec->destroy(rec); + + DBG4(DBG_LIB, "key: %B", &this->shared_secret); + success = TRUE; + + end: + DESTROY_IF(rng); + DESTROY_IF(noise); + free(a); + free(b); + free(e1); + free(e2); + free(v); + + return success; + } + else + { + uint32_t *v; + + if (value.len != poly_len + rec_len) + { + DBG1(DBG_LIB, "received %N KE payload of incorrect size", + diffie_hellman_group_names, NH_128_BIT); + return FALSE; + } + + this->u = unpack_poly(this, value.ptr); + if (this->u == NULL) + { + return FALSE; + } + + this->r = unpack_rec(this, value.ptr + poly_len); + if (this->r == NULL) + { + return FALSE; + } + + DBG3(DBG_LIB, " i u[i] r[i]"); + for (i = 0; i < n; i++) + { + DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]); + } + + /* compute v' = NTT_inv( u * NTT(s) ) */ + v = multiply_ntt_inv_poly(this, this->u); + + rec = newhope_reconciliation_create(n, q); + this->shared_secret = rec->reconcile(rec, v, this->r); + free(v); + rec->destroy(rec); + + DBG4(DBG_LIB, "key: %B", &this->shared_secret); + + return TRUE; + } +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_newhope_ke_t *this) +{ + return NH_128_BIT; +} + +METHOD(diffie_hellman_t, destroy, void, + private_newhope_ke_t *this) +{ + chunk_clear(&this->shared_secret); + memwipe(this->s, this->params->n * sizeof(uint32_t)); + free(this->s); + free(this->u); + free(this->r); + free(this); +} + +/* + * Described in header. + */ +newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) +{ + private_newhope_ke_t *this; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .params = &ntt_fft_12289_1024, + + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.h b/src/libstrongswan/plugins/newhope/newhope_ke.h new file mode 100644 index 000000000..677d04f90 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_ke.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup newhope_ke newhope_ke + * @{ @ingroup newhope_p + */ + +#ifndef NEWHOPE_KE_H_ +#define NEWHOPE_KE_H_ + +typedef struct newhope_ke_t newhope_ke_t; + +#include + +/** + * Implementation of a key exchange algorithm using the New Hope algorithm + */ +struct newhope_ke_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new newhope_ke_t object. + * + * @param group New Hope DH group number + * @param g not used + * @param p not used + * @return newhope_ke_t object, NULL if not supported + */ +newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p); + +#endif /** NEWHOPE_KE_H_ @}*/ + diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.c b/src/libstrongswan/plugins/newhope/newhope_noise.c new file mode 100644 index 000000000..5ba9f94bd --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_noise.c @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann, + * and Peter Schwabe. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "newhope_noise.h" + +typedef struct private_newhope_noise_t private_newhope_noise_t; + +static const int seed_len = 32; /* 256 bits */ +static const int nonce_len = 12; /* 96 bits */ + +/** + * Private data of an newhope_noise_t object. + */ +struct private_newhope_noise_t { + + /** + * Public newhope_noise_t interface. + */ + newhope_noise_t public; + + /** + * 256 bit seed and 96 bit nonce (44 bytes) + */ + chunk_t seed; + + /** + * ChaCha20 stream + */ + xof_t *xof; + +}; + +METHOD(newhope_noise_t, get_uniform_bytes, uint8_t*, + private_newhope_noise_t *this, uint8_t nonce, uint16_t n) +{ + uint8_t *bytes; + + this->seed.ptr[seed_len] = nonce; + if (!this->xof->set_seed(this->xof, this->seed)) + { + DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF"); + return NULL; + } + + /* allocate dynamic memory for the noise polynomial */ + bytes = (uint8_t*)malloc(n); + + if (!this->xof->get_bytes(this->xof, n, bytes)) + { + DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF"); + free(bytes); + return NULL; + } + + return bytes; +} + +METHOD(newhope_noise_t, get_binomial_words, uint32_t*, + private_newhope_noise_t *this, uint8_t nonce, uint16_t n, uint16_t q) +{ + uint32_t *np, a, b, d, t; + uint8_t x[4]; + int i = 0, j; + + this->seed.ptr[seed_len] = nonce; + if (!this->xof->set_seed(this->xof, this->seed)) + { + DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF"); + return NULL; + } + + /* allocate dynamic memory for the noise polynomial */ + np = (uint32_t*)malloc(n * sizeof(uint32_t)); + + for (i = 0; i < n; i++) + { + if (!this->xof->get_bytes(this->xof, sizeof(x), x)) + { + DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF"); + free(np); + return NULL; + } + + /* Treat x as a 32 bit unsigned little endian integer */ + t = uletoh32(x); + + /* Compute Psi_16 distribution */ + d = 0; + for (j = 0; j < 8; j++) + { + d += (t >> j) & 0x01010101; + } + a = ((d >> 8) & 0xff) + (d & 0xff); + b = ((d >> 16) & 0xff) + (d >> 24); + np[i] = (a >= b) ? a - b : a + q - b; + } + + return np; +} + +METHOD(newhope_noise_t, destroy, void, + private_newhope_noise_t *this) +{ + this->xof->destroy(this->xof); + chunk_free(&this->seed); + free(this); +} + +/* + * Described in header. + */ +newhope_noise_t *newhope_noise_create(chunk_t seed) +{ + private_newhope_noise_t *this; + xof_t *xof; + + if (seed.len != seed_len) + { + DBG1(DBG_LIB, "seed for ChaCha20 stream must be 256 bits"); + return NULL; + } + + xof = lib->crypto->create_xof(lib->crypto, XOF_CHACHA20); + if (!xof) + { + DBG1(DBG_LIB, "could not instantiate ChaCha20 stream"); + return NULL; + } + + INIT(this, + .public = { + .get_uniform_bytes = _get_uniform_bytes, + .get_binomial_words = _get_binomial_words, + .destroy = _destroy, + }, + .xof = xof, + .seed = chunk_alloc(seed_len + nonce_len), + ); + + /* initialize seed for ChaCha 20 stream */ + memcpy(this->seed.ptr, seed.ptr, seed_len); + memset(this->seed.ptr + seed_len, 0x00, nonce_len); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.h b/src/libstrongswan/plugins/newhope/newhope_noise.h new file mode 100644 index 000000000..d7819d3ad --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_noise.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup newhope_noise newhope_noise + * @{ @ingroup newhope_p + */ + +#ifndef NEWHOPE_NOISE_H_ +#define NEWHOPE_NOISE_H_ + +typedef struct newhope_noise_t newhope_noise_t; + +#include + +/** + * Generate pseudo random noise using a ChaCha20 stream + * initialized with a 256 bit seed and an 8 bit nonce + */ +struct newhope_noise_t { + + /** + * Return n pseudo random bytes with a uniform distribution + * + * @param nonce Nonce determining the pseudo random stream + * @param n Number of pseudo random bytes to be returned + * @return Return array with n peudo random bytes + */ + uint8_t* (*get_uniform_bytes)(newhope_noise_t *this, uint8_t nonce, + uint16_t n); + + /** + * Return n pseudo random 32-bit words with a Psi16 binomial distribution + * + * @param nonce Nonce determining the pseudo random stream + * @param n Number of pseudo random Psi16 words to be returned + * @param q Prime number q determining the ring + * @return Return array with n pseudo random 32 bit words + */ + uint32_t* (*get_binomial_words)(newhope_noise_t *this, uint8_t nonce, + uint16_t n, uint16_t q); + + /** + * Destroy a newhope_noise_t object + */ + void (*destroy)(newhope_noise_t *this); +}; + +/** + * Creates a new newhope_noise_t object. + * + * @param seed 256 bit seed (32 byte chunk) + * @return newhope_noise_t object, NULL if not supported + */ +newhope_noise_t *newhope_noise_create(chunk_t seed); + +#endif /** NEWHOPE_NOISE_H_ @}*/ + diff --git a/src/libstrongswan/plugins/newhope/newhope_plugin.c b/src/libstrongswan/plugins/newhope/newhope_plugin.c new file mode 100644 index 000000000..444e61a1d --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_plugin.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "newhope_plugin.h" +#include "newhope_ke.h" + +#include + +typedef struct private_newhope_plugin_t private_newhope_plugin_t; + +/** + * private data of newhope_plugin + */ +struct private_newhope_plugin_t { + + /** + * public functions + */ + newhope_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_newhope_plugin_t *this) +{ + return "newhope"; +} + +METHOD(plugin_t, get_features, int, + private_newhope_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(DH, newhope_ke_create), + PLUGIN_PROVIDE(DH, NH_128_BIT), + PLUGIN_DEPENDS(XOF, XOF_SHAKE_128), + PLUGIN_DEPENDS(XOF, XOF_CHACHA20), + }; + *features = f; + + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_newhope_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *newhope_plugin_create() +{ + private_newhope_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/newhope/newhope_plugin.h b/src/libstrongswan/plugins/newhope/newhope_plugin.h new file mode 100644 index 000000000..b04792f10 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup newhope_p newhope + * @ingroup plugins + * + * @defgroup newhope_plugin newhope_plugin + * @{ @ingroup newhope_p + */ + +#ifndef NEWHOPE_PLUGIN_H_ +#define NEWHOPE_PLUGIN_H_ + +#include + +typedef struct newhope_plugin_t newhope_plugin_t; + +/** + * Plugin implementing New Hope-based key exchange + */ +struct newhope_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** NEWHOPE_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.c b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c new file mode 100644 index 000000000..4aed60e30 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c @@ -0,0 +1,217 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann, + * and Peter Schwabe. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + */ + +#include "newhope_reconciliation.h" + +typedef struct private_newhope_reconciliation_t private_newhope_reconciliation_t; + +/** + * Private data of an newhope_reconciliation_t object. + */ +struct private_newhope_reconciliation_t { + + /** + * Public newhope_reconciliation_t interface. + */ + newhope_reconciliation_t public; + + /** + * Array sizes + */ + int n, n4; + + /** + * Multiples of modulus q + */ + int32_t q, q2, q4, q8, q16; +}; + + +static inline int32_t rec_abs(int32_t v) +{ + int32_t mask = v >> 31; + + return (v ^ mask) - mask; +} + +/** + * Auxiliary function used by help_reconcile() method + */ +static int32_t rec_f(private_newhope_reconciliation_t *this, + int32_t v, uint8_t r, int32_t *v0, int32_t *v1) +{ + int32_t x, xit, t, b; + + x = 8 * v + 2 * r; + + /* compute t = x/q */ + b = x * 2730; + t = b >> 25; + b = x - t * this->q; + b = this->q - 1 - b; + b >>= 31; + t -= b; + + r = t & 0x01; + xit = (t >> 1); + *v0 = xit + r ; /* v0 = round(x/(2q)) */ + + t -= 1; + r = t & 0x01; + *v1 = ( t>> 1) + r; + + return rec_abs(x - (*v0) * this->q2); +} + +/** + * Auxiliary function used by reconcile() method + */ +static int32_t rec_g(private_newhope_reconciliation_t *this, int32_t x) +{ + int32_t t, r, b; + + /* t = x/(4*q) */ + b = x * 2730; + t = b >> 27; + b = x - t * this->q4; + b = this->q4 - 1 - b; + b >>= 31; + t -= b; + + r = t & 0x01; + t = (t >> 1) + r; /* t = round(x/(8q)) */ + t *= this->q8; + + return abs(t - x); +} + +METHOD(newhope_reconciliation_t, help_reconcile, uint8_t*, + private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *rbits) +{ + int32_t v0[4], v1[4], v_tmp[4], k; + int i, i0, i1, i2, i3, j; + uint8_t *r, rbit; + + /* allocate output vector */ + r = (uint8_t*)malloc(this->n); + + for (i = 0; i < this->n4/8; i++) + { + for (j = 0; j < 8; j++) + { + i0 = 8*i + j; + i1 = i0 + this->n4; + i2 = i1 + this->n4; + i3 = i2 + this->n4; + + /* iterate through all 256 random bits */ + rbit = (rbits[i] >> j) & 0x01; + + k = rec_f(this, v[i0], rbit, &v0[0], &v1[0]); + k += rec_f(this, v[i1], rbit, &v0[1], &v1[1]); + k += rec_f(this, v[i2], rbit, &v0[2], &v1[2]); + k += rec_f(this, v[i3], rbit, &v0[3], &v1[3]); + + k = (this->q2 - 1 - k) >> 31; + + v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]); + v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]); + v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]); + v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]); + + r[i0] = (v_tmp[0] - v_tmp[3]) & 0x03; + r[i1] = (v_tmp[1] - v_tmp[3]) & 0x03; + r[i2] = (v_tmp[2] - v_tmp[3]) & 0x03; + r[i3] = (v_tmp[3] - k + v_tmp[3]) & 0x03; + } + } + + return r; +} + +METHOD(newhope_reconciliation_t, reconcile, chunk_t, + private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *r) +{ + size_t key_len; + uint8_t *key; + int32_t tmp[4], t; + int i, i0, i1, i2, i3, j; + + key_len = this->n4 / 8; + key = (uint8_t*)malloc(key_len); + memset(key, 0x00, key_len); + + for (i = 0; i < key_len; i++) + { + for (j = 0; j < 8; j++) + { + i0 = 8*i + j; + i1 = i0 + this->n4; + i2 = i1 + this->n4; + i3 = i2 + this->n4; + + tmp[0] = this->q16 + 8 * (int32_t)v[i0] - + this->q * (2*r[i0] + r[i3]); + tmp[1] = this->q16 + 8 * (int32_t)v[i1] - + this->q * (2*r[i1] + r[i3]); + tmp[2] = this->q16 + 8 * (int32_t)v[i2] - + this->q * (2*r[i2] + r[i3]); + tmp[3] = this->q16 + 8 * (int32_t)v[i3] - + this->q * ( r[i3]); + + t = rec_g(this, tmp[0]) + rec_g(this, tmp[1]) + + rec_g(this, tmp[2]) + rec_g(this, tmp[3]) - this->q8; + + key[i] |= ((t >> 31) & 0x01) << j; + } + } + + return chunk_create(key, key_len); +} + +METHOD(newhope_reconciliation_t, destroy, void, + private_newhope_reconciliation_t *this) +{ + free(this); +} + +/* + * Described in header. + */ +newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q) +{ + private_newhope_reconciliation_t *this; + + INIT(this, + .public = { + .help_reconcile = _help_reconcile, + .reconcile = _reconcile, + .destroy = _destroy, + }, + .n = n, + .n4 = n / 4, + .q = q, + .q2 = 2 * q, + .q4 = 4 * q, + .q8 = 8 * q, + .q16 = 16 * q, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.h b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h new file mode 100644 index 000000000..7cbf0d208 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup newhope_reconciliation newhope_reconciliation + * @{ @ingroup newhope_p + */ + +#ifndef NEWHOPE_RECONCILIATION_H_ +#define NEWHOPE_RECONCILIATION_H_ + +typedef struct newhope_reconciliation_t newhope_reconciliation_t; + +#include + +/** + * Class assisting the error reconciliation + * resulting in a key exchange error rate < 2^(-60) + */ +struct newhope_reconciliation_t { + + /** + * Generate reconciliation polynomial + * + * @param v polynomial v + * @param rbits pseudo random bit array + * @return return array with reconciliation polynomial + */ + uint8_t* (*help_reconcile)(newhope_reconciliation_t *this, + uint32_t *v, uint8_t *rbits); + + /** + * Use reconciliation polynomial r to derive shared secret + * + * @param v polynomial v or v' + * @param r reconciliation polynomial r + * @return Return shared secret + */ + chunk_t (*reconcile)(newhope_reconciliation_t *this, + uint32_t *v, uint8_t *r); + + /** + * Destroy a newhope_reconciliation_t object + */ + void (*destroy)(newhope_reconciliation_t *this); +}; + +/** + * Creates a new newhope_reconciliation_t object. + * + * @param n array size + * @param q prime modulus + * @return newhope_reconciliation_t object + */ +newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q); + +#endif /** NEWHOPE_RECONCILIATION_H_ @}*/ + diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.am b/src/libstrongswan/plugins/newhope/tests/Makefile.am new file mode 100644 index 000000000..3992e26d1 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.am @@ -0,0 +1,25 @@ +TESTS = newhope_tests + +check_PROGRAMS = $(TESTS) + +newhope_tests_SOURCES = \ + suites/test_newhope_ke.c \ + suites/test_newhope_noise.c \ + suites/test_newhope_reconciliation.c \ + newhope_tests.h newhope_tests.c + +newhope_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ + -I$(top_srcdir)/src/libstrongswan/plugins/newhope \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +newhope_tests_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + ../libnewhope.la diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in new file mode 100644 index 000000000..07ded5d9d --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -0,0 +1,929 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +TESTS = newhope_tests$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) +subdir = src/libstrongswan/plugins/newhope/tests +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = newhope_tests$(EXEEXT) +am__dirstamp = $(am__leading_dot)dirstamp +am_newhope_tests_OBJECTS = \ + suites/newhope_tests-test_newhope_ke.$(OBJEXT) \ + suites/newhope_tests-test_newhope_noise.$(OBJEXT) \ + suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT) \ + newhope_tests-newhope_tests.$(OBJEXT) +newhope_tests_OBJECTS = $(am_newhope_tests_OBJECTS) +newhope_tests_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + ../libnewhope.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +newhope_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(newhope_tests_CFLAGS) \ + $(CFLAGS) $(newhope_tests_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(newhope_tests_SOURCES) +DIST_SOURCES = $(newhope_tests_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +newhope_tests_SOURCES = \ + suites/test_newhope_ke.c \ + suites/test_newhope_noise.c \ + suites/test_newhope_reconciliation.c \ + newhope_tests.h newhope_tests.c + +newhope_tests_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ + -I$(top_srcdir)/src/libstrongswan/plugins/newhope \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +newhope_tests_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + ../libnewhope.la + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +suites/$(am__dirstamp): + @$(MKDIR_P) suites + @: > suites/$(am__dirstamp) +suites/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) suites/$(DEPDIR) + @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/newhope_tests-test_newhope_ke.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/newhope_tests-test_newhope_noise.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) + +newhope_tests$(EXEEXT): $(newhope_tests_OBJECTS) $(newhope_tests_DEPENDENCIES) $(EXTRA_newhope_tests_DEPENDENCIES) + @rm -f newhope_tests$(EXEEXT) + $(AM_V_CCLD)$(newhope_tests_LINK) $(newhope_tests_OBJECTS) $(newhope_tests_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f suites/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/newhope_tests-newhope_tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +suites/newhope_tests-test_newhope_ke.o: suites/test_newhope_ke.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c + +suites/newhope_tests-test_newhope_ke.obj: suites/test_newhope_ke.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi` + +suites/newhope_tests-test_newhope_noise.o: suites/test_newhope_noise.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c + +suites/newhope_tests-test_newhope_noise.obj: suites/test_newhope_noise.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi` + +suites/newhope_tests-test_newhope_reconciliation.o: suites/test_newhope_reconciliation.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c + +suites/newhope_tests-test_newhope_reconciliation.obj: suites/test_newhope_reconciliation.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reconciliation.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reconciliation.c'; fi` + +newhope_tests-newhope_tests.o: newhope_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.o -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c + +newhope_tests-newhope_tests.obj: newhope_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.obj -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f suites/$(DEPDIR)/$(am__dirstamp) + -rm -f suites/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/newhope/tests/newhope_tests.c b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c new file mode 100644 index 000000000..1cc9a2d91 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#include "newhope_tests.h" +#undef TEST_SUITE + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#include "newhope_tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + char *plugins, *plugindir; + + plugins = lib->settings->get_str(lib->settings, + "tests.load", PLUGINS); + plugindir = lib->settings->get_str(lib->settings, + "tests.plugindir", PLUGINDIR); + plugin_loader_add_plugindirs(plugindir, plugins); + if (!lib->plugins->load(lib->plugins, plugins)) + { + return FALSE; + } + } + else + { + lib->processor->set_threads(lib->processor, 0); + lib->processor->cancel(lib->processor); + lib->plugins->unload(lib->plugins); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("newhope", tests, test_runner_init); +} diff --git a/src/libstrongswan/plugins/newhope/tests/newhope_tests.h b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h new file mode 100644 index 000000000..3f81434e6 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h @@ -0,0 +1,18 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(newhope_ke_suite_create) +TEST_SUITE(newhope_noise_suite_create) +TEST_SUITE(newhope_reconciliation_suite_create) diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c new file mode 100644 index 000000000..33b744fe1 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c @@ -0,0 +1,193 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include + +#include + +#include + +const int count = 1000; + +START_TEST(test_newhope_ke_good) +{ + chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret; + diffie_hellman_t *i_nh, *r_nh; + struct timespec start, stop; + int i; + + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start); + + for (i = 0; i < count; i++) + { + i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(i_nh != NULL); + ck_assert(i_nh->get_dh_group(i_nh) == NH_128_BIT); + + ck_assert(i_nh->get_my_public_value(i_nh, &i_msg)); + ck_assert(i_msg.len = 1824); + + r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(r_nh != NULL); + + ck_assert(r_nh->set_other_public_value(r_nh, i_msg)); + ck_assert(r_nh->get_my_public_value(r_nh, &r_msg)); + ck_assert(r_msg.len == 2048); + + ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret)); + ck_assert(r_shared_secret.len == 32); + + ck_assert(i_nh->set_other_public_value(i_nh, r_msg)); + ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret)); + ck_assert(i_shared_secret.len == 32); + ck_assert(chunk_equals(i_shared_secret, r_shared_secret)); + + /* cleanup */ + chunk_clear(&i_shared_secret); + chunk_clear(&r_shared_secret); + chunk_free(&i_msg); + chunk_free(&r_msg); + i_nh->destroy(i_nh); + r_nh->destroy(r_nh); + } + + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop); + + DBG0(DBG_LIB, "%d Newhope DH loops in %d ms\n", count, + (stop.tv_nsec - start.tv_nsec) / 1000000 + + (stop.tv_sec - start.tv_sec) * 1000); +} +END_TEST + +START_TEST(test_newhope_ke_wrong) +{ + chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret; + diffie_hellman_t *i_nh, *r_nh; + + i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(i_nh != NULL); + ck_assert(i_nh->get_my_public_value(i_nh, &i_msg)); + + r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(r_nh != NULL); + ck_assert(r_nh->set_other_public_value(r_nh, i_msg)); + ck_assert(r_nh->get_my_public_value(r_nh, &r_msg)); + + /* destroy 1st instance of i_nh */ + i_nh->destroy(i_nh); + chunk_free(&i_msg); + + /* create 2nd instance of i_nh */ + i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(i_nh != NULL); + ck_assert(i_nh->get_my_public_value(i_nh, &i_msg)); + ck_assert(i_nh->set_other_public_value(i_nh, r_msg)); + + ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret)); + ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret)); + ck_assert(!chunk_equals(i_shared_secret, r_shared_secret)); + + /* cleanup */ + chunk_clear(&i_shared_secret); + chunk_clear(&r_shared_secret); + chunk_free(&i_msg); + chunk_free(&r_msg); + i_nh->destroy(i_nh); + r_nh->destroy(r_nh); +} +END_TEST + +START_TEST(test_newhope_ke_fail_i) +{ + diffie_hellman_t *i_nh; + char buf_ff[2048]; + int i; + + chunk_t i_msg; + + chunk_t r_msg[] = { + chunk_empty, + chunk_from_chars(0x00), + chunk_create(buf_ff, 2047), + chunk_create(buf_ff, 2048), + }; + + memset(buf_ff, 0xff, sizeof(buf_ff)); + + for (i = 0; i < countof(r_msg); i++) + { + i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(i_nh != NULL); + ck_assert(i_nh->get_my_public_value(i_nh, &i_msg)); + ck_assert(!i_nh->set_other_public_value(i_nh, r_msg[i])); + chunk_free(&i_msg); + i_nh->destroy(i_nh); + } +} +END_TEST + +START_TEST(test_newhope_ke_fail_r) +{ + diffie_hellman_t *r_nh; + char buf_ff[1824]; + int i; + + chunk_t i_msg[] = { + chunk_empty, + chunk_from_chars(0x00), + chunk_create(buf_ff, 1823), + chunk_create(buf_ff, 1824), + }; + + memset(buf_ff, 0xff, sizeof(buf_ff)); + + for (i = 0; i < countof(i_msg); i++) + { + r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT); + ck_assert(r_nh != NULL); + ck_assert(!r_nh->set_other_public_value(r_nh, i_msg[i])); + r_nh->destroy(r_nh); + } +} +END_TEST + +Suite *newhope_ke_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("newhope_ke"); + + tc = tcase_create("ke_good"); + test_case_set_timeout(tc, 30); + tcase_add_test(tc, test_newhope_ke_good); + suite_add_tcase(s, tc); + + tc = tcase_create("ke_wrong"); + tcase_add_test(tc, test_newhope_ke_wrong); + suite_add_tcase(s, tc); + + tc = tcase_create("ke_fail_i"); + tcase_add_test(tc, test_newhope_ke_fail_i); + suite_add_tcase(s, tc); + + tc = tcase_create("ke_fail_r"); + tcase_add_test(tc, test_newhope_ke_fail_r); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c new file mode 100644 index 000000000..96dd16787 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c @@ -0,0 +1,676 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include + +#include + +static const uint16_t n = 1024; +static const uint16_t q = 12289; + +static const size_t seed_len = 32; + +typedef struct { + uint8_t key; + uint8_t nonce; + uint8_t uniform[64]; + uint32_t poly[1024]; +} noise_t; + +static noise_t noises[] = { + { 0x00, 0x00, /* polynomial s */ + { 0x9f, 0x07, 0xe7, 0xbe, 0x55, 0x51, 0x38, 0x7a, 0x98, 0xba, + 0x97, 0x7c, 0x73, 0x2d, 0x08, 0x0d, 0xcb, 0x0f, 0x29, 0xa0, + 0x48, 0xe3, 0x65, 0x69, 0x12, 0xc6, 0x53, 0x3e, 0x32, 0xee, + 0x7a, 0xed, 0x29, 0xb7, 0x21, 0x76, 0x9c, 0xe6, 0x4e, 0x43, + 0xd5, 0x71, 0x33, 0xb0, 0x74, 0xd8, 0x39, 0xd5, 0x31, 0xed, + 0x1f, 0x28, 0x51, 0x0a, 0xfb, 0x45, 0xac, 0xe1, 0x0a, 0x1f, + 0x4b, 0x79, 0x4d, 0x6f }, + { 12286, 12288, 12287, 5, 4, 12288, 12286, 12287, 2, 2, + 2, 12288, 2, 12284, 1, 12288, 12288, 12288, 6, 12288, + 0, 4, 1, 12285, 12286, 2, 12284, 12287, 1, 5, + 5, 12286, 12288, 2, 12286, 0, 3, 1, 0, 2, + 0, 0, 4, 12283, 12284, 4, 0, 12288, 3, 12288, + 0, 4, 1, 12288, 12286, 0, 3, 1, 12286, 12287, + 12285, 3, 2, 3, 12286, 0, 6, 6, 12288, 12284, + 0, 12282, 1, 0, 4, 1, 0, 3, 2, 2, + 3, 3, 2, 12288, 3, 1, 12287, 12285, 0, 12288, + 0, 0, 12288, 12287, 12284, 12286, 0, 12288, 4, 4, + 12288, 5, 12286, 2, 12288, 5, 1, 12283, 1, 12288, + 1, 12288, 12287, 12285, 2, 2, 12285, 12284, 0, 12285, + 12287, 0, 1, 0, 2, 12288, 12288, 12287, 0, 4, + 12288, 12285, 12288, 0, 2, 1, 12287, 3, 1, 3, + 5, 12286, 1, 0, 12286, 0, 4, 0, 12288, 1, + 12288, 4, 5, 12283, 12288, 1, 3, 12283, 12286, 5, + 1, 12286, 12287, 12286, 0, 12287, 12285, 1, 0, 0, + 1, 3, 0, 0, 0, 12284, 12286, 2, 4, 12288, + 6, 1, 2, 12288, 1, 12287, 12286, 12284, 12287, 1, + 3, 12284, 0, 0, 6, 12286, 7, 5, 2, 3, + 12285, 12287, 12285, 2, 3, 12283, 2, 12284, 12288, 3, + 12288, 1, 4, 12287, 2, 12288, 12288, 1, 12286, 12284, + 2, 1, 5, 12286, 0, 12288, 0, 0, 0, 12287, + 1, 0, 3, 0, 0, 6, 2, 12283, 1, 3, + 3, 12284, 3, 1, 12286, 2, 12288, 0, 6, 1, + 1, 12285, 12287, 12288, 4, 2, 12288, 3, 12286, 12288, + 12287, 3, 3, 2, 7, 4, 12287, 12286, 12287, 2, + 2, 12287, 1, 12288, 1, 12287, 12283, 12287, 12288, 1, + 12283, 0, 12286, 12288, 4, 12287, 12286, 12286, 2, 2, + 12287, 5, 12288, 4, 0, 12287, 1, 3, 12286, 2, + 1, 1, 12288, 12287, 5, 12288, 0, 0, 1, 0, + 12286, 6, 2, 1, 2, 5, 12286, 6, 12286, 12288, + 0, 12286, 3, 12283, 12288, 12284, 0, 7, 2, 6, + 1, 12288, 12285, 12284, 1, 0, 0, 2, 12288, 12288, + 12288, 3, 3, 1, 3, 12286, 4, 3, 12284, 4, + 1, 12287, 12287, 12285, 0, 12287, 12287, 12287, 12286, 12288, + 1, 12287, 1, 0, 12288, 2, 0, 4, 0, 12287, + 12285, 12285, 5, 3, 12282, 0, 12287, 5, 12287, 1, + 12283, 12288, 12288, 3, 1, 1, 3, 12288, 12283, 5, + 12288, 12288, 5, 5, 1, 12286, 12286, 12288, 1, 2, + 1, 3, 12287, 12288, 12284, 12287, 1, 12287, 0, 12286, + 12285, 1, 12287, 12282, 12286, 12287, 0, 12285, 4, 2, + 1, 12282, 0, 1, 12288, 12285, 12284, 12286, 12286, 12287, + 12288, 1, 12288, 4, 12287, 4, 12287, 12287, 0, 1, + 12287, 3, 1, 12286, 12286, 4, 6, 12288, 1, 12285, + 12286, 12287, 0, 12287, 12287, 1, 12286, 5, 0, 2, + 12283, 12284, 1, 12286, 0, 12287, 12286, 12288, 1, 4, + 4, 12283, 2, 6, 1, 12288, 12286, 2, 7, 2, + 1, 12288, 5, 12284, 12288, 12288, 1, 7, 3, 12283, + 1, 12286, 2, 12288, 12287, 1, 12286, 1, 12286, 12288, + 12287, 3, 2, 2, 0, 12284, 12287, 1, 1, 12284, + 12286, 1, 2, 1, 0, 12285, 1, 0, 1, 2, + 2, 4, 12288, 1, 12288, 5, 0, 12287, 12288, 2, + 0, 12288, 12287, 0, 12288, 12288, 0, 0, 12285, 4, + 2, 12288, 0, 2, 0, 12288, 1, 3, 12287, 12288, + 12288, 12288, 12286, 0, 12285, 12286, 12287, 3, 0, 12286, + 2, 1, 12285, 2, 12288, 0, 5, 0, 1, 12288, + 12288, 4, 3, 3, 12286, 2, 12288, 4, 12288, 6, + 2, 12286, 4, 12287, 2, 12287, 0, 12284, 12288, 0, + 12286, 12288, 3, 4, 12286, 12288, 1, 3, 12286, 3, + 4, 1, 1, 6, 3, 1, 1, 0, 12288, 4, + 0, 12288, 0, 0, 0, 12288, 2, 4, 2, 12287, + 0, 0, 3, 2, 3, 4, 0, 3, 2, 12288, + 2, 4, 6, 12286, 12284, 12287, 1, 0, 0, 4, + 1, 3, 12282, 1, 2, 2, 0, 3, 12282, 2, + 12287, 2, 12288, 4, 12288, 3, 3, 12283, 12288, 12288, + 12286, 12287, 5, 4, 3, 3, 12288, 12284, 2, 2, + 0, 12288, 1, 3, 3, 4, 12284, 12288, 0, 1, + 12284, 0, 12286, 12287, 0, 0, 12287, 0, 1, 6, + 12288, 1, 12284, 12287, 12282, 12288, 4, 12287, 1, 12286, + 1, 12286, 12286, 1, 4, 0, 12288, 1, 12288, 1, + 12285, 3, 1, 0, 1, 0, 12288, 12287, 2, 2, + 0, 12288, 3, 12284, 2, 12288, 12288, 12288, 12287, 3, + 3, 0, 12286, 12286, 1, 2, 12286, 12287, 0, 1, + 12288, 12287, 12287, 12288, 12288, 1, 9, 1, 12288, 12287, + 2, 1, 1, 0, 12287, 12287, 2, 2, 12288, 12285, + 1, 12287, 4, 0, 2, 1, 1, 3, 12284, 12286, + 1, 2, 12288, 12287, 4, 1, 12285, 0, 1, 2, + 12288, 1, 3, 0, 12286, 0, 12288, 12286, 12287, 12286, + 1, 12284, 1, 2, 2, 12288, 0, 12288, 1, 12284, + 2, 3, 12287, 1, 12285, 12288, 0, 1, 12284, 2, + 12288, 12286, 12286, 3, 12288, 12282, 3, 12287, 12288, 12287, + 4, 12287, 1, 2, 9, 12283, 12286, 12286, 0, 4, + 12288, 12288, 4, 0, 1, 1, 2, 12284, 1, 1, + 0, 12288, 1, 0, 12287, 1, 1, 5, 2, 1, + 12288, 3, 12287, 5, 4, 1, 4, 12287, 12285, 3, + 12286, 1, 3, 0, 12287, 0, 12286, 12287, 12287, 12287, + 3, 2, 12286, 12284, 2, 12288, 1, 1, 12288, 3, + 1, 3, 12284, 3, 12282, 12288, 3, 0, 2, 12288, + 0, 5, 0, 2, 0, 12281, 12285, 4, 3, 4, + 2, 12284, 0, 0, 2, 2, 12287, 12284, 2, 12286, + 1, 12288, 1, 12286, 12286, 12287, 4, 0, 6, 3, + 0, 3, 12288, 12288, 12288, 12287, 3, 1, 1, 1, + 2, 12287, 12284, 3, 12286, 12280, 3, 12284, 12287, 12288, + 5, 12288, 12284, 2, 12285, 4, 3, 12286, 6, 2, + 1, 12287, 0, 1, 2, 12286, 1, 0, 12287, 0, + 1, 1, 12286, 2, 12285, 0, 1, 12288, 0, 1, + 12288, 1, 12288, 12287, 12287, 12285, 12282, 12288, 2, 12288, + 2, 12284, 1, 12284, 12287, 12286, 12288, 0, 12288, 1, + 12283, 12286, 5, 3, 0, 12286, 12286, 3, 1, 0, + 1, 12288, 12288, 4, 1, 12286, 12287, 12285, 2, 0, + 2, 12287, 1, 12285, 12288, 12286, 12288, 2, 2, 12285, + 3, 12286, 12285, 12287 } + }, + { 0x00, 0x01, /* polynomial e */ + { 0x46, 0xf0, 0xf6, 0xef, 0xee, 0x15, 0xc8, 0xf1, 0xb1, 0x98, + 0xcb, 0x49, 0xd9, 0x2b, 0x99, 0x08, 0x67, 0x90, 0x51, 0x59, + 0x44, 0x0c, 0xc7, 0x23, 0x91, 0x6d, 0xc0, 0x01, 0x28, 0x26, + 0x98, 0x10, 0x39, 0xce, 0x17, 0x66, 0xaa, 0x25, 0x42, 0xb0, + 0x5d, 0xb3, 0xbd, 0x80, 0x9a, 0xb1, 0x42, 0x48, 0x9d, 0x5d, + 0xbf, 0xe1, 0x27, 0x3e, 0x73, 0x99, 0x63, 0x7b, 0x4b, 0x32, + 0x13, 0x76, 0x8a, 0xaa }, + { 12283, 1, 12288, 4, 0, 12285, 5, 1, 1, 2, + 3, 4, 12288, 0, 3, 1, 1, 0, 12286, 6, + 1, 0, 1, 0, 4, 2, 12288, 3, 0, 5, + 1, 5, 2, 12285, 4, 12288, 3, 2, 12288, 2, + 12288, 12285, 12287, 6, 12282, 1, 12286, 7, 12287, 4, + 2, 2, 12288, 12285, 0, 2, 0, 12288, 1, 12287, + 12287, 2, 1, 2, 1, 12285, 12288, 12286, 1, 2, + 12287, 12288, 12288, 1, 0, 12287, 0, 4, 2, 6, + 12287, 12285, 12283, 12285, 5, 12283, 12286, 1, 12283, 2, + 3, 12286, 12285, 2, 5, 12286, 3, 0, 3, 12286, + 5, 12285, 12287, 12288, 1, 5, 3, 5, 1, 1, + 1, 12288, 5, 0, 12288, 3, 2, 12288, 12285, 12288, + 5, 6, 0, 2, 1, 12287, 12288, 12287, 3, 12284, + 2, 0, 3, 0, 0, 12288, 0, 2, 2, 2, + 0, 1, 2, 2, 0, 0, 12287, 12285, 0, 4, + 1, 12283, 3, 5, 12288, 12286, 12287, 6, 2, 0, + 0, 12287, 2, 2, 12288, 0, 2, 12288, 12287, 12288, + 12288, 1, 12288, 1, 12288, 2, 4, 2, 1, 1, + 0, 12287, 3, 2, 6, 2, 1, 12288, 12285, 6, + 0, 1, 12284, 12287, 12287, 12286, 5, 4, 0, 5, + 12287, 12286, 12288, 12286, 0, 3, 1, 12287, 12287, 12288, + 12288, 12286, 1, 0, 3, 12287, 3, 1, 12283, 1, + 12288, 5, 1, 4, 12286, 12287, 2, 0, 0, 0, + 12281, 12286, 0, 8, 5, 0, 4, 0, 12287, 5, + 1, 3, 2, 12286, 12286, 12288, 12285, 12285, 12287, 0, + 12284, 12287, 1, 0, 2, 1, 12286, 12288, 2, 12285, + 0, 0, 0, 1, 0, 6, 1, 12288, 12287, 12287, + 0, 3, 12288, 12288, 12287, 0, 12287, 1, 3, 0, + 0, 12286, 12286, 4, 4, 12287, 1, 3, 4, 12287, + 12284, 2, 12288, 12286, 12283, 12285, 1, 3, 1, 12288, + 0, 3, 3, 12284, 12285, 5, 3, 12288, 3, 4, + 3, 1, 12288, 0, 12288, 1, 0, 0, 3, 0, + 3, 2, 12287, 12288, 0, 12288, 0, 2, 12285, 4, + 0, 12287, 12287, 1, 1, 1, 12287, 12285, 4, 12282, + 3, 1, 1, 12288, 2, 4, 12285, 12286, 3, 1, + 0, 12287, 12283, 12285, 2, 5, 1, 1, 12288, 12288, + 0, 8, 3, 12287, 12285, 12287, 12286, 12284, 1, 12286, + 1, 12288, 2, 3, 12288, 12288, 2, 12288, 12284, 12285, + 0, 3, 12288, 12288, 2, 3, 7, 12287, 3, 3, + 3, 12284, 0, 0, 1, 12283, 5, 0, 1, 12288, + 3, 12286, 12287, 12286, 0, 0, 12287, 12283, 4, 12283, + 0, 0, 3, 12285, 5, 12286, 12282, 12288, 1, 12287, + 12288, 1, 5, 2, 12287, 2, 12288, 7, 12288, 3, + 5, 1, 0, 12287, 1, 12287, 3, 2, 4, 2, + 12287, 12286, 12288, 2, 5, 1, 12286, 4, 0, 2, + 6, 12286, 2, 12286, 3, 12288, 5, 12285, 0, 2, + 12287, 5, 12286, 12284, 7, 12285, 12286, 12284, 12287, 1, + 12288, 12284, 12286, 2, 4, 2, 2, 12283, 12286, 2, + 2, 12283, 1, 12286, 1, 0, 12284, 3, 0, 4, + 1, 0, 4, 12288, 0, 12287, 12287, 12287, 12286, 12284, + 12288, 3, 1, 12285, 0, 3, 8, 4, 2, 12288, + 3, 12287, 12287, 2, 3, 12288, 12286, 2, 12286, 12288, + 0, 1, 12287, 12285, 0, 12285, 12288, 12287, 1, 12287, + 0, 12284, 0, 1, 1, 12285, 0, 0, 0, 12287, + 12287, 3, 0, 4, 12288, 1, 12288, 12285, 12283, 0, + 12286, 12286, 12285, 12285, 12287, 1, 0, 2, 3, 1, + 2, 12286, 12288, 3, 12286, 12288, 12288, 6, 2, 2, + 0, 12288, 2, 5, 12288, 0, 12284, 12282, 12286, 1, + 12288, 12288, 12286, 12288, 3, 12286, 2, 0, 12283, 0, + 4, 2, 12288, 0, 12286, 0, 4, 3, 12286, 12287, + 4, 12288, 3, 2, 12283, 1, 1, 1, 3, 12286, + 4, 0, 12288, 12285, 12287, 0, 0, 12286, 4, 0, + 12286, 2, 12288, 12288, 12285, 12283, 5, 3, 12286, 12288, + 4, 1, 12283, 0, 12288, 0, 12287, 12287, 0, 3, + 12287, 12287, 2, 2, 3, 0, 1, 4, 12288, 3, + 3, 0, 12284, 12285, 4, 12288, 1, 12287, 0, 1, + 12283, 1, 12284, 12287, 12286, 12285, 0, 0, 3, 12285, + 3, 1, 12288, 12287, 12284, 12282, 5, 3, 3, 2, + 12285, 4, 12288, 0, 3, 12288, 4, 0, 12283, 12288, + 2, 12285, 12288, 12282, 0, 2, 12285, 3, 1, 12284, + 1, 5, 7, 12286, 5, 12285, 1, 2, 0, 4, + 12283, 12287, 12286, 2, 12280, 12287, 12288, 2, 12285, 12286, + 2, 1, 2, 1, 2, 2, 3, 3, 0, 0, + 4, 2, 12288, 12286, 4, 0, 1, 12288, 2, 12287, + 12288, 12288, 1, 3, 12283, 12288, 1, 12287, 1, 1, + 3, 12288, 12288, 1, 2, 1, 1, 12283, 7, 12286, + 12288, 1, 12288, 12287, 12284, 7, 2, 12285, 12286, 0, + 0, 0, 2, 4, 12288, 0, 12284, 12285, 12286, 2, + 12284, 2, 4, 6, 3, 12287, 12288, 12285, 1, 2, + 12286, 0, 0, 12287, 12288, 0, 12286, 2, 1, 1, + 1, 3, 1, 12285, 4, 0, 12287, 12288, 12287, 0, + 12288, 12287, 12288, 12287, 12288, 12288, 0, 12287, 12284, 0, + 12288, 12285, 3, 2, 4, 2, 12284, 3, 1, 3, + 4, 12288, 12285, 12284, 12287, 1, 4, 0, 2, 12288, + 4, 12288, 12287, 3, 1, 0, 0, 12284, 12287, 2, + 4, 12287, 2, 12288, 0, 2, 2, 3, 12287, 12286, + 8, 12286, 12285, 0, 12285, 2, 3, 5, 12287, 12288, + 6, 12288, 12284, 0, 0, 3, 1, 2, 12284, 2, + 1, 3, 2, 0, 0, 12288, 12287, 12288, 1, 12288, + 4, 3, 12284, 1, 3, 12288, 12283, 12288, 1, 1, + 2, 1, 1, 3, 1, 12288, 0, 12288, 2, 0, + 0, 12284, 12283, 3, 12288, 0, 2, 12287, 0, 0, + 12286, 12286, 0, 0, 2, 4, 12288, 1, 2, 3, + 2, 12286, 12286, 1, 2, 4, 12288, 12288, 12284, 12287, + 6, 2, 12288, 12286, 0, 0, 3, 12286, 12288, 12287, + 12286, 12287, 3, 1, 12286, 0, 4, 3, 12286, 5, + 2, 1, 12287, 12286, 4, 12287, 0, 5, 12288, 0, + 12288, 2, 2, 1, 1, 0, 0, 12288, 12288, 12288, + 0, 0, 12288, 12287, 5, 1, 12288, 1, 10, 1, + 0, 0, 2, 2, 2, 0, 12288, 4, 2, 12283, + 3, 1, 1, 12285, 2, 12285, 5, 7, 5, 12288, + 0, 12287, 5, 1, 12288, 12286, 12287, 0, 0, 0, + 12287, 1, 3, 12288 } + }, + { 0x01, 0x00, /* polynomial s' */ + { 0x3a, 0xeb, 0x52, 0x24, 0xec, 0xf8, 0x49, 0x92, 0x9b, 0x9d, + 0x82, 0x8d, 0xb1, 0xce, 0xd4, 0xdd, 0x83, 0x20, 0x25, 0xe8, + 0x01, 0x8b, 0x81, 0x60, 0xb8, 0x22, 0x84, 0xf3, 0xc9, 0x49, + 0xaa, 0x5a, 0x8e, 0xca, 0x00, 0xbb, 0xb4, 0xa7, 0x3b, 0xda, + 0xd1, 0x92, 0xb5, 0xc4, 0x2f, 0x73, 0xf2, 0xfd, 0x4e, 0x27, + 0x36, 0x44, 0xc8, 0xb3, 0x61, 0x25, 0xa6, 0x4a, 0xdd, 0xeb, + 0x00, 0x6c, 0x13, 0xa0 }, + { 5, 4, 4, 12288, 12286, 1, 12287, 12288, 2, 12288, + 12288, 12287, 2, 2, 12284, 12288, 12288, 3, 2, 3, + 12287, 2, 2, 0, 0, 2, 5, 12285, 5, 12287, + 2, 12282, 12286, 2, 1, 2, 1, 1, 12288, 12285, + 12287, 12286, 2, 0, 0, 12285, 0, 0, 12287, 12286, + 12285, 12286, 2, 12288, 12288, 0, 1, 2, 12286, 2, + 1, 0, 0, 2, 1, 12288, 1, 12287, 1, 0, + 0, 2, 12285, 2, 2, 12288, 12286, 3, 12287, 0, + 1, 1, 0, 2, 12287, 2, 1, 2, 3, 0, + 0, 1, 12288, 12288, 2, 12287, 12286, 12286, 6, 12288, + 0, 0, 4, 0, 12286, 0, 4, 12288, 12288, 5, + 12287, 12288, 12285, 2, 12285, 12288, 1, 0, 2, 12288, + 12286, 1, 3, 12285, 2, 2, 1, 1, 12288, 12288, + 12287, 1, 12288, 3, 0, 12285, 4, 12285, 12287, 2, + 2, 12287, 12287, 12286, 12288, 12284, 2, 12286, 4, 1, + 0, 12286, 12284, 3, 12286, 3, 12286, 3, 4, 1, + 12288, 12282, 2, 2, 12284, 0, 12286, 12283, 3, 0, + 4, 2, 4, 2, 12285, 10, 12288, 8, 3, 2, + 2, 0, 1, 0, 0, 12286, 2, 12284, 4, 1, + 12287, 12287, 1, 1, 12286, 1, 0, 12285, 12288, 12286, + 12287, 2, 1, 12284, 12288, 12285, 12285, 3, 0, 1, + 4, 4, 1, 0, 2, 1, 12288, 1, 12287, 0, + 12286, 4, 2, 3, 3, 12285, 12288, 12288, 5, 2, + 0, 4, 3, 12287, 12287, 5, 2, 3, 12284, 0, + 8, 1, 1, 0, 5, 12288, 12288, 12288, 12286, 6, + 3, 12288, 12286, 12287, 4, 12288, 2, 12288, 12284, 12287, + 4, 12288, 0, 0, 3, 0, 4, 4, 12287, 0, + 3, 0, 12285, 12287, 12288, 12288, 0, 0, 12287, 12288, + 12286, 0, 0, 12285, 12288, 4, 12287, 1, 2, 12288, + 12285, 5, 4, 12283, 2, 0, 12288, 2, 0, 0, + 12286, 12284, 3, 3, 3, 12287, 1, 1, 0, 1, + 3, 12288, 4, 4, 0, 2, 0, 1, 12286, 12284, + 2, 2, 12287, 3, 2, 12288, 3, 12286, 2, 12286, + 12288, 4, 3, 12288, 2, 12288, 2, 1, 12288, 12288, + 7, 12288, 12288, 0, 12288, 1, 12284, 12288, 12288, 12287, + 12287, 1, 12285, 12287, 12287, 1, 0, 2, 12286, 3, + 12288, 12288, 12287, 3, 5, 0, 0, 12287, 2, 12287, + 12288, 8, 12287, 1, 2, 12288, 12284, 3, 0, 12287, + 12284, 3, 0, 2, 1, 3, 4, 12287, 12286, 12288, + 12286, 0, 0, 12287, 12285, 0, 12286, 2, 1, 12287, + 12288, 5, 12287, 12287, 12286, 2, 12283, 0, 0, 12286, + 2, 12284, 5, 0, 1, 12287, 0, 3, 1, 12285, + 12288, 0, 3, 12287, 2, 12286, 0, 1, 12288, 1, + 12284, 12281, 12284, 12288, 12285, 2, 5, 4, 12286, 0, + 12287, 12288, 12286, 12285, 3, 12282, 1, 12287, 2, 0, + 6, 12288, 4, 12286, 3, 12288, 12286, 12284, 3, 1, + 6, 3, 2, 1, 2, 1, 1, 12288, 12287, 1, + 3, 3, 1, 0, 0, 12288, 3, 12284, 12285, 12284, + 1, 3, 12286, 0, 1, 12285, 12287, 1, 12285, 2, + 0, 1, 12287, 1, 4, 3, 1, 12287, 0, 5, + 1, 12288, 2, 1, 1, 4, 3, 12286, 3, 3, + 2, 12287, 3, 12286, 0, 12288, 12285, 2, 3, 12286, + 0, 12287, 5, 4, 1, 1, 12287, 12288, 2, 0, + 0, 0, 2, 0, 12286, 4, 12288, 12288, 12285, 12286, + 2, 12288, 12288, 0, 12288, 12286, 12284, 12287, 1, 5, + 0, 12285, 12287, 2, 4, 3, 12285, 12287, 12288, 0, + 12288, 12287, 12286, 2, 12288, 12286, 12284, 1, 2, 12287, + 4, 1, 4, 4, 12284, 2, 0, 12288, 3, 1, + 0, 4, 1, 6, 0, 12286, 12288, 12287, 12287, 0, + 12284, 12285, 2, 12286, 1, 0, 3, 12288, 1, 2, + 12284, 12286, 12285, 12283, 12285, 0, 12285, 2, 0, 2, + 1, 3, 1, 12286, 12288, 1, 4, 0, 0, 12287, + 12287, 12286, 0, 1, 12286, 0, 2, 12288, 2, 12287, + 0, 0, 12286, 12287, 4, 6, 12286, 0, 12288, 0, + 0, 12287, 2, 3, 4, 1, 3, 12286, 4, 0, + 12288, 12286, 12287, 12287, 12288, 4, 12285, 1, 12286, 12286, + 2, 12288, 0, 0, 1, 5, 12285, 1, 12281, 3, + 12281, 2, 3, 0, 12284, 12288, 5, 0, 0, 12288, + 0, 0, 12288, 12286, 3, 12287, 0, 2, 12288, 0, + 3, 12288, 12286, 0, 12286, 12287, 12284, 0, 12286, 1, + 12287, 12282, 12287, 12288, 0, 5, 12288, 2, 1, 12288, + 1, 12285, 5, 2, 12286, 12285, 12287, 0, 2, 12288, + 1, 12288, 1, 12286, 0, 2, 12287, 12287, 6, 12286, + 12288, 0, 12286, 4, 6, 12287, 12287, 2, 2, 12285, + 1, 12288, 12285, 12286, 5, 12288, 1, 2, 1, 7, + 12286, 5, 12288, 12287, 12286, 12284, 1, 2, 12287, 4, + 1, 1, 0, 1, 2, 12285, 2, 12288, 12284, 1, + 1, 12287, 12286, 12285, 12287, 1, 12287, 3, 1, 12286, + 0, 12286, 3, 3, 12288, 2, 12288, 5, 12288, 1, + 2, 0, 12287, 1, 12287, 7, 2, 3, 0, 12287, + 2, 12284, 12284, 12281, 12286, 12285, 12287, 12287, 0, 12288, + 3, 4, 3, 2, 3, 1, 12288, 12286, 0, 12288, + 12286, 1, 12286, 6, 12287, 1, 6, 5, 3, 1, + 12286, 2, 1, 3, 1, 12286, 12285, 3, 2, 0, + 0, 12284, 1, 1, 3, 3, 1, 1, 12288, 0, + 12284, 1, 12288, 0, 0, 12287, 0, 4, 12285, 0, + 4, 12283, 1, 1, 0, 12285, 0, 12286, 0, 0, + 1, 0, 12286, 0, 12288, 3, 4, 0, 2, 1, + 12287, 2, 12288, 1, 0, 12288, 0, 12288, 6, 12288, + 12287, 12286, 3, 12284, 0, 12288, 12284, 12286, 12287, 12288, + 12288, 12288, 4, 0, 2, 6, 12286, 1, 4, 12288, + 2, 1, 0, 5, 2, 1, 12285, 0, 0, 12285, + 4, 12286, 5, 1, 3, 2, 12287, 2, 0, 2, + 7, 12283, 12288, 12288, 3, 0, 3, 12288, 3, 12286, + 12288, 12287, 12288, 3, 0, 2, 4, 1, 12284, 2, + 12288, 12286, 12287, 1, 1, 12288, 0, 12288, 12283, 6, + 2, 1, 12288, 3, 12287, 12288, 1, 1, 12285, 0, + 12286, 12287, 12288, 1, 2, 12287, 0, 4, 0, 12286, + 2, 1, 12288, 12285, 12287, 0, 2, 12287, 6, 2, + 0, 12287, 12288, 2, 12288, 12284, 12288, 12285, 4, 1, + 12288, 12284, 12287, 4, 12284, 1, 3, 12284, 12282, 0, + 12286, 12287, 2, 12286, 3, 4, 2, 12288, 3, 3, + 1, 3, 12287, 12283 } + }, + { 0x01, 0x01, /* polynomial e' */ + { 0x58, 0xd8, 0x6a, 0xcd, 0xe2, 0x79, 0x61, 0x98, 0xfd, 0xea, + 0xcf, 0x2a, 0xc0, 0xfd, 0xf0, 0x72, 0x86, 0x32, 0xdc, 0xe9, + 0xc6, 0x45, 0x81, 0x80, 0x67, 0x06, 0x72, 0x28, 0xa6, 0xfe, + 0x41, 0x2b, 0x78, 0x88, 0x58, 0x6d, 0x58, 0x47, 0x3e, 0xb7, + 0x46, 0x60, 0xd8, 0x2f, 0xa0, 0x83, 0xe4, 0xbc, 0x81, 0xdd, + 0xc6, 0x29, 0x8b, 0xee, 0xf9, 0xec, 0x90, 0x39, 0x9d, 0x46, + 0xbf, 0x2d, 0x7c, 0xdf }, + { 12287, 3, 3, 1, 12285, 4, 1, 5, 12287, 12285, + 12285, 12285, 1, 12288, 12287, 12288, 2, 3, 12283, 12288, + 12285, 0, 0, 12286, 12287, 12288, 12288, 12288, 12288, 1, + 12288, 2, 2, 5, 5, 0, 12287, 12286, 3, 3, + 2, 2, 1, 0, 2, 12287, 12285, 3, 1, 3, + 5, 2, 12287, 12287, 2, 0, 4, 2, 0, 0, + 1, 5, 12288, 6, 4, 12287, 1, 0, 12283, 0, + 1, 12286, 2, 0, 2, 1, 12284, 12282, 0, 6, + 1, 2, 5, 12288, 6, 12288, 12284, 2, 1, 2, + 12288, 12283, 12288, 3, 12288, 12288, 2, 12286, 12283, 1, + 12285, 0, 0, 12286, 12288, 12286, 12288, 12286, 4, 0, + 1, 12285, 3, 1, 2, 12285, 12287, 12284, 12287, 12285, + 12286, 1, 12288, 3, 5, 5, 3, 12285, 12286, 12288, + 0, 1, 12287, 12284, 2, 4, 12288, 12287, 0, 12288, + 12288, 12285, 12288, 12284, 3, 0, 2, 0, 2, 0, + 1, 1, 1, 12287, 1, 12284, 12285, 0, 12284, 1, + 12284, 2, 12288, 5, 4, 1, 1, 12284, 1, 3, + 2, 6, 3, 2, 3, 12284, 0, 0, 4, 2, + 6, 2, 2, 2, 6, 12288, 0, 1, 12286, 1, + 5, 1, 12283, 2, 0, 12284, 1, 12286, 4, 1, + 2, 4, 6, 12288, 12288, 12284, 1, 0, 3, 12286, + 1, 0, 3, 12288, 12287, 2, 2, 0, 12285, 12286, + 0, 12288, 4, 2, 12282, 12287, 1, 12288, 12287, 12286, + 12284, 1, 4, 2, 7, 12288, 12283, 12288, 5, 12288, + 12288, 12287, 3, 2, 12287, 5, 12287, 12286, 12288, 12287, + 0, 12282, 12288, 12288, 0, 3, 12287, 2, 12287, 12284, + 6, 12285, 2, 3, 3, 12284, 2, 4, 12286, 5, + 0, 2, 12287, 3, 0, 12284, 12286, 0, 2, 12286, + 12287, 3, 1, 4, 1, 12286, 12288, 1, 2, 0, + 12285, 12287, 2, 0, 0, 0, 3, 12286, 12287, 2, + 0, 0, 0, 12286, 4, 1, 12287, 0, 0, 2, + 5, 0, 12284, 1, 1, 12288, 2, 12286, 12288, 2, + 2, 12282, 1, 12286, 4, 12286, 3, 12287, 12287, 12286, + 5, 5, 0, 12288, 3, 12285, 1, 12287, 7, 12286, + 2, 12287, 1, 12285, 2, 12287, 12288, 0, 4, 12281, + 0, 12286, 3, 1, 12285, 2, 2, 12285, 5, 0, + 12285, 2, 12288, 1, 3, 12287, 1, 12288, 1, 5, + 12287, 1, 0, 3, 2, 12286, 12286, 12288, 3, 0, + 12287, 12288, 0, 12286, 12285, 0, 12286, 12288, 3, 12287, + 12288, 2, 6, 0, 2, 12285, 1, 1, 7, 7, + 12284, 12284, 5, 0, 12288, 12288, 4, 3, 1, 2, + 12287, 0, 12288, 12284, 2, 5, 1, 2, 0, 12288, + 1, 12284, 2, 3, 0, 12287, 12285, 2, 12288, 12288, + 7, 1, 12287, 1, 12286, 2, 3, 4, 12288, 12288, + 12286, 12286, 3, 12288, 1, 12286, 12286, 0, 12283, 12288, + 2, 0, 7, 2, 12287, 0, 0, 12286, 4, 1, + 12288, 12288, 1, 2, 12287, 12282, 3, 5, 0, 12288, + 12288, 12286, 12286, 12286, 4, 2, 0, 1, 12284, 3, + 12283, 5, 12287, 2, 2, 12288, 1, 12284, 1, 0, + 1, 3, 12288, 2, 12287, 1, 12286, 12288, 0, 12287, + 12288, 2, 2, 12286, 0, 12287, 12288, 12284, 0, 2, + 2, 2, 1, 3, 12285, 12285, 1, 12285, 2, 6, + 2, 0, 12288, 0, 0, 3, 2, 12287, 1, 12286, + 0, 12287, 0, 1, 12285, 12287, 6, 12288, 2, 0, + 12286, 2, 4, 12288, 2, 5, 12285, 12286, 0, 12284, + 12288, 3, 3, 3, 12287, 4, 2, 0, 12283, 2, + 12287, 0, 1, 12287, 2, 12288, 12287, 3, 2, 7, + 7, 1, 12287, 12288, 2, 6, 1, 3, 2, 0, + 2, 2, 3, 12288, 3, 4, 2, 0, 5, 12285, + 3, 12285, 3, 12285, 1, 1, 12287, 12285, 2, 12285, + 5, 0, 7, 2, 12284, 0, 12285, 7, 1, 12288, + 12288, 0, 12288, 12287, 5, 0, 2, 0, 2, 12286, + 1, 12286, 0, 12286, 12285, 4, 12286, 2, 12288, 12287, + 12287, 1, 12286, 12287, 12287, 12286, 12287, 12288, 6, 5, + 2, 5, 12283, 12286, 12286, 12288, 1, 0, 3, 12286, + 5, 0, 12287, 12288, 12288, 12287, 12286, 2, 1, 0, + 1, 2, 3, 1, 12286, 2, 1, 6, 12288, 1, + 12286, 1, 12288, 0, 1, 0, 12283, 0, 2, 12288, + 3, 1, 12287, 12288, 4, 0, 3, 12286, 0, 1, + 12283, 4, 1, 4, 12287, 5, 0, 12287, 12288, 3, + 3, 12282, 1, 4, 2, 3, 0, 2, 6, 12282, + 12285, 12288, 12287, 12288, 2, 12285, 1, 0, 12287, 12288, + 12286, 0, 0, 4, 12288, 12287, 1, 0, 2, 5, + 2, 12287, 1, 7, 12284, 0, 12287, 12286, 2, 1, + 12287, 0, 1, 12284, 12287, 12287, 12285, 12285, 3, 12282, + 12286, 1, 1, 12288, 12282, 12287, 1, 1, 2, 2, + 3, 1, 12287, 5, 12282, 0, 0, 12287, 1, 3, + 12288, 3, 12285, 12286, 2, 0, 12288, 12288, 5, 12285, + 4, 12288, 12287, 0, 1, 4, 1, 2, 12288, 0, + 2, 1, 12288, 4, 6, 12288, 1, 12287, 4, 1, + 12285, 12288, 3, 0, 12288, 12285, 2, 0, 12286, 2, + 1, 12288, 1, 12288, 12284, 3, 0, 2, 2, 12288, + 12287, 12286, 4, 12288, 2, 0, 0, 3, 4, 0, + 12288, 12282, 6, 2, 12283, 12287, 2, 6, 1, 2, + 12288, 2, 12283, 3, 12287, 3, 4, 0, 0, 12285, + 0, 12288, 12287, 12284, 12286, 3, 1, 12286, 2, 0, + 12287, 12286, 12286, 12288, 5, 2, 12288, 12286, 0, 12287, + 0, 3, 2, 12287, 12286, 0, 1, 12287, 2, 0, + 12286, 5, 12285, 12288, 12288, 12288, 12286, 4, 1, 12285, + 12284, 12288, 12286, 1, 1, 12287, 2, 12286, 3, 2, + 12283, 12283, 4, 2, 12283, 5, 0, 1, 0, 5, + 12287, 1, 1, 0, 3, 10, 12287, 3, 12288, 12288, + 12287, 2, 2, 0, 4, 12288, 12283, 12288, 1, 12287, + 3, 0, 0, 1, 12288, 12284, 0, 12286, 12287, 0, + 12287, 2, 1, 7, 12288, 12287, 0, 4, 12287, 12286, + 3, 4, 12287, 12288, 12285, 12287, 12288, 12285, 12286, 7, + 1, 1, 12288, 3, 12287, 3, 1, 4, 2, 5, + 12282, 3, 0, 12286, 12288, 0, 12285, 0, 2, 3, + 0, 12286, 3, 2, 12285, 0, 0, 12287, 1, 0, + 0, 6, 2, 12287, 12284, 7, 5, 0, 1, 6, + 2, 4, 1, 12286, 12288, 2, 12287, 3, 4, 12283, + 0, 12288, 2, 2, 12286, 0, 2, 2, 12288, 12285, + 12287, 12285, 12288, 0 } + }, + { 0x01, 0x02, /* polynomial e'' */ + { 0x20, 0x37, 0x77, 0x8a, 0x9c, 0x19, 0xde, 0xf0, 0x65, 0x9e, + 0x0f, 0xa5, 0xfc, 0x0e, 0x78, 0xfe, 0x55, 0x89, 0xc9, 0x88, + 0x41, 0xa2, 0x5a, 0x1e, 0xa4, 0x66, 0xcd, 0x3a, 0x29, 0x42, + 0xd1, 0x25, 0xf2, 0x84, 0xd7, 0xee, 0xd5, 0x53, 0x86, 0x5b, + 0xa3, 0x93, 0x4e, 0xee, 0xc7, 0x5b, 0xe5, 0x52, 0x68, 0x19, + 0xdf, 0x63, 0xfb, 0x91, 0x3d, 0xe9, 0x5d, 0xd6, 0xeb, 0x81, + 0x3d, 0xac, 0xf1, 0xad }, + { 12286, 12286, 1, 12287, 1, 12286, 12287, 12287, 12284, 1, + 12287, 2, 12284, 0, 2, 12288, 0, 1, 0, 12285, + 12288, 4, 2, 12287, 12282, 12288, 12285, 12288, 2, 12288, + 6, 7, 12286, 12286, 1, 4, 12287, 12287, 3, 1, + 3, 3, 2, 12285, 0, 1, 12288, 1, 1, 12287, + 0, 0, 1, 0, 12287, 12283, 12283, 12288, 12287, 0, + 0, 2, 12286, 3, 3, 0, 12286, 12282, 3, 6, + 3, 3, 12285, 1, 1, 12288, 1, 0, 12288, 0, + 12287, 4, 1, 0, 12285, 12288, 1, 1, 1, 3, + 12286, 0, 12288, 0, 12287, 12287, 3, 5, 1, 12287, + 12287, 0, 0, 0, 12283, 0, 0, 12288, 0, 12287, + 12286, 12284, 12286, 0, 12286, 3, 5, 12287, 0, 12287, + 1, 3, 2, 6, 1, 12287, 1, 1, 12285, 4, + 12282, 12288, 12288, 3, 2, 12287, 3, 3, 12288, 12286, + 2, 5, 12288, 12287, 12288, 3, 0, 12283, 3, 3, + 1, 0, 12288, 2, 2, 12287, 12286, 4, 12287, 12288, + 0, 0, 12286, 1, 4, 4, 12286, 12287, 4, 12288, + 2, 1, 1, 12288, 12287, 3, 12287, 12286, 12285, 12288, + 4, 1, 0, 12287, 3, 12286, 12287, 4, 0, 12287, + 12286, 12287, 3, 1, 1, 12285, 12287, 0, 12285, 2, + 5, 2, 12285, 3, 2, 12285, 12287, 2, 0, 12288, + 2, 5, 2, 12283, 1, 1, 0, 12286, 12288, 3, + 1, 12286, 12283, 0, 1, 2, 2, 1, 12287, 12287, + 4, 4, 1, 0, 0, 12288, 12287, 12284, 12284, 7, + 0, 12288, 5, 4, 12288, 12288, 1, 0, 1, 1, + 2, 12288, 12288, 5, 1, 0, 12287, 3, 3, 0, + 1, 12288, 12288, 3, 12285, 12288, 3, 5, 4, 1, + 12285, 12285, 12288, 12285, 12288, 12285, 4, 1, 3, 12285, + 4, 0, 12288, 12286, 5, 12287, 12285, 12288, 4, 12288, + 0, 12287, 12286, 0, 12286, 12283, 0, 12287, 12284, 1, + 12288, 12288, 3, 12286, 1, 2, 12286, 3, 1, 12285, + 12286, 12285, 0, 12285, 12288, 0, 2, 12283, 0, 1, + 2, 1, 2, 3, 3, 12285, 0, 0, 0, 12288, + 12283, 4, 12286, 2, 1, 3, 3, 12284, 2, 4, + 3, 12286, 12282, 12286, 0, 12286, 12287, 3, 12288, 12288, + 2, 12287, 12286, 3, 0, 12286, 1, 1, 0, 12287, + 2, 0, 0, 1, 12286, 1, 0, 12283, 0, 12288, + 2, 5, 12288, 12287, 2, 1, 12288, 2, 2, 5, + 2, 12286, 12286, 2, 12284, 12287, 0, 12284, 0, 12284, + 12286, 12286, 12288, 12287, 12287, 2, 1, 12287, 12287, 1, + 5, 0, 0, 12288, 2, 12285, 6, 2, 12288, 12288, + 12286, 2, 12285, 0, 0, 0, 12288, 3, 12286, 1, + 1, 0, 3, 0, 12286, 12288, 12287, 3, 2, 12287, + 12288, 1, 12288, 12282, 2, 0, 12288, 12286, 12285, 12281, + 4, 1, 7, 12283, 12287, 12288, 1, 6, 0, 12288, + 5, 1, 1, 12286, 12286, 0, 12287, 12285, 12287, 1, + 12288, 12286, 12286, 12288, 2, 12287, 12287, 12288, 12286, 12288, + 12282, 12284, 12286, 0, 12285, 12285, 3, 12288, 12287, 12288, + 2, 0, 2, 0, 12288, 12286, 3, 12288, 12286, 12287, + 1, 1, 1, 0, 5, 5, 12285, 12288, 3, 12286, + 1, 2, 12285, 1, 4, 12288, 1, 4, 1, 3, + 4, 12286, 0, 7, 2, 12288, 2, 12287, 0, 2, + 12283, 12286, 0, 12288, 12286, 4, 1, 12284, 7, 12285, + 0, 12284, 12287, 0, 0, 3, 4, 12284, 0, 1, + 0, 1, 12285, 1, 12286, 12284, 12287, 0, 7, 1, + 4, 12282, 12288, 0, 2, 12285, 12288, 12287, 12287, 12283, + 0, 1, 3, 12285, 12286, 3, 12288, 12288, 12284, 12286, + 12288, 1, 0, 2, 12287, 0, 12286, 4, 12288, 0, + 12284, 0, 0, 2, 12286, 0, 0, 12286, 12287, 1, + 12288, 0, 12284, 1, 12288, 12288, 1, 1, 12282, 12284, + 12288, 12285, 12285, 12288, 1, 12286, 2, 0, 0, 12284, + 2, 12288, 0, 0, 12285, 0, 3, 0, 0, 12285, + 12286, 5, 3, 12287, 5, 2, 12287, 0, 1, 12286, + 12287, 1, 12286, 1, 12288, 0, 0, 12282, 5, 12282, + 12287, 12288, 12287, 1, 0, 3, 4, 6, 1, 1, + 12287, 12284, 12286, 12287, 12286, 2, 1, 12288, 3, 0, + 3, 0, 12286, 1, 0, 12288, 1, 12284, 4, 0, + 4, 12288, 1, 4, 1, 12286, 4, 0, 2, 1, + 1, 4, 12287, 2, 1, 12288, 4, 3, 2, 12287, + 0, 1, 12287, 1, 12285, 12286, 2, 2, 0, 12286, + 12287, 0, 12288, 12285, 5, 12288, 0, 0, 12288, 3, + 12288, 0, 4, 0, 12288, 12286, 12287, 0, 0, 2, + 12283, 0, 12281, 1, 1, 3, 4, 2, 12284, 5, + 12288, 2, 3, 4, 12287, 3, 12288, 12287, 12288, 2, + 12286, 2, 0, 12286, 12286, 5, 12288, 2, 12288, 7, + 12286, 12286, 4, 12288, 12288, 12288, 5, 12287, 7, 12286, + 12282, 2, 12284, 0, 12288, 0, 2, 12283, 2, 5, + 4, 1, 12288, 12283, 5, 12288, 12288, 0, 0, 0, + 6, 1, 12286, 6, 4, 12287, 2, 12288, 12287, 12286, + 4, 5, 0, 1, 2, 1, 4, 12286, 1, 2, + 1, 1, 0, 12288, 12282, 1, 1, 3, 12284, 12288, + 0, 12287, 1, 12286, 12288, 6, 1, 5, 12287, 12285, + 2, 12288, 12288, 12284, 0, 12287, 2, 3, 5, 1, + 12286, 1, 12287, 0, 12284, 1, 5, 12283, 1, 1, + 12287, 12283, 12288, 0, 12287, 3, 0, 12288, 12286, 12287, + 8, 0, 0, 12288, 1, 3, 2, 3, 12287, 9, + 2, 3, 4, 12288, 3, 0, 12288, 12283, 0, 0, + 2, 4, 12287, 2, 12287, 12286, 12287, 2, 12287, 2, + 3, 1, 3, 1, 0, 1, 1, 5, 3, 12285, + 1, 12281, 12287, 12286, 1, 4, 12287, 12286, 12285, 4, + 2, 0, 12288, 12288, 12286, 12287, 12288, 1, 3, 4, + 0, 1, 12285, 4, 3, 12284, 1, 12288, 12285, 12288, + 0, 12281, 12288, 12285, 12285, 1, 12284, 12286, 12287, 0, + 0, 12287, 1, 12282, 4, 4, 12288, 1, 4, 12286, + 5, 4, 1, 5, 3, 1, 0, 6, 12288, 0, + 12288, 2, 12286, 12287, 6, 0, 12288, 0, 12287, 1, + 4, 0, 12282, 4, 1, 12286, 1, 12282, 3, 12285, + 12283, 12286, 12288, 4, 12284, 12286, 12286, 0, 12286, 0, + 0, 1, 12286, 1, 1, 4, 12284, 0, 3, 2, + 12288, 1, 2, 12287, 2, 1, 12288, 0, 1, 2, + 12286, 0, 6, 12285, 0, 1, 4, 0, 0, 3, + 2, 12287, 12285, 7, 1, 3, 1, 0, 12286, 12288, + 0, 12287, 1, 12286 } + } +}; + +START_TEST(test_newhope_noise_uniform) +{ + newhope_noise_t *noise; + uint8_t seed_buf[seed_len], *uniform; + chunk_t seed = { seed_buf, seed_len }; + + memset(seed_buf, 0x00, seed_len - 1); + seed_buf[seed_len - 1] = noises[_i].key; + + noise = newhope_noise_create(seed); + ck_assert(noise != NULL); + uniform = noise->get_uniform_bytes(noise, noises[_i].nonce, 64); + ck_assert(uniform != NULL); + ck_assert(memeq(uniform, noises[_i].uniform, 64)); + free(uniform); + noise->destroy(noise); +} +END_TEST + +START_TEST(test_newhope_noise_poly) +{ + newhope_noise_t *noise; + uint8_t seed_buf[seed_len]; + uint32_t *poly; + int i; + chunk_t seed = { seed_buf, seed_len }; + + memset(seed_buf, 0x00, seed_len - 1); + seed_buf[seed_len - 1] = noises[_i].key; + + noise = newhope_noise_create(seed); + ck_assert(noise != NULL); + poly = noise->get_binomial_words(noise, noises[_i].nonce, n, q); + ck_assert(poly != NULL); + for (i = 0; i < n; i++) + { + ck_assert(poly[i] == noises[_i].poly[i]); + } + free(poly); + noise->destroy(noise); +} +END_TEST + +static size_t seed_lengths[] = { 0, 1, 31, 33 }; + +START_TEST(test_newhope_noise_fail) +{ + newhope_noise_t *noise; + chunk_t seed; + + seed = chunk_alloc(seed_lengths[_i]); + memset(seed.ptr, 0x00, seed.len); + + noise = newhope_noise_create(seed); + ck_assert(noise == NULL); + chunk_free(&seed); +} +END_TEST + +Suite *newhope_noise_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("newhope_noise"); + + tc = tcase_create("noise_uniform"); + tcase_add_loop_test(tc, test_newhope_noise_uniform, 0, countof(noises)); + suite_add_tcase(s, tc); + + tc = tcase_create("noise_poly"); + tcase_add_loop_test(tc, test_newhope_noise_poly, 0, countof(noises)); + suite_add_tcase(s, tc); + + tc = tcase_create("noise_fail"); + tcase_add_loop_test(tc, test_newhope_noise_fail, 0, countof(seed_lengths)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c new file mode 100644 index 000000000..4432e34d6 --- /dev/null +++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_reconciliation.c @@ -0,0 +1,344 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include + +#include + +static const uint16_t n = 1024; +static const uint16_t q = 12289; + +static uint32_t r_v[] = { + 7832, 2714, 1942, 12135, 6869, 11272, 11601, 1783, 9639, 1465, + 4603, 8158, 1418, 6162, 3907, 6653, 1091, 3026, 4540, 4797, + 2751, 29, 768, 5580, 1304, 5262, 1644, 11294, 12257, 10466, + 170, 8458, 7185, 6850, 8790, 11277, 10980, 5507, 10693, 9766, + 7230, 3980, 796, 11125, 8042, 9022, 10207, 7577, 5041, 192, + 10308, 7905, 8520, 3814, 3372, 11772, 11290, 418, 2744, 4782, + 3072, 10921, 10721, 6100, 1021, 7943, 7426, 2142, 6618, 757, + 5033, 9336, 9332, 3410, 6613, 11776, 1525, 9567, 5371, 1290, + 3685, 11054, 11228, 10703, 70, 11215, 8992, 2855, 2962, 10104, + 10083, 8146, 7599, 3428, 4316, 10056, 1245, 9776, 7867, 1381, + 6540, 11273, 6626, 3708, 5348, 4521, 3760, 1771, 12037, 2681, + 3044, 10226, 5133, 5013, 7851, 7187, 1965, 6776, 223, 3003, + 4800, 10128, 9592, 8917, 10664, 7076, 2081, 5621, 2694, 8245, + 10979, 929, 10593, 10429, 6890, 6222, 5891, 6633, 12124, 1508, + 508, 9650, 2480, 10302, 3958, 4519, 5309, 8675, 6963, 5281, + 8265, 4851, 7173, 2537, 1176, 259, 6422, 6782, 1429, 7231, + 4948, 8137, 11341, 12090, 5395, 8087, 3098, 6724, 7462, 9973, + 149, 7331, 562, 9753, 1227, 768, 7520, 12107, 6199, 6503, + 9876, 306, 3876, 1903, 6306, 10288, 10184, 9401, 68, 5246, + 630, 10136, 133, 12082, 648, 8537, 3896, 4482, 12011, 5407, + 5305, 4301, 6551, 714, 5902, 11915, 3121, 5428, 5441, 5140, + 10139, 2091, 875, 9478, 11576, 8663, 10514, 1018, 8780, 6445, + 2501, 4204, 1276, 7474, 10594, 3808, 4367, 11469, 4875, 1899, + 9136, 1507, 6235, 6367, 3851, 7341, 9925, 4629, 9588, 3150, + 4739, 6109, 4850, 9944, 11565, 4995, 8383, 9623, 6248, 3020, + 1730, 3368, 3431, 8617, 6478, 7182, 8720, 1927, 6493, 9285, + 9779, 2800, 3730, 1754, 3772, 3124, 7569, 10008, 9240, 2493, + 4402, 5851, 2050, 8630, 5054, 8421, 1536, 7671, 5467, 9075, + 5881, 4355, 4554, 11354, 4048, 10335, 11033, 4252, 2558, 4363, + 10448, 327, 1675, 4755, 8227, 7705, 398, 10398, 9913, 4129, + 6571, 10743, 280, 6634, 796, 7264, 3916, 11349, 1415, 1187, + 692, 9980, 1647, 4267, 1001, 12229, 6040, 268, 1308, 531, + 3141, 7209, 1941, 4684, 10261, 1415, 8381, 4919, 11450, 1494, + 8237, 11023, 3380, 4448, 10101, 9232, 11040, 7799, 4958, 741, + 2234, 10436, 11442, 5073, 2908, 2355, 31, 7222, 5457, 3746, + 8920, 122, 8960, 5708, 1750, 11161, 4847, 3199, 7954, 2151, + 9419, 11678, 8997, 12016, 9690, 9605, 10718, 3735, 1617, 9574, + 10384, 11604, 9311, 687, 7145, 11891, 6529, 5052, 1342, 8735, + 7644, 6062, 6338, 8563, 2502, 5284, 220, 5224, 3771, 11067, + 11609, 2972, 3799, 2566, 7488, 6369, 7704, 6095, 3598, 12112, + 8545, 2026, 746, 3206, 2814, 8740, 1491, 5950, 8413, 4043, + 12036, 6082, 4131, 1941, 6942, 9396, 11267, 8912, 7344, 10371, + 9205, 9520, 12038, 4345, 8024, 10999, 8408, 4673, 6682, 8893, + 8668, 10099, 7658, 11896, 4276, 2042, 10707, 9793, 3152, 11961, + 3269, 5512, 5736, 5938, 9457, 10439, 10777, 6656, 3174, 9043, + 6046, 2519, 11912, 5244, 6214, 2071, 11317, 5285, 891, 6184, + 3819, 1563, 1474, 654, 5147, 2380, 10760, 4816, 3378, 1414, + 7784, 10067, 1809, 6320, 4789, 9359, 2747, 9424, 9074, 9473, + 3300, 6244, 104, 7612, 1105, 4276, 573, 1988, 923, 12047, + 7948, 4860, 3949, 4971, 6956, 2831, 2034, 289, 10946, 6970, + 3191, 5122, 2175, 1300, 6198, 256, 6433, 11646, 9119, 9723, + 1046, 5967, 1124, 6449, 2817, 692, 4649, 3089, 5050, 11261, + 2220, 3052, 12012, 10110, 1394, 2877, 10089, 11696, 4462, 5504, + 66, 2500, 5384, 7461, 5712, 8649, 9536, 7670, 2385, 3469, + 782, 2876, 7772, 6118, 142, 5396, 10951, 10556, 3450, 10602, + 1604, 7909, 3323, 39, 10258, 2262, 7113, 11313, 10203, 10846, + 9275, 4316, 965, 6006, 4458, 7926, 3171, 1797, 4659, 5336, + 5543, 250, 9230, 10720, 11970, 4511, 4311, 11763, 1283, 4044, + 2643, 3744, 4490, 5984, 8868, 8760, 11738, 6037, 9164, 7601, + 7544, 11117, 7322, 2081, 4034, 10791, 11491, 7027, 1615, 5338, + 8528, 3424, 2126, 927, 1650, 6068, 3812, 10958, 7574, 11032, + 6954, 6132, 2598, 9458, 11346, 1974, 3273, 1040, 10331, 8587, + 11017, 6864, 8246, 5328, 11330, 6779, 8761, 4342, 4595, 8610, + 161, 4622, 6411, 10708, 7896, 11431, 12097, 9500, 3376, 9561, + 10730, 2248, 3069, 1434, 8838, 566, 6397, 5881, 4956, 4203, + 8362, 6047, 3484, 4784, 9901, 8989, 862, 8817, 12186, 9876, + 9748, 1905, 5696, 9028, 5721, 2940, 10235, 2326, 2134, 6167, + 1019, 10851, 1253, 5588, 9149, 6532, 3959, 11598, 4068, 3299, + 8264, 9787, 7089, 2829, 6755, 6156, 455, 5900, 2839, 5921, + 2140, 7428, 2688, 11175, 9247, 6727, 11711, 1762, 6244, 3336, + 2308, 9922, 7883, 7007, 10890, 7013, 8452, 2743, 1482, 6927, + 7846, 6128, 5114, 4868, 7487, 4584, 6785, 460, 6747, 8894, + 9855, 12242, 3365, 1450, 6614, 3974, 5200, 3247, 2779, 8695, + 828, 10940, 2304, 376, 3027, 3898, 10351, 1879, 10262, 2512, + 5487, 4280, 10297, 8480, 9481, 7905, 197, 8361, 4927, 705, + 9671, 6722, 2589, 8772, 1078, 333, 8696, 6267, 7420, 4471, + 8994, 5038, 5318, 1846, 2574, 8779, 10724, 825, 7399, 7073, + 4422, 8385, 5171, 8849, 11344, 10735, 8483, 2241, 11738, 6581, + 10699, 2777, 6531, 4678, 7608, 10871, 3501, 9239, 7252, 11828, + 7873, 9606, 4526, 5958, 8505, 11233, 9638, 2421, 5652, 3095, + 9049, 11347, 6274, 1405, 11114, 11208, 5703, 10774, 3011, 11633, + 5741, 9601, 5507, 4527, 3501, 5707, 8698, 178, 12091, 325, + 6056, 635, 3772, 12169, 10509, 6528, 3573, 3675, 3389, 3161, + 1148, 2687, 3509, 6639, 10452, 11804, 5355, 1085, 9580, 7106, + 1396, 8279, 4881, 3402, 7803, 8801, 6142, 7623, 4386, 9291, + 1502, 500, 11809, 6655, 2674, 10061, 1650, 5422, 8936, 10011, + 1193, 9619, 1435, 8285, 4038, 9984, 9732, 4477, 1251, 7106, + 7817, 10062, 3378, 5608, 2395, 2563, 1957, 3768, 4160, 7267, + 11631, 2171, 4771, 6927, 4330, 10482, 6204, 11022, 7895, 1924, + 3648, 1991, 6628, 10136, 2916, 5416, 7827, 1479, 2312, 9991, + 7915, 5431, 10911, 10979, 4527, 436, 10521, 5725, 2201, 10198, + 662, 1691, 8867, 10008, 9359, 5291, 567, 5725, 10329, 4772, + 2813, 7323, 5646, 1861, 9922, 1831, 9356, 1219, 4107, 9999, + 4569, 9092, 833, 1602, 4258, 1443, 1484, 4036, 5415, 3767, + 9992, 412, 9343, 2251, 10513, 9067, 1494, 11893, 744, 1978, + 11259, 3614, 7459, 5254, 4232, 5148, 4119, 11550, 6425, 4933, + 4292, 10521, 9657, 9632, 4613, 7738, 5561, 8806, 3501, 3731, + 11329, 2693, 11581, 6393, 10176, 10773, 1790, 1809, 9186, 12085, + 5418, 7223, 1077, 1527, 10917, 4236, 7668, 11754, 6655, 7696, + 1809, 11512, 3618, 5857, 7512, 1044, 7970, 6825, 4897, 2870, + 126, 8619, 10445, 3883, 4238, 4051, 399, 1580, 9893, 11046, + 2955, 6520, 5435, 1891, 1254, 12135, 4122, 10512, 11960, 6196, + 3443, 10118, 1689, 10877 +}; + +static uint32_t i_v[] = { + 8355, 2010, 1416, 12110, 6361, 11296, 11668, 1446, 9822, 947, + 5422, 8211, 1824, 6158, 3458, 6435, 685, 2707, 4804, 4929, + 3204, 12158, 674, 5703, 1125, 5085, 1358, 10956, 12216, 11164, + 12112, 8359, 7018, 7038, 9099, 11789, 10574, 5991, 10736, 9335, + 7898, 4429, 587, 11156, 7912, 9063, 9673, 6792, 5530, 648, + 10203, 7284, 7935, 4177, 3514, 11488, 10998, 12254, 2913, 4827, + 2446, 10965, 10718, 5569, 1023, 8150, 7440, 1928, 6384, 802, + 4726, 9738, 10374, 3842, 6761, 11788, 1133, 9413, 5818, 1099, + 3710, 11315, 11667, 10285, 12431, 11195, 9193, 2842, 2267, 9902, + 10076, 7409, 6751, 3748, 4487, 9961, 1547, 10060, 7443, 1276, + 6827, 10798, 6323, 4038, 5508, 4006, 3300, 1774, 255, 2688, + 3238, 10275, 4911, 5648, 7842, 7506, 1769, 6425, 195, 3176, + 4455, 10337, 9451, 8912, 10445, 7646, 2837, 5109, 3033, 8668, + 10295, 744, 10869, 10204, 6825, 6326, 6299, 7208, 11886, 1246, + 704, 9626, 2538, 10932, 3903, 4545, 5111, 9006, 6698, 5008, + 8464, 4679, 7230, 2223, 707, 705, 6592, 6207, 1114, 7645, + 5374, 7595, 11064, 746, 5585, 8248, 2921, 7004, 6595, 9985, + 506, 7147, 793, 9605, 596, 962, 8223, 11771, 6438, 6663, + 9519, 12013, 4302, 2216, 6633, 10351, 10096, 9645, 347, 4601, + 596, 10448, 12051, 12376, 1544, 8939, 5114, 4052, 11408, 5947, + 5368, 4270, 6747, 423, 6283, 11211, 2574, 5974, 5533, 5143, + 9757, 2155, 729, 9776, 11989, 8808, 11057, 1519, 9187, 5996, + 2966, 3865, 1409, 8023, 10648, 4397, 5082, 10832, 4769, 2068, + 9226, 1790, 5911, 6534, 3780, 7312, 9388, 5014, 9054, 3445, + 4659, 6203, 5234, 9490, 11060, 4214, 8978, 9789, 6201, 3088, + 1988, 3057, 3762, 8725, 7322, 7583, 8233, 1394, 6534, 9221, + 9736, 2738, 3837, 2595, 4012, 3674, 7505, 10231, 8080, 2402, + 3977, 5928, 1942, 8421, 5507, 8422, 1238, 6909, 5800, 9613, + 6083, 4382, 4669, 11670, 4032, 10762, 11623, 4387, 3728, 4656, + 9701, 722, 1255, 4495, 8158, 7762, 792, 10307, 9813, 3904, + 6081, 11003, 12045, 6718, 1089, 7327, 4381, 11188, 943, 1740, + 563, 10251, 756, 5027, 848, 325, 6547, 12288, 1222, 12189, + 3641, 7314, 2049, 5254, 10043, 1068, 7906, 4741, 11639, 1981, + 7660, 10911, 2746, 4536, 10068, 9700, 11057, 8114, 5556, 253, + 2292, 10686, 11848, 5306, 3092, 2570, 12167, 7101, 5245, 3463, + 8627, 12513, 9010, 5356, 1633, 10462, 4545, 3614, 7245, 1887, + 9738, 11902, 8716, 12035, 9958, 9421, 11063, 3759, 883, 9754, + 10730, 11706, 9132, 540, 6726, 11382, 7038, 4407, 1225, 8606, + 7689, 5894, 6553, 7908, 2454, 4939, 613, 5811, 3580, 11792, + 11364, 3153, 3698, 2604, 7470, 6053, 7699, 6018, 4289, 11497, + 8580, 2249, 718, 2444, 2972, 8812, 1710, 6317, 8718, 4194, + 12288, 5837, 3698, 2216, 7402, 9045, 11194, 8500, 7238, 10686, + 9409, 9867, 12264, 3859, 7673, 11659, 8496, 4618, 6465, 8811, + 9114, 10740, 7738, 11850, 4142, 2493, 11136, 9623, 3071, 11701, + 2925, 5043, 6151, 6221, 9642, 10846, 11145, 6315, 3741, 9123, + 5131, 2585, 11337, 4786, 5844, 1485, 11505, 5205, 797, 5955, + 3717, 1756, 1551, 1122, 5057, 2585, 10857, 5129, 3557, 1254, + 7750, 9688, 2462, 6415, 4345, 9460, 2957, 8793, 9210, 9242, + 3487, 6506, 11888, 7563, 1078, 4486, 406, 2261, 867, 11965, + 7979, 4533, 3654, 4747, 6636, 3166, 2114, 380, 9715, 7132, + 2982, 5024, 1817, 1231, 6210, 12377, 6280, 10882, 9937, 9587, + 633, 5668, 899, 6176, 2431, 956, 5022, 3094, 4658, 11168, + 2989, 2654, 11990, 10494, 1691, 3017, 10044, 11882, 4020, 5342, + 11911, 2426, 5748, 7592, 6340, 9214, 9357, 7169, 2109, 3210, + 415, 3024, 7791, 5684, 246, 5134, 11335, 10092, 3133, 10427, + 1502, 7739, 3272, 169, 9521, 2550, 7327, 11309, 10815, 10146, + 9157, 4579, 1022, 6447, 4233, 8488, 2958, 1715, 4215, 4965, + 5728, 551, 8942, 10845, 11881, 4472, 4331, 304, 1183, 3798, + 1968, 3993, 4889, 6145, 8841, 8816, 11283, 6578, 9212, 8161, + 7003, 11574, 7764, 1678, 4138, 10444, 11880, 7101, 1390, 4743, + 8320, 3026, 2338, 1203, 1562, 6502, 3103, 10770, 7608, 11097, + 6745, 6037, 2926, 9489, 10782, 1853, 3482, 524, 11063, 8299, + 11092, 6838, 7779, 4598, 11245, 7274, 8908, 3886, 4440, 8651, + 11949, 5344, 6954, 11015, 8333, 11347, 12677, 8716, 3514, 9892, + 10366, 2029, 2875, 1540, 9013, 250, 6393, 5618, 4565, 3687, + 8340, 6420, 3632, 5032, 9408, 9738, 961, 8653, 12315, 10459, + 9883, 2074, 5357, 9341, 4850, 2514, 9746, 2605, 2394, 5928, + 808, 10443, 1589, 5673, 9176, 6593, 3404, 12254, 4230, 3630, + 7958, 10065, 7471, 2432, 6626, 6517, 382, 6131, 2888, 5440, + 1571, 7341, 2841, 11202, 9462, 7180, 11206, 1433, 6183, 3882, + 2105, 9906, 8076, 7074, 10572, 7262, 8456, 2979, 1095, 6891, + 8025, 5914, 5380, 4300, 7363, 4989, 6788, 1043, 6836, 8710, + 10099, 12310, 3997, 2102, 7002, 4041, 4948, 2601, 2958, 8665, + 984, 10820, 1940, 541, 3377, 3533, 9357, 2049, 10721, 2732, + 5355, 4280, 10281, 8056, 9557, 7749, 611, 8255, 4854, 708, + 9199, 7033, 2582, 8343, 820, 944, 8651, 5547, 7052, 4723, + 8972, 5594, 5314, 1938, 2539, 8789, 10341, 12368, 7475, 6903, + 4436, 8346, 5391, 8336, 10864, 10397, 8517, 2078, 12127, 6612, + 10511, 2970, 6576, 5166, 7744, 10934, 3186, 9515, 6831, 12085, + 7284, 9791, 4755, 6341, 8713, 11526, 9392, 2122, 5743, 2776, + 9581, 11396, 7006, 1465, 11235, 10997, 5776, 10401, 2929, 11732, + 5847, 9512, 6068, 3934, 3730, 5813, 9195, 410, 11698, 896, + 6321, 1310, 3478, 11649, 10201, 6850, 3612, 3451, 3569, 3266, + 747, 3151, 3352, 6497, 10445, 11501, 5306, 1026, 9712, 7294, + 813, 8005, 5090, 2905, 7903, 8358, 6290, 7756, 3955, 9471, + 1858, 699, 11847, 7292, 2165, 10556, 1038, 5289, 8693, 9698, + 1702, 10228, 1412, 8681, 3330, 10042, 8888, 4257, 1201, 7422, + 7956, 10019, 3011, 5956, 2188, 2407, 1986, 3847, 4345, 7427, + 12091, 1763, 3885, 6731, 4172, 10828, 6129, 10972, 7878, 2189, + 3988, 2125, 6536, 10663, 3100, 5129, 7656, 1053, 2303, 10149, + 8087, 5666, 11151, 10962, 4905, 779, 10113, 5451, 1509, 9590, + 735, 1626, 8419, 10607, 9293, 5778, 907, 5527, 10408, 5454, + 2266, 7131, 6332, 2055, 10105, 1188, 9842, 2059, 4417, 10026, + 4339, 9779, 680, 1731, 4958, 1589, 1866, 3797, 5058, 3735, + 9899, 543, 9330, 2436, 10757, 9010, 1270, 12232, 1122, 2222, + 10945, 3733, 7454, 5251, 4185, 5118, 4331, 12022, 5900, 4767, + 4393, 10252, 9957, 9653, 4674, 7705, 5694, 9123, 3882, 3137, + 11627, 2712, 11985, 6346, 9990, 10760, 1869, 1778, 8899, 12168, + 5207, 7250, 1088, 1131, 11567, 4337, 8286, 11660, 7152, 8010, + 2286, 11335, 2984, 5740, 7114, 806, 7579, 7119, 5122, 2917, + 541, 7913, 10555, 3684, 4720, 3954, 517, 1526, 9712, 10854, + 1921, 6897, 4704, 2141, 1602, 11880, 4548, 10569, 11521, 6408, + 3609, 9752, 1960, 10934 +}; + +static uint8_t rbits[] = { + 0x3f, 0xff, 0xaf, 0x0f, 0x6b, 0xb2, 0xb8, 0x46, 0x53, 0x44, + 0x95, 0x98, 0x0a, 0x85, 0x0c, 0xfc, 0xc4, 0x86, 0xcc, 0x69, + 0xc6, 0xd9, 0xfa, 0xee, 0x19, 0xa6, 0x34, 0x0f, 0x35, 0xc4, + 0xdc, 0x08 +}; + +static uint8_t r_ref[] = { + 0, 3, 3, 1, 1, 1, 0, 1, 0, 3, 2, 0, 1, 1, 3, 0, 2, 1, 0, 3, + 2, 1, 2, 3, 3, 0, 2, 0, 1, 3, 3, 2, 3, 3, 0, 3, 0, 2, 2, 0, + 1, 1, 2, 0, 1, 1, 2, 1, 3, 0, 0, 3, 1, 1, 0, 0, 0, 2, 0, 1, + 0, 2, 3, 1, 3, 0, 3, 1, 0, 0, 2, 1, 3, 3, 1, 3, 2, 1, 0, 2, + 0, 0, 3, 3, 0, 1, 2, 2, 0, 1, 0, 3, 2, 2, 1, 1, 3, 0, 3, 3, + 2, 2, 0, 2, 1, 0, 0, 0, 3, 0, 3, 1, 2, 1, 1, 0, 3, 3, 2, 1, + 3, 3, 2, 2, 1, 3, 0, 0, 2, 2, 3, 1, 1, 2, 2, 2, 0, 2, 0, 2, + 0, 0, 1, 2, 2, 2, 3, 1, 2, 0, 3, 0, 1, 3, 2, 3, 3, 1, 1, 2, + 0, 0, 2, 1, 2, 2, 0, 2, 2, 2, 2, 1, 1, 3, 1, 3, 3, 1, 2, 2, + 3, 0, 1, 0, 0, 2, 2, 1, 3, 2, 2, 2, 3, 1, 1, 0, 0, 3, 2, 3, + 0, 0, 3, 3, 2, 2, 2, 2, 1, 1, 0, 1, 2, 1, 3, 2, 0, 3, 0, 2, + 3, 3, 3, 3, 2, 3, 3, 3, 3, 2, 1, 0, 2, 3, 2, 1, 2, 0, 3, 0, + 2, 2, 1, 1, 2, 1, 2, 0, 1, 2, 1, 3, 0, 0, 2, 3, 0, 3, 1, 0, + 2, 2, 2, 1, 2, 0, 3, 1, 0, 0, 3, 0, 2, 3, 1, 0, 2, 3, 3, 0, + 0, 0, 3, 0, 2, 3, 2, 0, 2, 2, 1, 0, 1, 2, 1, 3, 3, 3, 1, 2, + 1, 2, 3, 1, 1, 2, 2, 0, 3, 0, 3, 3, 1, 3, 3, 3, 1, 3, 0, 3, + 0, 0, 1, 2, 1, 0, 3, 0, 0, 2, 1, 3, 3, 3, 1, 1, 2, 3, 1, 0, + 1, 1, 3, 3, 0, 3, 1, 3, 1, 2, 2, 2, 1, 3, 1, 2, 1, 3, 0, 1, + 2, 2, 2, 3, 3, 2, 2, 3, 1, 2, 2, 1, 2, 1, 0, 0, 0, 1, 3, 2, + 0, 3, 1, 1, 2, 1, 3, 2, 3, 2, 0, 1, 0, 1, 3, 0, 2, 3, 1, 3, + 0, 1, 1, 3, 1, 1, 1, 0, 2, 3, 2, 1, 2, 0, 3, 3, 2, 0, 1, 0, + 3, 3, 3, 1, 2, 2, 1, 0, 3, 3, 0, 2, 3, 1, 1, 1, 3, 3, 1, 3, + 3, 0, 1, 0, 2, 0, 1, 1, 0, 0, 3, 2, 2, 3, 0, 2, 2, 0, 1, 1, + 1, 3, 1, 1, 1, 0, 1, 2, 3, 2, 2, 3, 1, 1, 3, 3, 3, 1, 2, 0, + 0, 0, 2, 2, 2, 3, 2, 0, 0, 1, 3, 0, 0, 0, 2, 0, 1, 0, 3, 0, + 3, 1, 0, 1, 1, 1, 2, 2, 2, 0, 0, 2, 2, 0, 3, 1, 0, 2, 2, 0, + 2, 0, 0, 1, 1, 0, 1, 2, 3, 2, 3, 2, 3, 3, 3, 0, 2, 1, 2, 2, + 1, 0, 1, 1, 1, 2, 1, 3, 2, 0, 3, 3, 0, 0, 1, 1, 1, 2, 2, 2, + 0, 1, 1, 2, 0, 2, 0, 1, 2, 0, 1, 3, 2, 2, 3, 0, 0, 1, 1, 2, + 3, 1, 2, 0, 3, 0, 2, 1, 0, 0, 0, 1, 1, 1, 1, 3, 0, 0, 0, 3, + 2, 3, 2, 1, 0, 3, 1, 1, 1, 1, 3, 0, 0, 1, 1, 1, 0, 3, 2, 2, + 3, 1, 1, 3, 0, 1, 1, 3, 0, 3, 2, 2, 0, 3, 1, 3, 1, 0, 0, 1, + 1, 0, 0, 1, 0, 3, 2, 2, 0, 1, 3, 0, 1, 3, 3, 2, 1, 3, 1, 1, + 3, 3, 2, 1, 1, 3, 1, 0, 2, 1, 1, 3, 3, 3, 1, 3, 1, 3, 0, 1, + 2, 2, 0, 3, 3, 2, 1, 1, 1, 3, 0, 2, 0, 3, 3, 1, 2, 3, 1, 3, + 0, 0, 0, 1, 3, 3, 0, 2, 3, 0, 1, 3, 0, 0, 3, 0, 2, 2, 3, 3, + 3, 3, 2, 1, 0, 3, 1, 1, 1, 2, 2, 0, 3, 2, 0, 2, 2, 3, 1, 0, + 3, 3, 1, 2, 3, 0, 1, 1, 0, 3, 3, 1, 1, 3, 0, 2, 1, 2, 2, 2, + 2, 3, 2, 3, 0, 0, 3, 1, 1, 0, 3, 2, 3, 2, 3, 3, 2, 2, 3, 1, + 3, 2, 1, 0, 1, 0, 2, 2, 1, 3, 1, 2, 3, 3, 1, 3, 2, 1, 3, 2, + 2, 3, 1, 1, 3, 3, 3, 3, 2, 0, 0, 3, 3, 3, 2, 3, 2, 0, 3, 0, + 3, 1, 2, 0, 3, 0, 2, 2, 2, 3, 1, 2, 2, 1, 3, 3, 0, 1, 3, 0, + 0, 1, 3, 2, 1, 1, 0, 1, 3, 3, 1, 1, 0, 1, 2, 2, 2, 0, 2, 3, + 1, 2, 1, 1, 3, 2, 3, 3, 1, 0, 1, 3, 2, 3, 2, 2, 1, 2, 3, 1, + 3, 2, 3, 1, 3, 3, 0, 3, 1, 1, 3, 2, 1, 2, 2, 0, 1, 1, 2, 3, + 1, 3, 0, 0, 3, 0, 3, 0, 1, 2, 0, 2, 2, 3, 2, 0, 0, 0, 3, 0, + 2, 0, 0, 2, 2, 2, 3, 1, 3, 2, 3, 2, 0, 1, 2, 1, 1, 3, 0, 3, + 2, 0, 2, 2, 3, 2, 1, 0, 1, 1, 0, 2, 0, 3, 2, 0, 2, 3, 1, 3, + 2, 2, 2, 2, 3, 1, 0, 2, 3, 3, 3, 2, 0, 0, 3, 3, 1, 2, 2, 3, + 0, 1, 1, 1, 3, 2, 1, 0, 0, 1, 2, 3, 3, 0, 1, 1, 1, 1, 0, 1, + 0, 2, 3, 3, 3, 3, 0, 2, 3, 0, 1, 0, 0, 1, 1, 3, 2, 2, 0, 0, + 2, 2, 1, 3 +}; + +static chunk_t shared_secret = chunk_from_chars( + 0x14, 0x22, 0x06, 0xe3, 0x48, 0xf3, 0xfa, 0xfc, 0x21, 0x0d, + 0x5d, 0x51, 0x19, 0x7f, 0x16, 0x4e, 0xe6, 0xd3, 0x10, 0xa9, + 0xf5, 0xab, 0xfc, 0x96, 0x11, 0x1b, 0xc3, 0x4a, 0x89, 0xf9, + 0x66, 0x55 +); + +START_TEST(test_newhope_rec_good) +{ + newhope_reconciliation_t *rec; + chunk_t i_shared_secret, r_shared_secret; + uint8_t *r; + + rec = newhope_reconciliation_create(n, q); + ck_assert(rec != NULL); + + r = rec->help_reconcile(rec, r_v, rbits); + ck_assert(memeq(r, r_ref, n)); + + r_shared_secret = rec->reconcile(rec, r_v, r); + ck_assert(chunk_equals(r_shared_secret, shared_secret)); + + i_shared_secret = rec->reconcile(rec, i_v, r); + ck_assert(chunk_equals(i_shared_secret, shared_secret)); + + /* cleanup */ + rec->destroy(rec); + chunk_free(&i_shared_secret); + chunk_free(&r_shared_secret); + free(r); +} +END_TEST + +Suite *newhope_reconciliation_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("newhope_reconciliation"); + + tc = tcase_create("rec_good"); + tcase_add_test(tc, test_newhope_rec_good); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 58a27509b..a19b2c4c0 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index fd123a118..5cbba3920 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index efc660bed..17309b149 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -25,22 +25,22 @@ typedef struct private_ntru_ke_t private_ntru_ke_t; /* Best bandwidth and speed, no X9.98 compatibility */ -static ntru_param_set_id_t param_sets_optimum[] = { +static const ntru_param_set_id_t param_sets_optimum[] = { NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1 }; /* X9.98/IEEE 1363.1 parameter sets for best speed */ -static ntru_param_set_id_t param_sets_x9_98_speed[] = { +static const ntru_param_set_id_t param_sets_x9_98_speed[] = { NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1 }; /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ -static ntru_param_set_id_t param_sets_x9_98_bandwidth[] = { +static const ntru_param_set_id_t param_sets_x9_98_bandwidth[] = { NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2 }; /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */ -static ntru_param_set_id_t param_sets_x9_98_balance[] = { +static const ntru_param_set_id_t param_sets_x9_98_balance[] = { NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1 }; @@ -61,7 +61,7 @@ struct private_ntru_ke_t { /** * NTRU Parameter Set */ - ntru_param_set_t *param_set; + const ntru_param_set_t *param_set; /** * Cryptographical strength in bits of the NTRU Parameter Set @@ -243,7 +243,8 @@ METHOD(diffie_hellman_t, destroy, void, ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) { private_ntru_ke_t *this; - ntru_param_set_id_t *param_sets, param_set_id; + const ntru_param_set_id_t *param_sets; + ntru_param_set_id_t param_set_id; rng_t *entropy; ntru_drbg_t *drbg; char *parameter_set; diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.c b/src/libstrongswan/plugins/ntru/ntru_param_set.c index 4af1e3091..3b2716e28 100644 --- a/src/libstrongswan/plugins/ntru/ntru_param_set.c +++ b/src/libstrongswan/plugins/ntru/ntru_param_set.c @@ -41,7 +41,7 @@ ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1, /** * NTRU encryption parameter set definitions */ -static ntru_param_set_t ntru_param_sets[] = { +static const ntru_param_set_t ntru_param_sets[] = { /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ { @@ -340,7 +340,7 @@ static ntru_param_set_t ntru_param_sets[] = { /** * See header. */ -ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id) +const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id) { int i; @@ -358,7 +358,7 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id) /** * See header. */ -ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid) +const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid) { int i; diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.h b/src/libstrongswan/plugins/ntru/ntru_param_set.h index df4e55333..3ec0f833f 100644 --- a/src/libstrongswan/plugins/ntru/ntru_param_set.h +++ b/src/libstrongswan/plugins/ntru/ntru_param_set.h @@ -80,23 +80,81 @@ extern enum_name_t *ntru_param_set_id_names; * NTRU encryption parameter set definitions */ struct ntru_param_set_t { - ntru_param_set_id_t id; /* NTRU parameter set ID */ - uint8_t oid[NTRU_OID_LEN]; /* pointer to OID */ - uint8_t der_id; /* parameter-set DER id */ - uint8_t N_bits; /* no. of bits in N (i.e. in an index */ - uint16_t N; /* ring dimension */ - uint16_t sec_strength_len; /* no. of octets of security strength */ - uint16_t q; /* big modulus */ - uint8_t q_bits; /* no. of bits in q (i.e. in a coefficient */ - bool is_product_form; /* if product form used */ - uint32_t dF_r; /* no. of +1 or -1 coefficients in ring elements - F, r */ - uint16_t dg; /* no. - 1 of +1 coefficients or - no. of -1 coefficients in ring element g */ - uint16_t m_len_max; /* max no. of plaintext octets */ - uint16_t min_msg_rep_wt; /* min. message representative weight */ - uint8_t c_bits; /* no. bits in candidate for deriving an index */ - uint8_t m_len_len; /* no. of octets to hold mLenOctets */ + + /** + * NTRU parameter set ID + */ + const ntru_param_set_id_t id; + + /** + * pointer to OID + */ + const uint8_t oid[NTRU_OID_LEN]; + + /** + * parameter-set DER id + */ + const uint8_t der_id; + + /** + * no. of bits in N (i.e. in an index + */ + const uint8_t N_bits; + + /** + * ring dimension + */ + const uint16_t N; + + /** + * no. of octets of security strength + */ + const uint16_t sec_strength_len; + + /** + * big modulus + */ + const uint16_t q; + + /** + * no. of bits in q (i.e. in a coefficient) + */ + const uint8_t q_bits; + + /** + * if product form used + */ + const bool is_product_form; + + /** + * no. of +1 or -1 coefficients in ring elements F, r + */ + const uint32_t dF_r; + + /** + * no. - 1 of +1 coefficients or no. of -1 coefficients in ring element g + */ + const uint16_t dg; + + /** + * max no. of plaintext octets + */ + const uint16_t m_len_max; + + /** + * min. message representative weight + */ + const uint16_t min_msg_rep_wt; + + /** + * no. bits in candidate for deriving an index + */ + const uint8_t c_bits; + + /** + * no. of octets to hold mLenOctets + */ + const uint8_t m_len_len; }; /** @@ -105,7 +163,7 @@ struct ntru_param_set_t { * @param id NTRU parameter set ID * @return NTRU parameter set */ -ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id); +const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id); /** * Get NTRU encryption parameter set by NTRU parameter set OID @@ -113,6 +171,6 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id); * @param oid NTRU parameter set OID * @return NTRU parameter set */ -ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid); +const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid); #endif /** NTRU_PARAM_SET_H_ @}*/ diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c index 66be7c75b..dc6bd3167 100644 --- a/src/libstrongswan/plugins/ntru/ntru_plugin.c +++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -43,13 +43,21 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_REGISTER(DH, ntru_ke_create), PLUGIN_PROVIDE(DH, NTRU_112_BIT), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1), PLUGIN_PROVIDE(DH, NTRU_128_BIT), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1), PLUGIN_PROVIDE(DH, NTRU_192_BIT), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256), PLUGIN_PROVIDE(DH, NTRU_256_BIT), PLUGIN_DEPENDS(RNG, RNG_TRUE), PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), - PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_SDEPEND(HASHER, HASH_SHA1) + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256), }; *features = f; diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c index cb11601cd..b2fca2f7f 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.c +++ b/src/libstrongswan/plugins/ntru/ntru_poly.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2009-2013 Security Innovation @@ -17,7 +17,7 @@ #include "ntru_poly.h" -#include +#include #include #include @@ -290,8 +290,9 @@ static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q, /* * Described in header. */ -ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed, - uint8_t c_bits, uint16_t N, uint16_t q, +ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type, + chunk_t seed, uint8_t c_bits, + uint16_t N, uint16_t q, uint32_t indices_len_p, uint32_t indices_len_m, bool is_product_form) @@ -300,9 +301,9 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed, int n, num_indices, index_i = 0; uint32_t index, limit; uint8_t *used; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; - bitspender = mgf1_bitspender_create(alg, seed, TRUE); + bitspender = xof_bitspender_create(mgf1_type, seed, TRUE); if (!bitspender) { return NULL; diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h index 87c77103c..765b72bdd 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.h +++ b/src/libstrongswan/plugins/ntru/ntru_poly.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ typedef struct ntru_poly_t ntru_poly_t; #include +#include /** * Implements a trinary polynomial storing the indices of non-zero coefficients @@ -63,9 +64,9 @@ struct ntru_poly_t { }; /** - * Create a trits polynomial from a seed using MGF1 with a base hash function + * Create a trits polynomial from a seed using MGF1 * - * @param alg hash algorithm to be used by MGF1 + * @param alg MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256) * @param seed seed used by MGF1 to generate trits from * @param N ring dimension, number of polynomial coefficients * @param q large modulus @@ -74,7 +75,7 @@ struct ntru_poly_t { * @param indices_len_m number of indices for -1 coefficients * @param is_product_form generate multiple polynomials */ -ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed, +ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg, chunk_t seed, uint8_t c_bits, uint16_t N, uint16_t q, uint32_t indices_len_p, uint32_t indices_len_m, diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c index fa87fe9c3..844c8baf3 100644 --- a/src/libstrongswan/plugins/ntru/ntru_private_key.c +++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2009-2013 Security Innovation @@ -38,7 +38,7 @@ struct private_ntru_private_key_t { /** * NTRU Parameter Set */ - ntru_param_set_t *params; + const ntru_param_set_t *params; /** * Polynomial F which is the private key @@ -178,7 +178,7 @@ bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt) METHOD(ntru_private_key_t, decrypt, bool, private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext) { - hash_algorithm_t hash_algid; + ext_out_function_t alg; size_t t_len, seed1_len, seed2_len; uint16_t *t1, *t2, *t = NULL; uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros; @@ -206,9 +206,9 @@ METHOD(ntru_private_key_t, decrypt, bool, Mtrin = (uint8_t *)t1; M = Mtrin + this->params->N; - /* set hash algorithm based on security strength */ - hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 : - HASH_SHA256; + /* set MGF1 algorithm type based on security strength */ + alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 : + XOF_MGF1_SHA256; /* set constants */ mod_q_mask = this->params->q - 1; @@ -307,7 +307,7 @@ METHOD(ntru_private_key_t, decrypt, bool, ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr); /* form mask */ - mask = ntru_trits_create(this->params->N, hash_algid, seed); + mask = ntru_trits_create(this->params->N, alg, seed); if (!mask) { DBG1(DBG_LIB, "mask creation failed"); @@ -390,9 +390,8 @@ METHOD(ntru_private_key_t, decrypt, bool, /* generate cr */ DBG2(DBG_LIB, "generate polynomial r"); - r_poly = ntru_poly_create_from_seed(hash_algid, seed, - this->params->c_bits, this->params->N, - this->params->q, this->params->dF_r, + r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits, + this->params->N, this->params->q, this->params->dF_r, this->params->dF_r, this->params->is_product_form); if (!r_poly) { @@ -642,13 +641,13 @@ static bool ring_inv(uint16_t *a, uint16_t N, uint16_t q, uint16_t *t, * Described in header. */ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, - ntru_param_set_t *params) + const ntru_param_set_t *params) { private_ntru_private_key_t *this; size_t t_len; uint16_t *t1, *t2, *t = NULL; uint16_t mod_q_mask; - hash_algorithm_t hash_algid; + ext_out_function_t alg; ntru_poly_t *g_poly; chunk_t seed; int i; @@ -667,14 +666,8 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, ); /* set hash algorithm and seed length based on security strength */ - if (params->sec_strength_len <= 20) - { - hash_algid = HASH_SHA1; - } - else - { - hash_algid = HASH_SHA256; - } + alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 : + XOF_MGF1_SHA256; seed =chunk_alloc(params->sec_strength_len + 8); /* get random seed for generating trinary F as a list of indices */ @@ -685,7 +678,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, } DBG2(DBG_LIB, "generate polynomial F"); - this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits, params->N, params->q, params->dF_r, params->dF_r, params->is_product_form); @@ -729,7 +722,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, } DBG2(DBG_LIB, "generate polynomial g"); - g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits, params->N, params->q, params->dg + 1, params->dg, FALSE); if (!g_poly) @@ -775,7 +768,7 @@ ntru_private_key_t *ntru_private_key_create_from_data(ntru_drbg_t *drbg, size_t privkey_packed_trits_len, privkey_packed_indices_len; uint8_t *privkey_packed, tag; uint16_t *indices, dF; - ntru_param_set_t *params; + const ntru_param_set_t *params; header_len = 2 + NTRU_OID_LEN; diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.h b/src/libstrongswan/plugins/ntru/ntru_private_key.h index c6f08440f..ced806d7a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_private_key.h +++ b/src/libstrongswan/plugins/ntru/ntru_private_key.h @@ -77,7 +77,8 @@ struct ntru_private_key_t { * @param drbg Digital Random Bit Generator used for key generation * @param params NTRU encryption parameter set to be used */ -ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, ntru_param_set_t *params); +ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, + const ntru_param_set_t *params); /** * Creates an NTRU encryption private key from encoding diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.c b/src/libstrongswan/plugins/ntru/ntru_public_key.c index a2ff1b2b0..36d9abf0a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_public_key.c +++ b/src/libstrongswan/plugins/ntru/ntru_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2009-2013 Security Innovation @@ -37,7 +37,7 @@ struct private_ntru_public_key_t { /** * NTRU Parameter Set */ - ntru_param_set_t *params; + const ntru_param_set_t *params; /** * Polynomial h which is the public key @@ -102,7 +102,7 @@ extern bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt); METHOD(ntru_public_key_t, encrypt, bool, private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext) { - hash_algorithm_t hash_algid; + ext_out_function_t alg; size_t t_len, seed1_len, seed2_len; uint16_t *t1, *t = NULL; uint8_t b[MAX_SEC_STRENGTH_LEN]; @@ -139,8 +139,8 @@ METHOD(ntru_public_key_t, encrypt, bool, M = Mtrin + this->params->N; /* set hash algorithm based on security strength */ - hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 : - HASH_SHA256; + alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 : + XOF_MGF1_SHA256; /* set constants */ mod_q_mask = this->params->q - 1; @@ -173,7 +173,7 @@ METHOD(ntru_public_key_t, encrypt, bool, seed.len = seed2_len; DBG2(DBG_LIB, "generate polynomial r"); - r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits, + r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits, this->params->N, this->params->q, this->params->dF_r, this->params->dF_r, this->params->is_product_form); @@ -191,7 +191,7 @@ METHOD(ntru_public_key_t, encrypt, bool, seed.len = seed1_len; /* form mask */ - mask = ntru_trits_create(this->params->N, hash_algid, seed); + mask = ntru_trits_create(this->params->N, alg, seed); if (!mask) { DBG1(DBG_LIB, "mask creation failed"); @@ -320,7 +320,7 @@ METHOD(ntru_public_key_t, destroy, void, * Described in header. */ ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, - ntru_param_set_t *params, + const ntru_param_set_t *params, uint16_t *pubkey) { private_ntru_public_key_t *this; @@ -357,7 +357,7 @@ ntru_public_key_t *ntru_public_key_create_from_data(ntru_drbg_t *drbg, { private_ntru_public_key_t *this; size_t header_len, pubkey_packed_len; - ntru_param_set_t *params; + const ntru_param_set_t *params; header_len = 2 + NTRU_OID_LEN; diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.h b/src/libstrongswan/plugins/ntru/ntru_public_key.h index baa8eabcd..4f098f28c 100644 --- a/src/libstrongswan/plugins/ntru/ntru_public_key.h +++ b/src/libstrongswan/plugins/ntru/ntru_public_key.h @@ -71,7 +71,7 @@ struct ntru_public_key_t { * @param pubkey Coefficients of public key polynomial h */ ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, - ntru_param_set_t *params, + const ntru_param_set_t *params, uint16_t *pubkey); /** diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c index 57b3532ef..0bbbcc178 100644 --- a/src/libstrongswan/plugins/ntru/ntru_trits.c +++ b/src/libstrongswan/plugins/ntru/ntru_trits.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Andreas Steffen + * Copyright (C) 2013-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,7 +16,7 @@ #include "ntru_trits.h" #include "ntru_convert.h" -#include +#include #include #include @@ -67,14 +67,15 @@ METHOD(ntru_trits_t, destroy, void, /* * Described in header. */ -ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed) +ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg, + chunk_t seed) { private_ntru_trits_t *this; uint8_t octet, buf[5], *trits; size_t trits_needed; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; - bitspender = mgf1_bitspender_create(alg, seed, TRUE); + bitspender = xof_bitspender_create(alg, seed, TRUE); if (!bitspender) { return NULL; diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h index 524c51bac..e489aae7a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_trits.h +++ b/src/libstrongswan/plugins/ntru/ntru_trits.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ typedef struct ntru_trits_t ntru_trits_t; #include +#include /** * Implements an array of trinary elements (trits) @@ -52,10 +53,11 @@ struct ntru_trits_t { * Create a trits array from a seed using MGF1 with a base hash function * * @param size size of the trits array - * @param alg hash algorithm to be used by MGF1 + * @param alg MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256) * @param seed seed used by MGF1 to generate trits from */ -ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed); +ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg, + chunk_t seed); #endif /** NTRU_TRITS_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index f453f43b5..dd8a17ed7 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -449,6 +446,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 24fe623eb..22bbf6dc7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -304,7 +304,26 @@ static private_openssl_ec_private_key_t *create_empty(void) return this; } -/** +/* + * See header. + */ +private_key_t *openssl_ec_private_key_create(EVP_PKEY *key) +{ + private_openssl_ec_private_key_t *this; + EC_KEY *ec; + + ec = EVP_PKEY_get1_EC_KEY(key); + EVP_PKEY_free(key); + if (!ec) + { + return NULL; + } + this = create_empty(); + this->ec = ec; + return &this->public.key; +} + +/* * See header. */ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index f56c95aa1..84314f671 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #ifndef OPENSSL_EC_PRIVATE_KEY_H_ #define OPENSSL_EC_PRIVATE_KEY_H_ +#include + #include #include @@ -61,4 +63,12 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, va_list args); +/** + * Wrap an EVP_PKEY object of type EVP_PKEY_EC + * + * @param key EVP_PKEY_EC key object (adopted) + * @return loaded key, NULL on failure + */ +private_key_t *openssl_ec_private_key_create(EVP_PKEY *key); + #endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 6bbe4af95..5ef885b16 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: - this->cipher = EVP_get_cipherbyname("aes-128-gcm"); + this->cipher = EVP_aes_128_gcm(); break; case 24: - this->cipher = EVP_get_cipherbyname("aes-192-gcm"); + this->cipher = EVP_aes_192_gcm(); break; case 32: - this->cipher = EVP_get_cipherbyname("aes-256-gcm"); + this->cipher = EVP_aes_256_gcm(); break; default: free(this); diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c index 705e96c69..bbd400cac 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c @@ -23,10 +23,6 @@ #include #include -#ifdef OPENSSL_IS_BORINGSSL -#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) -#endif - typedef struct private_pkcs12_t private_pkcs12_t; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 3e3b986df..ab73d718f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2013 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -269,6 +269,53 @@ static bool seed_rng() return TRUE; } +/** + * Generic key loader + */ +static private_key_t *openssl_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + EVP_PKEY *key; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (blob.ptr) + { + key = d2i_AutoPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (key) + { + switch (EVP_PKEY_base_id(key)) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + return openssl_rsa_private_key_create(key); +#endif +#ifndef OPENSSL_NO_ECDSA + case EVP_PKEY_EC: + return openssl_ec_private_key_create(key); +#endif + default: + EVP_PKEY_free(key); + break; + } + } + } + return NULL; +} + METHOD(plugin_t, get_name, char*, private_openssl_plugin_t *this) { @@ -438,16 +485,16 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), #endif #ifndef OPENSSL_NO_SHA256 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), #endif #ifndef OPENSSL_NO_SHA512 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), #endif #ifndef OPENSSL_NO_MD5 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), @@ -504,6 +551,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), #endif #endif /* OPENSSL_NO_ECDSA */ + /* generic key loader */ + PLUGIN_REGISTER(PRIVKEY, openssl_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), PLUGIN_REGISTER(RNG, openssl_rng_create), PLUGIN_PROVIDE(RNG, RNG_STRONG), PLUGIN_PROVIDE(RNG, RNG_WEAK), diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 485e0bbc7..54ecf2542 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return build_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return build_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return build_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); default: @@ -327,7 +327,7 @@ static private_openssl_rsa_private_key_t *create_empty() return this; } -/** +/* * See header. */ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, @@ -383,7 +383,26 @@ error: return NULL; } -/** +/* + * See header + */ +private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key) +{ + private_openssl_rsa_private_key_t *this; + RSA *rsa; + + rsa = EVP_PKEY_get1_RSA(key); + EVP_PKEY_free(key); + if (!rsa) + { + return NULL; + } + this = create_empty(); + this->rsa = rsa; + return &this->public.key; +} + +/* * See header */ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, @@ -528,7 +547,7 @@ static bool login(ENGINE *engine, chunk_t keyid) } #endif /* OPENSSL_NO_ENGINE */ -/** +/* * See header. */ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 60889d651..34ce4c776 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #ifndef OPENSSL_RSA_PRIVATE_KEY_H_ #define OPENSSL_RSA_PRIVATE_KEY_H_ +#include + #include #include @@ -61,6 +63,14 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, va_list args); +/** + * Wrap an EVP_PKEY object of type EVP_PKEY_RSA + * + * @param key EVP_PKEY_RSA key object (adopted) + * @return loaded key, NULL on failure + */ +private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key); + /** * Connect to a RSA private key on a smartcard. * diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index d66d5016e..d3a644f72 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, NID_md5, data, signature); default: diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index f4186e8c4..7c5c367f7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -135,6 +135,13 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj); */ time_t openssl_asn1_to_time(ASN1_TIME *time); +/** + * Compatibility macros + */ +#ifdef OPENSSL_IS_BORINGSSL +#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) +#endif + /** * Macros to define fallback getters/setters to access keys (BIGNUM*) for types * that were made opaque with OpenSSL 1.1.0. diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index e1cf497c8..abca5f79b 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 107ade09b..30040da39 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -16,7 +16,6 @@ #include #include -#include #include "padlock_sha1_hasher.h" @@ -66,11 +65,11 @@ static void sha1(chunk_t data, uint32_t *digest) padlock_sha1(data.len, data.ptr, (u_char*)hash); - digest[0] = bswap_32(hash[0]); - digest[1] = bswap_32(hash[1]); - digest[2] = bswap_32(hash[2]); - digest[3] = bswap_32(hash[3]); - digest[4] = bswap_32(hash[4]); + digest[0] = __builtin_bswap32(hash[0]); + digest[1] = __builtin_bswap32(hash[1]); + digest[2] = __builtin_bswap32(hash[2]); + digest[3] = __builtin_bswap32(hash[3]); + digest[4] = __builtin_bswap32(hash[4]); } /** diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 3e6b8d0bb..8cafb9e32 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index e9c85e57f..0bddf9ccf 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index a61eb1ab2..708f5a68c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 767b3acf2..766832d39 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -1,8 +1,8 @@ /* + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2000-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -204,7 +204,6 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) case PRIV_KEY_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1(DBG_ASN, "PKCS#1 private key format is not version 1"); goto end; } break; @@ -248,6 +247,63 @@ end: BUILD_RSA_EXP2, exp2, BUILD_RSA_COEFF, coeff, BUILD_END); } +/** + * Check if the ASN.1 structure looks like an EC private key according to + * RFC 5915. + * + * ECPrivateKey :=: SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + * + * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that + * paramaters MUST be included and publicKey SHOULD be. + */ +static bool is_ec_private_key(chunk_t blob) +{ + chunk_t data; + return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE && + asn1_unwrap(&blob, &data) == ASN1_INTEGER && + asn1_parse_integer_uint64(data) == 1 && + asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING && + asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 && + asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1; +} + +/** + * Check if the ASN.1 structure looks like a BLISS private key. + */ +static bool is_bliss_private_key(chunk_t blob) +{ + chunk_t data; + return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE && + asn1_unwrap(&blob, &data) == ASN1_OID && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING; +} + +/** + * Load a private key from an ASN.1 encoded blob trying to detect the type + * automatically. + */ +static private_key_t *parse_private_key(chunk_t blob) +{ + if (is_ec_private_key(blob)) + { + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); + } + else if (is_bliss_private_key(blob)) + { + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); + } + return parse_rsa_private_key(blob); +} + /** * See header. */ @@ -301,6 +357,14 @@ private_key_t *pkcs1_private_key_load(key_type_t type, va_list args) } break; } - return parse_rsa_private_key(blob); + switch (type) + { + case KEY_ANY: + return parse_private_key(blob); + case KEY_RSA: + return parse_rsa_private_key(blob); + default: + return NULL; + } } diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index eb0903d47..ec1bdf565 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -42,6 +42,10 @@ METHOD(plugin_t, get_features, int, private_pkcs1_plugin_t *this, plugin_feature_t *features[]) { static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_SDEPEND(PRIVKEY, KEY_RSA), + PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA), PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE), PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE), diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 61919e3dd..6c10c0812 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index aec4550ce..1d1016911 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2015 Tobias Brunner + * Copyright (C) 2011-2016 Tobias Brunner * Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi @@ -15,6 +15,27 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ +/* + * Copyright (C) 2016 EDF S.A. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ #include "pkcs11_private_key.h" @@ -112,13 +133,13 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme, } mappings[] = { {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_256, {CKM_SHA256_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_384, {CKM_SHA384_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_512, {CKM_SHA512_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, @@ -495,6 +516,120 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot, return found; } +/** + * Find the PKCS#11 lib and CKA_ID of the certificate object of a given + * subjectKeyIdentifier and optional slot + */ +static pkcs11_library_t* find_lib_and_keyid_by_skid(chunk_t keyid_chunk, + chunk_t *ckaid, int *slot) +{ + CK_OBJECT_CLASS class = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE type = CKC_X_509; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, + }; + CK_ATTRIBUTE attr[] = { + {CKA_VALUE, NULL, 0}, + {CKA_ID, NULL, 0}, + }; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_RV rv; + pkcs11_manager_t *manager; + enumerator_t *enumerator, *certs; + identification_t *keyid; + pkcs11_library_t *p11, *found = NULL; + CK_SLOT_ID current; + linked_list_t *raw; + certificate_t *cert; + struct { + chunk_t value; + chunk_t ckaid; + } *entry; + + manager = lib->get(lib, "pkcs11-manager"); + if (!manager) + { + return NULL; + } + + keyid = identification_create_from_encoding(ID_KEY_ID, keyid_chunk); + /* store result in a temporary list, avoid recursive operation */ + raw = linked_list_create(); + + enumerator = manager->create_token_enumerator(manager); + while (enumerator->enumerate(enumerator, &p11, ¤t)) + { + if (*slot != -1 && *slot != current) + { + continue; + } + rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", + ck_rv_names, rv); + continue; + } + certs = p11->create_object_enumerator(p11, session, tmpl, countof(tmpl), + attr, countof(attr)); + while (certs->enumerate(certs, &object)) + { + INIT(entry, + .value = chunk_clone( + chunk_create(attr[0].pValue, attr[0].ulValueLen)), + .ckaid = chunk_clone( + chunk_create(attr[1].pValue, attr[1].ulValueLen)), + ); + raw->insert_last(raw, entry); + } + certs->destroy(certs); + + while (raw->remove_first(raw, (void**)&entry) == SUCCESS) + { + if (!found) + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_X509, BUILD_BLOB_ASN1_DER, + entry->value, BUILD_END); + if (cert) + { + if (cert->has_subject(cert, keyid)) + { + DBG1(DBG_CFG, "found cert with keyid '%#B' on PKCS#11 " + "token '%s':%d", &keyid_chunk, p11->get_name(p11), + current); + found = p11; + *ckaid = chunk_clone(entry->ckaid); + *slot = current; + } + cert->destroy(cert); + } + else + { + DBG1(DBG_CFG, "parsing cert with CKA_ID '%#B' on PKCS#11 " + "token '%s':%d failed", &entry->ckaid, + p11->get_name(p11), current); + } + } + chunk_free(&entry->value); + chunk_free(&entry->ckaid); + free(entry); + } + p11->f->C_CloseSession(session); + if (found) + { + break; + } + } + enumerator->destroy(enumerator); + keyid->destroy(keyid); + raw->destroy(raw); + return found; +} + /** * Find the key on the token */ @@ -645,7 +780,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) { private_pkcs11_private_key_t *this; char *module = NULL; - chunk_t keyid = chunk_empty; + chunk_t keyid = chunk_empty, ckaid = chunk_empty; int slot = -1; CK_RV rv; @@ -712,6 +847,10 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) this->lib = find_lib_by_keyid(keyid, &slot, CKO_CERTIFICATE); } if (!this->lib) + { + this->lib = find_lib_and_keyid_by_skid(keyid, &ckaid, &slot); + } + if (!this->lib) { DBG1(DBG_CFG, "no PKCS#11 module found having a keyid %#B", &keyid); free(this); @@ -738,8 +877,17 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) return NULL; } + if (ckaid.ptr) + { + DBG1(DBG_CFG, "using CKA_ID '%#B' for key with keyid '%#B'", + &ckaid, &keyid); + keyid = ckaid; + } + if (!find_key(this, keyid)) { + DBG1(DBG_CFG, "did not find the key with %s '%#B'", + ckaid.ptr ? "CKA_ID" : "keyid", &keyid); destroy(this); return NULL; } @@ -751,11 +899,11 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) if (!this->pubkey) { DBG1(DBG_CFG, "no public key or certificate found for private key " - "on '%s':%d", module, slot); + "(%s '%#B') on '%s':%d", ckaid.ptr ? "CKA_ID" : "keyid", + &keyid, module, slot); destroy(this); return NULL; } } - return &this->public; } diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 02b7d2902..7e81b05bc 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 5a758aa14..cbd1996f4 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -443,6 +440,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 92f751a61..3d27d61f1 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 4c92c412c..39d86c82a 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -30,6 +30,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM, "SIGNER", "HASHER", "PRF", + "XOF", "DH", "RNG", "NONCE_GEN", @@ -87,6 +88,9 @@ uint32_t plugin_feature_hash(plugin_feature_t *feature) case FEATURE_PRF: data = chunk_from_thing(feature->arg.prf); break; + case FEATURE_XOF: + data = chunk_from_thing(feature->arg.xof); + break; case FEATURE_DH: data = chunk_from_thing(feature->arg.dh_group); break; @@ -160,6 +164,8 @@ bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b) return a->arg.hasher == b->arg.hasher; case FEATURE_PRF: return a->arg.prf == b->arg.prf; + case FEATURE_XOF: + return a->arg.xof == b->arg.xof; case FEATURE_DH: return a->arg.dh_group == b->arg.dh_group; case FEATURE_RNG: @@ -218,6 +224,7 @@ bool plugin_feature_equals(plugin_feature_t *a, plugin_feature_t *b) case FEATURE_SIGNER: case FEATURE_HASHER: case FEATURE_PRF: + case FEATURE_XOF: case FEATURE_DH: case FEATURE_NONCE_GEN: case FEATURE_RESOLVER: @@ -305,6 +312,13 @@ char* plugin_feature_get_string(plugin_feature_t *feature) return str; } break; + case FEATURE_XOF: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + ext_out_function_names, feature->arg.xof) > 0) + { + return str; + } + break; case FEATURE_DH: if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, diffie_hellman_group_names, feature->arg.dh_group) > 0) @@ -465,6 +479,10 @@ bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature, lib->crypto->add_prf(lib->crypto, feature->arg.prf, name, reg->arg.reg.f); break; + case FEATURE_XOF: + lib->crypto->add_xof(lib->crypto, feature->arg.xof, + name, reg->arg.reg.f); + break; case FEATURE_DH: lib->crypto->add_dh(lib->crypto, feature->arg.dh_group, name, reg->arg.reg.f); @@ -552,6 +570,9 @@ bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature, case FEATURE_PRF: lib->crypto->remove_prf(lib->crypto, reg->arg.reg.f); break; + case FEATURE_XOF: + lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f); + break; case FEATURE_DH: lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f); break; diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h index ee7808a94..8cc6277eb 100644 --- a/src/libstrongswan/plugins/plugin_feature.h +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -110,6 +110,8 @@ struct plugin_feature_t { FEATURE_HASHER, /** prf_t */ FEATURE_PRF, + /** xof_t */ + FEATURE_XOF, /** diffie_hellman_t */ FEATURE_DH, /** rng_t */ @@ -171,6 +173,8 @@ struct plugin_feature_t { integrity_algorithm_t signer; /** FEATURE_PRF */ pseudo_random_function_t prf; + /** FEATURE_XOFF */ + ext_out_function_t xof; /** FEATURE_HASHER */ hash_algorithm_t hasher; /** FEATURE_DH */ @@ -278,6 +282,7 @@ struct plugin_feature_t { #define _PLUGIN_FEATURE_SIGNER(kind, alg) __PLUGIN_FEATURE(kind, SIGNER, .signer = alg) #define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg) #define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg) +#define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg) #define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group) #define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality) #define _PLUGIN_FEATURE_NONCE_GEN(kind, ...) __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL) @@ -310,6 +315,7 @@ struct plugin_feature_t { #define _PLUGIN_FEATURE_REGISTER_SIGNER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) #define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f) __PLUGIN_FEATURE_REGISTER(type, f) diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index c5decc3a4..40fd6264d 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index b78e62732..edd8edaf3 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index 51f6a17a7..0fd1ad902 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index ff853b691..88bc0af77 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index e6ce51936..4ec73eff5 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index fdcb9902b..f2e3cdd83 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -403,6 +403,26 @@ static bool verify_crl(certificate_t *crl) return verified; } +/** + * Report the given CRL's validity and cache it if valid and requested + */ +static bool is_crl_valid(certificate_t *crl, bool cache) +{ + time_t valid_until; + + if (crl->get_validity(crl, NULL, NULL, &valid_until)) + { + DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE); + if (cache) + { + lib->credmgr->cache_cert(lib->credmgr, crl); + } + return TRUE; + } + DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE); + return FALSE; +} + /** * Get the better of two CRLs, and check for usable CRL info */ @@ -411,7 +431,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, bool cache, crl_t *base) { enumerator_t *enumerator; - time_t revocation, valid_until; + time_t revocation; crl_reason_t reason; chunk_t serial; crl_t *crl = (crl_t*)cand; @@ -447,8 +467,6 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, { if (chunk_equals(serial, subject->get_serial(subject))) { - DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", - &revocation, TRUE, crl_reason_names, reason); if (reason != CRL_REASON_CERTIFICATE_HOLD) { *valid = VALIDATION_REVOKED; @@ -458,6 +476,9 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* if the cert is on hold, a newer CRL might not contain it */ *valid = VALIDATION_ON_HOLD; } + is_crl_valid(cand, cache); + DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", + &revocation, TRUE, crl_reason_names, reason); enumerator->destroy(enumerator); DESTROY_IF(best); return cand; @@ -470,18 +491,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, { DESTROY_IF(best); best = cand; - if (best->get_validity(best, NULL, NULL, &valid_until)) + if (is_crl_valid(best, cache)) { - DBG1(DBG_CFG, " crl is valid: until %T", &valid_until, FALSE); *valid = VALIDATION_GOOD; - if (cache) - { /* we cache non-stale crls only, as a stale crls are refetched */ - lib->credmgr->cache_cert(lib->credmgr, best); - } } else { - DBG1(DBG_CFG, " crl is stale: since %T", &valid_until, FALSE); *valid = VALIDATION_STALE; } } diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 14d3430a6..1933aa0c0 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index de341503b..3fbb08157 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sha3/Makefile.am b/src/libstrongswan/plugins/sha3/Makefile.am index 7ccf58ce6..a776b1de0 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.am +++ b/src/libstrongswan/plugins/sha3/Makefile.am @@ -11,6 +11,9 @@ plugin_LTLIBRARIES = libstrongswan-sha3.la endif libstrongswan_sha3_la_SOURCES = \ - sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h + sha3_plugin.h sha3_plugin.c \ + sha3_hasher.c sha3_hasher.h \ + sha3_shake.h sha3_shake.c \ + sha3_keccak.h sha3_keccak.c libstrongswan_sha3_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 0d29fcb4b..9e237a933 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -137,7 +137,8 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_sha3_la_LIBADD = -am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo +am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo \ + sha3_shake.lo sha3_keccak.lo libstrongswan_sha3_la_OBJECTS = $(am_libstrongswan_sha3_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -350,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -451,7 +451,10 @@ AM_CFLAGS = \ @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha3.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha3.la libstrongswan_sha3_la_SOURCES = \ - sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h + sha3_plugin.h sha3_plugin.c \ + sha3_hasher.c sha3_hasher.h \ + sha3_shake.h sha3_shake.c \ + sha3_keccak.h sha3_keccak.c libstrongswan_sha3_la_LDFLAGS = -module -avoid-version all: all-am @@ -544,7 +547,9 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_hasher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_keccak.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_shake.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.c b/src/libstrongswan/plugins/sha3/sha3_hasher.c index b34a02594..0fbcbb8dc 100644 --- a/src/libstrongswan/plugins/sha3/sha3_hasher.c +++ b/src/libstrongswan/plugins/sha3/sha3_hasher.c @@ -1,53 +1,25 @@ /* - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * - * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely, - * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and - * Ronny Van Keer, hereby denoted as "the implementer". + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . * - * To the extent possible under law, the implementer has waived all copyright - * and related or neighboring rights to the source code in this file. - * http://creativecommons.org/publicdomain/zero/1.0/ + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. */ #include #include "sha3_hasher.h" +#include "sha3_keccak.h" typedef struct private_sha3_hasher_t private_sha3_hasher_t; -#define KECCAK_STATE_SIZE 200 /* bytes */ -#define KECCAK_MAX_RATE 144 /* bytes */ -#define DELIMITED_SUFFIX 0x06 - -static const uint64_t round_constants[] = { - 0x0000000000000001ULL, - 0x0000000000008082ULL, - 0x800000000000808aULL, - 0x8000000080008000ULL, - 0x000000000000808bULL, - 0x0000000080000001ULL, - 0x8000000080008081ULL, - 0x8000000000008009ULL, - 0x000000000000008aULL, - 0x0000000000000088ULL, - 0x0000000080008009ULL, - 0x000000008000000aULL, - 0x000000008000808bULL, - 0x800000000000008bULL, - 0x8000000000008089ULL, - 0x8000000000008003ULL, - 0x8000000000008002ULL, - 0x8000000000000080ULL, - 0x000000000000800aULL, - 0x800000008000000aULL, - 0x8000000080008081ULL, - 0x8000000000008080ULL, - 0x0000000080000001ULL, - 0x8000000080008008ULL -}; - /** * Private data structure with hashing context for SHA-3 */ @@ -64,309 +36,16 @@ struct private_sha3_hasher_t { hash_algorithm_t algorithm; /** - * Internal state of 1600 bits as defined by FIPS-202 - */ - uint8_t state[KECCAK_STATE_SIZE]; - - /** - * Rate in bytes + * SHA-3 Keccak state */ - u_int rate; - - /** - * Rate input buffer - */ - uint8_t rate_buffer[KECCAK_MAX_RATE]; - - /** - * Index pointing to the current position in the rate buffer - */ - u_int rate_index; + sha3_keccak_t *keccak; }; -#if BYTE_ORDER != LITTLE_ENDIAN -/** - * Function to load a 64-bit value using the little-endian (LE) convention. - * On a LE platform, this could be greatly simplified using a cast. - */ -static uint64_t load64(const uint8_t *x) -{ - int i; - uint64_t u = 0; - - for (i = 7; i >= 0; --i) - { - u <<= 8; - u |= x[i]; - } - return u; -} - -/** - * Function to store a 64-bit value using the little-endian (LE) convention. - * On a LE platform, this could be greatly simplified using a cast. - */ -static void store64(uint8_t *x, uint64_t u) -{ - u_int i; - - for (i = 0; i < 8; ++i) - { - x[i] = u; - u >>= 8; - } -} - -/** - * Function to XOR into a 64-bit value using the little-endian (LE) convention. - * On a LE platform, this could be greatly simplified using a cast. - */ -static void xor64(uint8_t *x, uint64_t u) -{ - u_int i; - - for (i = 0; i < 8; ++i) - { - x[i] ^= u; - u >>= 8; - } -} -#endif - -/** - * Some macros used by the Keccak-f[1600] permutation. - */ -#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset))) - -#if BYTE_ORDER == LITTLE_ENDIAN - #define readLane(i) (((uint64_t*)state)[i]) - #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane) - #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane) -#elif BYTE_ORDER == BIG_ENDIAN - #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i)) - #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane) - #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane) -#endif - -/** - * Function that computes the Keccak-f[1600] permutation on the given state. - */ -static void keccak_f1600_state_permute(void *state) -{ - int round; - - for (round = 0; round < 24; round++) - { - { /* θ step (see [Keccak Reference, Section 2.3.2]) */ - - uint64_t C[5], D; - - /* Compute the parity of the columns */ - C[0] = readLane(0) ^ readLane( 5) ^ readLane(10) - ^ readLane(15) ^ readLane(20); - C[1] = readLane(1) ^ readLane( 6) ^ readLane(11) - ^ readLane(16) ^ readLane(21); - C[2] = readLane(2) ^ readLane( 7) ^ readLane(12) - ^ readLane(17) ^ readLane(22); - C[3] = readLane(3) ^ readLane( 8) ^ readLane(13) - ^ readLane(18) ^ readLane(23); - C[4] = readLane(4) ^ readLane( 9) ^ readLane(14) - ^ readLane(19) ^ readLane(24); - - /* Compute and add the θ effect to the whole column */ - D = C[4] ^ ROL64(C[1], 1); - XORLane( 0, D); - XORLane( 5, D); - XORLane(10, D); - XORLane(15, D); - XORLane(20, D); - - D = C[0] ^ ROL64(C[2], 1); - XORLane( 1, D); - XORLane( 6, D); - XORLane(11, D); - XORLane(16, D); - XORLane(21, D); - - D = C[1] ^ ROL64(C[3], 1); - XORLane( 2, D); - XORLane( 7, D); - XORLane(12, D); - XORLane(17, D); - XORLane(22, D); - - D = C[2] ^ ROL64(C[4], 1); - XORLane( 3, D); - XORLane( 8, D); - XORLane(13, D); - XORLane(18, D); - XORLane(23, D); - - D = C[3] ^ ROL64(C[0], 1); - XORLane( 4, D); - XORLane( 9, D); - XORLane(14, D); - XORLane(19, D); - XORLane(24, D); - } - - { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */ - - uint64_t t1, t2; - - t1 = readLane( 1); - - t2 = readLane(10); - writeLane(10, ROL64(t1, 1)); - - t1 = readLane( 7); - writeLane( 7, ROL64(t2, 3)); - - t2 = readLane(11); - writeLane(11, ROL64(t1, 6)); - - t1 = readLane(17); - writeLane(17, ROL64(t2, 10)); - - t2 = readLane(18); - writeLane(18, ROL64(t1, 15)); - - t1 = readLane( 3); - writeLane( 3, ROL64(t2, 21)); - - t2 = readLane( 5); - writeLane( 5, ROL64(t1, 28)); - - t1 = readLane(16); - writeLane(16, ROL64(t2, 36)); - - t2 = readLane( 8); - writeLane( 8, ROL64(t1, 45)); - - t1 = readLane(21); - writeLane(21, ROL64(t2, 55)); - - t2 = readLane(24); - writeLane(24, ROL64(t1, 2)); - - t1 = readLane( 4); - writeLane( 4, ROL64(t2, 14)); - - t2 = readLane(15); - writeLane(15, ROL64(t1, 27)); - - t1 = readLane(23); - writeLane(23, ROL64(t2, 41)); - - t2 = readLane(19); - writeLane(19, ROL64(t1, 56)); - - t1 = readLane(13); - writeLane(13, ROL64(t2, 8)); - - t2 = readLane(12); - writeLane(12, ROL64(t1, 25)); - - t1 = readLane( 2); - writeLane( 2, ROL64(t2, 43)); - - t2 = readLane(20); - writeLane(20, ROL64(t1, 62)); - - t1 = readLane(14); - writeLane(14, ROL64(t2, 18)); - - t2 = readLane(22); - writeLane(22, ROL64(t1, 39)); - - t1 = readLane( 9); - writeLane( 9, ROL64(t2, 61)); - - t2 = readLane( 6); - writeLane( 6, ROL64(t1, 20)); - - writeLane( 1, ROL64(t2, 44)); - } - - { /* χ step (see [Keccak Reference, Section 2.3.1]) */ - - uint64_t t[5]; - - t[0] = readLane(0); - t[1] = readLane(1); - t[2] = readLane(2); - t[3] = readLane(3); - t[4] = readLane(4); - - writeLane(0, t[0] ^ ((~t[1]) & t[2])); - writeLane(1, t[1] ^ ((~t[2]) & t[3])); - writeLane(2, t[2] ^ ((~t[3]) & t[4])); - writeLane(3, t[3] ^ ((~t[4]) & t[0])); - writeLane(4, t[4] ^ ((~t[0]) & t[1])); - - t[0] = readLane(5); - t[1] = readLane(6); - t[2] = readLane(7); - t[3] = readLane(8); - t[4] = readLane(9); - - writeLane(5, t[0] ^ ((~t[1]) & t[2])); - writeLane(6, t[1] ^ ((~t[2]) & t[3])); - writeLane(7, t[2] ^ ((~t[3]) & t[4])); - writeLane(8, t[3] ^ ((~t[4]) & t[0])); - writeLane(9, t[4] ^ ((~t[0]) & t[1])); - - t[0] = readLane(10); - t[1] = readLane(11); - t[2] = readLane(12); - t[3] = readLane(13); - t[4] = readLane(14); - - writeLane(10, t[0] ^ ((~t[1]) & t[2])); - writeLane(11, t[1] ^ ((~t[2]) & t[3])); - writeLane(12, t[2] ^ ((~t[3]) & t[4])); - writeLane(13, t[3] ^ ((~t[4]) & t[0])); - writeLane(14, t[4] ^ ((~t[0]) & t[1])); - - t[0] = readLane(15); - t[1] = readLane(16); - t[2] = readLane(17); - t[3] = readLane(18); - t[4] = readLane(19); - - writeLane(15, t[0] ^ ((~t[1]) & t[2])); - writeLane(16, t[1] ^ ((~t[2]) & t[3])); - writeLane(17, t[2] ^ ((~t[3]) & t[4])); - writeLane(18, t[3] ^ ((~t[4]) & t[0])); - writeLane(19, t[4] ^ ((~t[0]) & t[1])); - - t[0] = readLane(20); - t[1] = readLane(21); - t[2] = readLane(22); - t[3] = readLane(23); - t[4] = readLane(24); - - writeLane(20, t[0] ^ ((~t[1]) & t[2])); - writeLane(21, t[1] ^ ((~t[2]) & t[3])); - writeLane(22, t[2] ^ ((~t[3]) & t[4])); - writeLane(23, t[3] ^ ((~t[4]) & t[0])); - writeLane(24, t[4] ^ ((~t[0]) & t[1])); - } - - { /* ι step (see [Keccak Reference, Section 2.3.5]) */ - - XORLane(0, round_constants[round]); - } - } -} - METHOD(hasher_t, reset, bool, private_sha3_hasher_t *this) { - memset(this->state, 0x00, KECCAK_STATE_SIZE); - this->rate_index = 0; - + this->keccak->reset(this->keccak); return TRUE; } @@ -388,79 +67,17 @@ METHOD(hasher_t, get_hash_size, size_t, } } -static void sha3_absorb(private_sha3_hasher_t *this, chunk_t data) -{ - uint64_t *buffer_lanes, *state_lanes; - size_t len, rate_lanes; - int i; - - buffer_lanes = (uint64_t*)this->rate_buffer; - state_lanes = (uint64_t*)this->state; - rate_lanes = this->rate / sizeof(uint64_t); - - while (data.len) - { - len = min(data.len, this->rate - this->rate_index); - memcpy(this->rate_buffer + this->rate_index, data.ptr, len); - this->rate_index += len; - data.ptr += len; - data.len -= len; - - if (this->rate_index == this->rate) - { - for (i = 0; i < rate_lanes; i++) - { - state_lanes[i] ^= buffer_lanes[i]; - } - this->rate_index = 0; - - keccak_f1600_state_permute(this->state); - } - } -} - -static void sha3_final(private_sha3_hasher_t *this) -{ - uint64_t *buffer_lanes, *state_lanes; - size_t rate_lanes, remainder; - int i; - - /* Add the delimitedSuffix as the first bit of padding */ - this->rate_buffer[this->rate_index++] = DELIMITED_SUFFIX; - - buffer_lanes = (uint64_t*)this->rate_buffer; - state_lanes = (uint64_t*)this->state; - rate_lanes = this->rate_index / sizeof(uint64_t); - - remainder = this->rate_index - rate_lanes * sizeof(uint64_t); - if (remainder) - { - memset(this->rate_buffer + this->rate_index, 0x00, - sizeof(uint64_t) - remainder); - rate_lanes++; - } - for (i = 0; i < rate_lanes; i++) - { - state_lanes[i] ^= buffer_lanes[i]; - } - - /* Add the second bit of padding */ - this->state[this->rate - 1] ^= 0x80; - - /* Switch to the squeezing phase */ - keccak_f1600_state_permute(this->state); -} METHOD(hasher_t, get_hash, bool, private_sha3_hasher_t *this, chunk_t chunk, uint8_t *buffer) { - sha3_absorb(this, chunk); + this->keccak->absorb(this->keccak, chunk); if (buffer != NULL) { - sha3_final(this); - memcpy(buffer, this->state, get_hash_size(this)); - reset(this); + this->keccak->finalize(this->keccak); + this->keccak->squeeze(this->keccak, get_hash_size(this), buffer); + this->keccak->reset(this->keccak); } return TRUE; } @@ -470,22 +87,24 @@ METHOD(hasher_t, allocate_hash, bool, { chunk_t allocated_hash; - sha3_absorb(this, chunk); + this->keccak->absorb(this->keccak, chunk); if (hash != NULL) { - sha3_final(this); + this->keccak->finalize(this->keccak); allocated_hash = chunk_alloc(get_hash_size(this)); - memcpy(allocated_hash.ptr, this->state, allocated_hash.len); - reset(this); + this->keccak->squeeze(this->keccak, allocated_hash.len, + allocated_hash.ptr); + this->keccak->reset(this->keccak); *hash = allocated_hash; } return TRUE; } METHOD(hasher_t, destroy, void, - sha3_hasher_t *this) + private_sha3_hasher_t *this) { + this->keccak->destroy(this->keccak); free(this); } @@ -510,18 +129,22 @@ sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm) INIT(this, .public = { .hasher_interface = { - .reset = _reset, - .get_hash_size = _get_hash_size, - .get_hash = _get_hash, - .allocate_hash = _allocate_hash, - .destroy = _destroy, + .reset = _reset, + .get_hash_size = _get_hash_size, + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .destroy = _destroy, }, }, .algorithm = algorithm, ); - this->rate = KECCAK_STATE_SIZE - 2*get_hash_size(this); - reset(this); + this->keccak = sha3_keccak_create(2*get_hash_size(this), 0x06); + if (!this->keccak) + { + free(this); + return NULL; + } return &this->public; } diff --git a/src/libstrongswan/plugins/sha3/sha3_keccak.c b/src/libstrongswan/plugins/sha3/sha3_keccak.c new file mode 100644 index 000000000..1be1db160 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_keccak.c @@ -0,0 +1,498 @@ +/* + * Copyright (C) 2015-2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely, + * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and + * Ronny Van Keer, hereby denoted as "the implementer". + * + * To the extent possible under law, the implementer has waived all copyright + * and related or neighboring rights to the source code in this file. + * http://creativecommons.org/publicdomain/zero/1.0/ + */ + +#include + +#include "sha3_keccak.h" + +typedef struct private_sha3_keccak_t private_sha3_keccak_t; + +#define KECCAK_STATE_SIZE 200 /* bytes */ +#define KECCAK_MAX_RATE 168 /* bytes */ + +static const uint64_t round_constants[] = { + 0x0000000000000001ULL, + 0x0000000000008082ULL, + 0x800000000000808aULL, + 0x8000000080008000ULL, + 0x000000000000808bULL, + 0x0000000080000001ULL, + 0x8000000080008081ULL, + 0x8000000000008009ULL, + 0x000000000000008aULL, + 0x0000000000000088ULL, + 0x0000000080008009ULL, + 0x000000008000000aULL, + 0x000000008000808bULL, + 0x800000000000008bULL, + 0x8000000000008089ULL, + 0x8000000000008003ULL, + 0x8000000000008002ULL, + 0x8000000000000080ULL, + 0x000000000000800aULL, + 0x800000008000000aULL, + 0x8000000080008081ULL, + 0x8000000000008080ULL, + 0x0000000080000001ULL, + 0x8000000080008008ULL +}; + +/** + * Private data structure with hashing context for SHA-3 + */ +struct private_sha3_keccak_t { + + /** + * Public interface for this hasher. + */ + sha3_keccak_t public; + + /** + * Internal state of 1600 bits as defined by FIPS-202 + */ + uint8_t state[KECCAK_STATE_SIZE]; + + /** + * Rate in bytes + */ + u_int rate; + + /** + * Rate input buffer + */ + uint8_t rate_buffer[KECCAK_MAX_RATE]; + + /** + * Index pointing to the current position in the rate buffer + */ + u_int rate_index; + + /** + * Suffix delimiting the input message + */ + uint8_t delimited_suffix; + +}; + +#if BYTE_ORDER != LITTLE_ENDIAN +/** + * Function to load a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static uint64_t load64(const uint8_t *x) +{ + int i; + uint64_t u = 0; + + for (i = 7; i >= 0; --i) + { + u <<= 8; + u |= x[i]; + } + return u; +} + +/** + * Function to store a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static void store64(uint8_t *x, uint64_t u) +{ + u_int i; + + for (i = 0; i < 8; ++i) + { + x[i] = u; + u >>= 8; + } +} + +/** + * Function to XOR into a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static void xor64(uint8_t *x, uint64_t u) +{ + u_int i; + + for (i = 0; i < 8; ++i) + { + x[i] ^= u; + u >>= 8; + } +} +#endif + +/** + * Some macros used by the Keccak-f[1600] permutation. + */ +#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset))) + +#if BYTE_ORDER == LITTLE_ENDIAN + #define readLane(i) (((uint64_t*)state)[i]) + #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane) + #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane) +#elif BYTE_ORDER == BIG_ENDIAN + #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i)) + #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane) + #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane) +#endif + +/** + * Function that computes the Keccak-f[1600] permutation on the given state. + */ +static void keccak_f1600_state_permute(void *state) +{ + int round; + + for (round = 0; round < 24; round++) + { + { /* θ step (see [Keccak Reference, Section 2.3.2]) */ + + uint64_t C[5], D; + + /* Compute the parity of the columns */ + C[0] = readLane(0) ^ readLane( 5) ^ readLane(10) + ^ readLane(15) ^ readLane(20); + C[1] = readLane(1) ^ readLane( 6) ^ readLane(11) + ^ readLane(16) ^ readLane(21); + C[2] = readLane(2) ^ readLane( 7) ^ readLane(12) + ^ readLane(17) ^ readLane(22); + C[3] = readLane(3) ^ readLane( 8) ^ readLane(13) + ^ readLane(18) ^ readLane(23); + C[4] = readLane(4) ^ readLane( 9) ^ readLane(14) + ^ readLane(19) ^ readLane(24); + + /* Compute and add the θ effect to the whole column */ + D = C[4] ^ ROL64(C[1], 1); + XORLane( 0, D); + XORLane( 5, D); + XORLane(10, D); + XORLane(15, D); + XORLane(20, D); + + D = C[0] ^ ROL64(C[2], 1); + XORLane( 1, D); + XORLane( 6, D); + XORLane(11, D); + XORLane(16, D); + XORLane(21, D); + + D = C[1] ^ ROL64(C[3], 1); + XORLane( 2, D); + XORLane( 7, D); + XORLane(12, D); + XORLane(17, D); + XORLane(22, D); + + D = C[2] ^ ROL64(C[4], 1); + XORLane( 3, D); + XORLane( 8, D); + XORLane(13, D); + XORLane(18, D); + XORLane(23, D); + + D = C[3] ^ ROL64(C[0], 1); + XORLane( 4, D); + XORLane( 9, D); + XORLane(14, D); + XORLane(19, D); + XORLane(24, D); + } + + { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */ + + uint64_t t1, t2; + + t1 = readLane( 1); + + t2 = readLane(10); + writeLane(10, ROL64(t1, 1)); + + t1 = readLane( 7); + writeLane( 7, ROL64(t2, 3)); + + t2 = readLane(11); + writeLane(11, ROL64(t1, 6)); + + t1 = readLane(17); + writeLane(17, ROL64(t2, 10)); + + t2 = readLane(18); + writeLane(18, ROL64(t1, 15)); + + t1 = readLane( 3); + writeLane( 3, ROL64(t2, 21)); + + t2 = readLane( 5); + writeLane( 5, ROL64(t1, 28)); + + t1 = readLane(16); + writeLane(16, ROL64(t2, 36)); + + t2 = readLane( 8); + writeLane( 8, ROL64(t1, 45)); + + t1 = readLane(21); + writeLane(21, ROL64(t2, 55)); + + t2 = readLane(24); + writeLane(24, ROL64(t1, 2)); + + t1 = readLane( 4); + writeLane( 4, ROL64(t2, 14)); + + t2 = readLane(15); + writeLane(15, ROL64(t1, 27)); + + t1 = readLane(23); + writeLane(23, ROL64(t2, 41)); + + t2 = readLane(19); + writeLane(19, ROL64(t1, 56)); + + t1 = readLane(13); + writeLane(13, ROL64(t2, 8)); + + t2 = readLane(12); + writeLane(12, ROL64(t1, 25)); + + t1 = readLane( 2); + writeLane( 2, ROL64(t2, 43)); + + t2 = readLane(20); + writeLane(20, ROL64(t1, 62)); + + t1 = readLane(14); + writeLane(14, ROL64(t2, 18)); + + t2 = readLane(22); + writeLane(22, ROL64(t1, 39)); + + t1 = readLane( 9); + writeLane( 9, ROL64(t2, 61)); + + t2 = readLane( 6); + writeLane( 6, ROL64(t1, 20)); + + writeLane( 1, ROL64(t2, 44)); + } + + { /* χ step (see [Keccak Reference, Section 2.3.1]) */ + + uint64_t t[5]; + + t[0] = readLane(0); + t[1] = readLane(1); + t[2] = readLane(2); + t[3] = readLane(3); + t[4] = readLane(4); + + writeLane(0, t[0] ^ ((~t[1]) & t[2])); + writeLane(1, t[1] ^ ((~t[2]) & t[3])); + writeLane(2, t[2] ^ ((~t[3]) & t[4])); + writeLane(3, t[3] ^ ((~t[4]) & t[0])); + writeLane(4, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(5); + t[1] = readLane(6); + t[2] = readLane(7); + t[3] = readLane(8); + t[4] = readLane(9); + + writeLane(5, t[0] ^ ((~t[1]) & t[2])); + writeLane(6, t[1] ^ ((~t[2]) & t[3])); + writeLane(7, t[2] ^ ((~t[3]) & t[4])); + writeLane(8, t[3] ^ ((~t[4]) & t[0])); + writeLane(9, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(10); + t[1] = readLane(11); + t[2] = readLane(12); + t[3] = readLane(13); + t[4] = readLane(14); + + writeLane(10, t[0] ^ ((~t[1]) & t[2])); + writeLane(11, t[1] ^ ((~t[2]) & t[3])); + writeLane(12, t[2] ^ ((~t[3]) & t[4])); + writeLane(13, t[3] ^ ((~t[4]) & t[0])); + writeLane(14, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(15); + t[1] = readLane(16); + t[2] = readLane(17); + t[3] = readLane(18); + t[4] = readLane(19); + + writeLane(15, t[0] ^ ((~t[1]) & t[2])); + writeLane(16, t[1] ^ ((~t[2]) & t[3])); + writeLane(17, t[2] ^ ((~t[3]) & t[4])); + writeLane(18, t[3] ^ ((~t[4]) & t[0])); + writeLane(19, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(20); + t[1] = readLane(21); + t[2] = readLane(22); + t[3] = readLane(23); + t[4] = readLane(24); + + writeLane(20, t[0] ^ ((~t[1]) & t[2])); + writeLane(21, t[1] ^ ((~t[2]) & t[3])); + writeLane(22, t[2] ^ ((~t[3]) & t[4])); + writeLane(23, t[3] ^ ((~t[4]) & t[0])); + writeLane(24, t[4] ^ ((~t[0]) & t[1])); + } + + { /* ι step (see [Keccak Reference, Section 2.3.5]) */ + + XORLane(0, round_constants[round]); + } + } +} + +METHOD(sha3_keccak_t, get_rate, u_int, + private_sha3_keccak_t *this) +{ + return this->rate; +} + +METHOD(sha3_keccak_t, reset, void, + private_sha3_keccak_t *this) +{ + memset(this->state, 0x00, KECCAK_STATE_SIZE); + this->rate_index = 0; +} + + +METHOD(sha3_keccak_t, absorb, void, + private_sha3_keccak_t *this, chunk_t data) +{ + uint64_t *buffer_lanes, *state_lanes; + size_t len, rate_lanes; + int i; + + buffer_lanes = (uint64_t*)this->rate_buffer; + state_lanes = (uint64_t*)this->state; + rate_lanes = this->rate / sizeof(uint64_t); + + while (data.len) + { + len = min(data.len, this->rate - this->rate_index); + memcpy(this->rate_buffer + this->rate_index, data.ptr, len); + this->rate_index += len; + data.ptr += len; + data.len -= len; + + if (this->rate_index == this->rate) + { + for (i = 0; i < rate_lanes; i++) + { + state_lanes[i] ^= buffer_lanes[i]; + } + this->rate_index = 0; + + keccak_f1600_state_permute(this->state); + } + } +} + +METHOD(sha3_keccak_t, finalize, void, + private_sha3_keccak_t *this) +{ + uint64_t *buffer_lanes, *state_lanes; + size_t rate_lanes, remainder; + int i; + + /* Add the delimitedSuffix as the first bit of padding */ + this->rate_buffer[this->rate_index++] = this->delimited_suffix; + + buffer_lanes = (uint64_t*)this->rate_buffer; + state_lanes = (uint64_t*)this->state; + rate_lanes = this->rate_index / sizeof(uint64_t); + + remainder = this->rate_index - rate_lanes * sizeof(uint64_t); + if (remainder) + { + memset(this->rate_buffer + this->rate_index, 0x00, + sizeof(uint64_t) - remainder); + rate_lanes++; + } + for (i = 0; i < rate_lanes; i++) + { + state_lanes[i] ^= buffer_lanes[i]; + } + + /* Add the second bit of padding */ + this->state[this->rate - 1] ^= 0x80; + + /* Switch to the squeezing phase */ + keccak_f1600_state_permute(this->state); + this->rate_index = 0; +} + +METHOD(sha3_keccak_t, squeeze, void, + private_sha3_keccak_t *this, size_t out_len, uint8_t *out) +{ + size_t index = 0, len; + + while (index < out_len) + { + if (this->rate_index == this->rate) + { + keccak_f1600_state_permute(this->state); + this->rate_index = 0; + } + len = min(out_len - index, this->rate - this->rate_index); + memcpy(out, &this->state[this->rate_index], len); + out += len; + index += len; + this->rate_index += len; + } +} + +METHOD(sha3_keccak_t, destroy, void, + private_sha3_keccak_t *this) +{ + free(this); +} + +/* + * Described in header. + */ +sha3_keccak_t *sha3_keccak_create(u_int capacity, uint8_t delimited_suffix) +{ + private_sha3_keccak_t *this; + int rate; + + rate = KECCAK_STATE_SIZE - capacity; + + if (rate <= 0 || rate > KECCAK_MAX_RATE) + { + return NULL; + } + + INIT(this, + .public = { + .get_rate = _get_rate, + .reset = _reset, + .absorb = _absorb, + .finalize = _finalize, + .squeeze = _squeeze, + .destroy = _destroy, + }, + .rate = rate, + .delimited_suffix = delimited_suffix, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/sha3/sha3_keccak.h b/src/libstrongswan/plugins/sha3/sha3_keccak.h new file mode 100644 index 000000000..eeea9d7fd --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_keccak.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. +n */ + +/** + * @defgroup sha3_keccak sha3_keccak + * @{ @ingroup sha3_p + */ + +#ifndef SHA3_KECCAK_H_ +#define SHA3_KECCAK_H_ + +typedef struct sha3_keccak_t sha3_keccak_t; + +#include + +/** + * Implements the Keccak-f[1600] sponge function as defined by FIPS-202. + */ +struct sha3_keccak_t { + + /** + * Get the available rate in bytes + * + * @return rate in bytes + */ + u_int (*get_rate)(sha3_keccak_t *this); + + /** + * Resets the internal Keccak state + */ + void (*reset)(sha3_keccak_t *this); + + /** + * Absorbs data into the Keccak state + * + * @param data data to be absorbed + */ + void (*absorb)(sha3_keccak_t *this, chunk_t data); + + /** + * Finalize the absorption phase and switch to the squeeze phase + */ + void (*finalize)(sha3_keccak_t *this); + + /** + * Squeeze the Keccak state to get output data + * Can be called multiple times + * + * @param out_len number of output bytes requested + * @param out output buffer, must comprise at least out_len bytes + */ + void (*squeeze)(sha3_keccak_t *this, size_t out_len, uint8_t *out); + + /** + * Destroy the sha3_keccak_t object + */ + void (*destroy)(sha3_keccak_t *this); + +}; + +/** + * Creates a new sha3_keccak_t. + * + * @param capacity required capacity to achieve a given security level + * @param delimited_suffix bits delimiting the input message + * @return sha3_keccak_t object, NULL if capacity too big + */ +sha3_keccak_t *sha3_keccak_create(u_int capacity, uint8_t delimited_suffix); + +#endif /** SHA3_KECCAK_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.c b/src/libstrongswan/plugins/sha3/sha3_plugin.c index 28068f38e..8268e67c3 100644 --- a/src/libstrongswan/plugins/sha3/sha3_plugin.c +++ b/src/libstrongswan/plugins/sha3/sha3_plugin.c @@ -14,9 +14,10 @@ */ #include "sha3_plugin.h" +#include "sha3_hasher.h" +#include "sha3_shake.h" #include -#include "sha3_hasher.h" typedef struct private_sha3_plugin_t private_sha3_plugin_t; @@ -46,6 +47,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(HASHER, HASH_SHA3_256), PLUGIN_PROVIDE(HASHER, HASH_SHA3_384), PLUGIN_PROVIDE(HASHER, HASH_SHA3_512), + PLUGIN_REGISTER(XOF, sha3_shake_create), + PLUGIN_PROVIDE(XOF, XOF_SHAKE_128), + PLUGIN_PROVIDE(XOF, XOF_SHAKE_256), }; *features = f; return countof(f); diff --git a/src/libstrongswan/plugins/sha3/sha3_shake.c b/src/libstrongswan/plugins/sha3/sha3_shake.c new file mode 100644 index 000000000..0f1af39f5 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_shake.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "sha3_shake.h" +#include "sha3_keccak.h" + +typedef struct private_sha3_shake_t private_sha3_shake_t; + + +/** + * Private data structure with hashing context for SHA-3 + */ +struct private_sha3_shake_t { + + /** + * Public interface for this hasher. + */ + sha3_shake_t public; + + /** + * XOF algorithm to be used (XOF_SHAKE_128 or XOF_SHAKE_256) + */ + ext_out_function_t algorithm; + + /** + * SHA-3 Keccak state + */ + sha3_keccak_t *keccak; + + /** + * Capacity in bytes of the SHA-3 Keccak state + */ + u_int capacity; + +}; + +METHOD(xof_t, get_type, ext_out_function_t, + private_sha3_shake_t *this) +{ + return this->algorithm; +} + +METHOD(xof_t, get_bytes, bool, + private_sha3_shake_t *this, size_t out_len, uint8_t *buffer) +{ + this->keccak->squeeze(this->keccak, out_len, buffer); + return TRUE; +} + +METHOD(xof_t, allocate_bytes, bool, + private_sha3_shake_t *this, size_t out_len, chunk_t *chunk) +{ + *chunk = chunk_alloc(out_len); + this->keccak->squeeze(this->keccak, out_len, chunk->ptr); + return TRUE; +} + +METHOD(xof_t, get_block_size, size_t, + private_sha3_shake_t *this) +{ + return this->keccak->get_rate(this->keccak); +} + +METHOD(xof_t, get_seed_size, size_t, + private_sha3_shake_t *this) +{ + return this->capacity; +} + +METHOD(xof_t, set_seed, bool, + private_sha3_shake_t *this, chunk_t seed) +{ + this->keccak->reset(this->keccak); + this->keccak->absorb(this->keccak, seed); + this->keccak->finalize(this->keccak); + return TRUE; +} + + +METHOD(xof_t, destroy, void, + private_sha3_shake_t *this) +{ + this->keccak->destroy(this->keccak); + free(this); +} + +/* + * Described in header. + */ +sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm) +{ + private_sha3_shake_t *this; + u_int capacity = 0; + + switch (algorithm) + { + case XOF_SHAKE_128: + capacity = 32; + break; + case XOF_SHAKE_256: + capacity = 64; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .xof_interface = { + .get_type = _get_type, + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_seed_size = _get_seed_size, + .set_seed = _set_seed, + .destroy = _destroy, + }, + }, + .algorithm = algorithm, + .capacity = capacity, + ); + + this->keccak = sha3_keccak_create(capacity, 0x1f); + if (!this->keccak) + { + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/sha3/sha3_shake.h b/src/libstrongswan/plugins/sha3/sha3_shake.h new file mode 100644 index 000000000..a8643edd7 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_shake.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sha3_shake sha3_shake + * @{ @ingroup sha3_p + */ + +#ifndef SHA3_SHAKE_H_ +#define SHA3_SHAKE_H_ + +typedef struct sha3_shake_t sha3_shake_t; + +#include + +/** + * Implementation of xof_t interface using the SHA-3 XOF algorithm family + * SHAKE128 and SHAKE256 as defined by FIPS-202. + */ +struct sha3_shake_t { + + /** + * Generic xof_t interface for this Extended Output Function (XOF). + */ + xof_t xof_interface; +}; + +/** + * Creates a new sha3_shake_t. + * + * @param algorithm XOF_SHAKE_128 or XOF_SHAKE_256 + * @return sha3_shake_t object, NULL if not supported + */ +sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm); + +#endif /** SHA3_SHAKE_H_ @}*/ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 6563f8335..97ab30763 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -440,6 +437,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 268730e14..4551ff766 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index d50b29565..47e2234c4 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index ab540e78e..c29b6fd1e 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -20,6 +20,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/aes_ccm.c \ test_vectors/aes_gcm.c \ test_vectors/chacha20poly1305.c \ + test_vectors/chacha20_xof.c \ test_vectors/blowfish.c \ test_vectors/camellia_cbc.c \ test_vectors/camellia_ctr.c \ @@ -41,6 +42,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/sha2.c \ test_vectors/sha2_hmac.c \ test_vectors/sha3.c \ + test_vectors/sha3_shake.c \ test_vectors/fips_prf.c \ test_vectors/modp.c \ test_vectors/modpsub.c \ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 6721909f0..56ae8dcab 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -143,18 +143,19 @@ am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ test_vectors/aes_ctr.lo test_vectors/aes_xcbc.lo \ test_vectors/aes_cmac.lo test_vectors/aes_ccm.lo \ test_vectors/aes_gcm.lo test_vectors/chacha20poly1305.lo \ - test_vectors/blowfish.lo test_vectors/camellia_cbc.lo \ - test_vectors/camellia_ctr.lo test_vectors/camellia_xcbc.lo \ - test_vectors/cast.lo test_vectors/des.lo test_vectors/idea.lo \ - test_vectors/null.lo test_vectors/rc2.lo test_vectors/rc5.lo \ + test_vectors/chacha20_xof.lo test_vectors/blowfish.lo \ + test_vectors/camellia_cbc.lo test_vectors/camellia_ctr.lo \ + test_vectors/camellia_xcbc.lo test_vectors/cast.lo \ + test_vectors/des.lo test_vectors/idea.lo test_vectors/null.lo \ + test_vectors/rc2.lo test_vectors/rc5.lo \ test_vectors/serpent_cbc.lo test_vectors/twofish_cbc.lo \ test_vectors/md2.lo test_vectors/md4.lo test_vectors/md5.lo \ test_vectors/md5_hmac.lo test_vectors/sha1.lo \ test_vectors/sha1_hmac.lo test_vectors/sha2.lo \ test_vectors/sha2_hmac.lo test_vectors/sha3.lo \ - test_vectors/fips_prf.lo test_vectors/modp.lo \ - test_vectors/modpsub.lo test_vectors/ecp.lo \ - test_vectors/ecpbp.lo test_vectors/rng.lo + test_vectors/sha3_shake.lo test_vectors/fips_prf.lo \ + test_vectors/modp.lo test_vectors/modpsub.lo \ + test_vectors/ecp.lo test_vectors/ecpbp.lo test_vectors/rng.lo libstrongswan_test_vectors_la_OBJECTS = \ $(am_libstrongswan_test_vectors_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -369,7 +370,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -403,8 +403,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -458,6 +456,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -479,6 +479,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/aes_ccm.c \ test_vectors/aes_gcm.c \ test_vectors/chacha20poly1305.c \ + test_vectors/chacha20_xof.c \ test_vectors/blowfish.c \ test_vectors/camellia_cbc.c \ test_vectors/camellia_ctr.c \ @@ -500,6 +501,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/sha2.c \ test_vectors/sha2_hmac.c \ test_vectors/sha3.c \ + test_vectors/sha3_shake.c \ test_vectors/fips_prf.c \ test_vectors/modp.c \ test_vectors/modpsub.c \ @@ -609,6 +611,8 @@ test_vectors/aes_gcm.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/chacha20poly1305.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) +test_vectors/chacha20_xof.lo: test_vectors/$(am__dirstamp) \ + test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/blowfish.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/camellia_cbc.lo: test_vectors/$(am__dirstamp) \ @@ -651,6 +655,8 @@ test_vectors/sha2_hmac.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/sha3.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) +test_vectors/sha3_shake.lo: test_vectors/$(am__dirstamp) \ + test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/fips_prf.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/modp.lo: test_vectors/$(am__dirstamp) \ @@ -688,6 +694,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/camellia_ctr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/camellia_xcbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/cast.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/chacha20_xof.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/chacha20poly1305.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/ecp.Plo@am__quote@ @@ -710,6 +717,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2_hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3_shake.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/twofish_cbc.Plo@am__quote@ .c.o: diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 3ff211da8..43633e3ff 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -258,6 +258,21 @@ TEST_VECTOR_PRF(sha512_hmac_p5) TEST_VECTOR_PRF(sha512_hmac_p6) TEST_VECTOR_PRF(fips_prf_1) +TEST_VECTOR_XOF(shake_128_0) +TEST_VECTOR_XOF(shake_128_32) +TEST_VECTOR_XOF(shake_128_167) +TEST_VECTOR_XOF(shake_128_168) +TEST_VECTOR_XOF(shake_128_255) +TEST_VECTOR_XOF(shake_256_0) +TEST_VECTOR_XOF(shake_256_64) +TEST_VECTOR_XOF(shake_256_135) +TEST_VECTOR_XOF(shake_256_136) +TEST_VECTOR_XOF(shake_256_255) +TEST_VECTOR_XOF(chacha20_xof_1) +TEST_VECTOR_XOF(chacha20_xof_2) +TEST_VECTOR_XOF(chacha20_xof_3) +TEST_VECTOR_XOF(chacha20_xof_4) + TEST_VECTOR_RNG(rng_monobit_1) TEST_VECTOR_RNG(rng_monobit_2) TEST_VECTOR_RNG(rng_monobit_3) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c b/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c new file mode 100644 index 000000000..2c602c6a3 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/chacha20_xof.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +/** + * ChaCha20 Stream Test Vector from RFC 7539, Section 2.3.2 + */ +xof_test_vector_t chacha20_xof_1 = { + .alg = XOF_CHACHA20, .len = 44, + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x00\x00\x00\x09\x00\x00\x00\x4a\x00\x00\x00\x00", + .out_len = 64, + .out = "\x10\xf1\xe7\xe4\xd1\x3b\x59\x15\x50\x0f\xdd\x1f\xa3\x20\x71\xc4" + "\xc7\xd1\xf4\xc7\x33\xc0\x68\x03\x04\x22\xaa\x9a\xc3\xd4\x6c\x4e" + "\xd2\x82\x64\x46\x07\x9f\xaa\x09\x14\xc2\xd7\x05\xd9\x8b\x02\xa2" + "\xb5\x12\x9c\xd1\xde\x16\x4e\xb9\xcb\xd0\x83\xe8\xa2\x50\x3c\x4e" +}; + +/** + * ChaCha20 Stream Test Vector from RFC 7539, Section 2.4.2 + */ +xof_test_vector_t chacha20_xof_2 = { + .alg = XOF_CHACHA20, .len = 44, + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x00\x00\x00\x00\x00\x00\x00\x4a\x00\x00\x00\x00", + .out_len = 114, + .out = "\x22\x4f\x51\xf3\x40\x1b\xd9\xe1\x2f\xde\x27\x6f\xb8\x63\x1d\xed" + "\x8c\x13\x1f\x82\x3d\x2c\x06\xe2\x7e\x4f\xca\xec\x9e\xf3\xcf\x78" + "\x8a\x3b\x0a\xa3\x72\x60\x0a\x92\xb5\x79\x74\xcd\xed\x2b\x93\x34" + "\x79\x4c\xba\x40\xc6\x3e\x34\xcd\xea\x21\x2c\x4c\xf0\x7d\x41\xb7" + "\x69\xa6\x74\x9f\x3f\x63\x0f\x41\x22\xca\xfe\x28\xec\x4d\xc4\x7e" + "\x26\xd4\x34\x6d\x70\xb9\x8c\x73\xf3\xe9\xc5\x3a\xc4\x0c\x59\x45" + "\x39\x8b\x6e\xda\x1a\x83\x2c\x89\xc1\x67\xea\xcd\x90\x1d\x7e\x2b" + "\xf3\x63" +}; + +/** + * ChaCha20 Stream Test Vector #2 from RFC 7539, Section A1. + */ +xof_test_vector_t chacha20_xof_3 = { + .alg = XOF_CHACHA20, .len = 44, + .seed = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .out_len = 64, + .out = "\x9f\x07\xe7\xbe\x55\x51\x38\x7a\x98\xba\x97\x7c\x73\x2d\x08\x0d" + "\xcb\x0f\x29\xa0\x48\xe3\x65\x69\x12\xc6\x53\x3e\x32\xee\x7a\xed" + "\x29\xb7\x21\x76\x9c\xe6\x4e\x43\xd5\x71\x33\xb0\x74\xd8\x39\xd5" + "\x31\xed\x1f\x28\x51\x0a\xfb\x45\xac\xe1\x0a\x1f\x4b\x79\x4d\x6f" +}; + +/** + * ChaCha20 Stream Test Vector #3 from RFC 7539, Section A1. + */ +xof_test_vector_t chacha20_xof_4 = { + .alg = XOF_CHACHA20, .len = 44, + .seed = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .out_len = 64, + .out = "\x3a\xeb\x52\x24\xec\xf8\x49\x92\x9b\x9d\x82\x8d\xb1\xce\xd4\xdd" + "\x83\x20\x25\xe8\x01\x8b\x81\x60\xb8\x22\x84\xf3\xc9\x49\xaa\x5a" + "\x8e\xca\x00\xbb\xb4\xa7\x3b\xda\xd1\x92\xb5\xc4\x2f\x73\xf2\xfd" + "\x4e\x27\x36\x44\xc8\xb3\x61\x25\xa6\x4a\xdd\xeb\x00\x6c\x13\xa0" +}; + diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c index e659f66f4..d8212f8df 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c @@ -23,7 +23,6 @@ hasher_test_vector_t sha3_224_0 = { .data = "", .hash = "\x6B\x4E\x03\x42\x36\x67\xDB\xB7\x3B\x6E\x15\x45\x4F\x0E\xB1\xAB" "\xD4\x59\x7F\x9A\x1B\x07\x8E\x3F\x5B\x5A\x6B\xC7" - }; hasher_test_vector_t sha3_224_1 = { diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c new file mode 100644 index 000000000..0150d0a80 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3_shake.c @@ -0,0 +1,472 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +/** + * SHAKE-128 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +xof_test_vector_t shake_128_0 = { + .alg = XOF_SHAKE_128, .len = 0, + .seed = "", + .out_len = 512, + .out = "\x7F\x9C\x2B\xA4\xE8\x8F\x82\x7D\x61\x60\x45\x50\x76\x05\x85\x3E" + "\xD7\x3B\x80\x93\xF6\xEF\xBC\x88\xEB\x1A\x6E\xAC\xFA\x66\xEF\x26" + "\x3C\xB1\xEE\xA9\x88\x00\x4B\x93\x10\x3C\xFB\x0A\xEE\xFD\x2A\x68" + "\x6E\x01\xFA\x4A\x58\xE8\xA3\x63\x9C\xA8\xA1\xE3\xF9\xAE\x57\xE2" + "\x35\xB8\xCC\x87\x3C\x23\xDC\x62\xB8\xD2\x60\x16\x9A\xFA\x2F\x75" + "\xAB\x91\x6A\x58\xD9\x74\x91\x88\x35\xD2\x5E\x6A\x43\x50\x85\xB2" + "\xBA\xDF\xD6\xDF\xAA\xC3\x59\xA5\xEF\xBB\x7B\xCC\x4B\x59\xD5\x38" + "\xDF\x9A\x04\x30\x2E\x10\xC8\xBC\x1C\xBF\x1A\x0B\x3A\x51\x20\xEA" + "\x17\xCD\xA7\xCF\xAD\x76\x5F\x56\x23\x47\x4D\x36\x8C\xCC\xA8\xAF" + "\x00\x07\xCD\x9F\x5E\x4C\x84\x9F\x16\x7A\x58\x0B\x14\xAA\xBD\xEF" + "\xAE\xE7\xEE\xF4\x7C\xB0\xFC\xA9\x76\x7B\xE1\xFD\xA6\x94\x19\xDF" + "\xB9\x27\xE9\xDF\x07\x34\x8B\x19\x66\x91\xAB\xAE\xB5\x80\xB3\x2D" + "\xEF\x58\x53\x8B\x8D\x23\xF8\x77\x32\xEA\x63\xB0\x2B\x4F\xA0\xF4" + "\x87\x33\x60\xE2\x84\x19\x28\xCD\x60\xDD\x4C\xEE\x8C\xC0\xD4\xC9" + "\x22\xA9\x61\x88\xD0\x32\x67\x5C\x8A\xC8\x50\x93\x3C\x7A\xFF\x15" + "\x33\xB9\x4C\x83\x4A\xDB\xB6\x9C\x61\x15\xBA\xD4\x69\x2D\x86\x19" + "\xF9\x0B\x0C\xDF\x8A\x7B\x9C\x26\x40\x29\xAC\x18\x5B\x70\xB8\x3F" + "\x28\x01\xF2\xF4\xB3\xF7\x0C\x59\x3E\xA3\xAE\xEB\x61\x3A\x7F\x1B" + "\x1D\xE3\x3F\xD7\x50\x81\xF5\x92\x30\x5F\x2E\x45\x26\xED\xC0\x96" + "\x31\xB1\x09\x58\xF4\x64\xD8\x89\xF3\x1B\xA0\x10\x25\x0F\xDA\x7F" + "\x13\x68\xEC\x29\x67\xFC\x84\xEF\x2A\xE9\xAF\xF2\x68\xE0\xB1\x70" + "\x0A\xFF\xC6\x82\x0B\x52\x3A\x3D\x91\x71\x35\xF2\xDF\xF2\xEE\x06" + "\xBF\xE7\x2B\x31\x24\x72\x1D\x4A\x26\xC0\x4E\x53\xA7\x5E\x30\xE7" + "\x3A\x7A\x9C\x4A\x95\xD9\x1C\x55\xD4\x95\xE9\xF5\x1D\xD0\xB5\xE9" + "\xD8\x3C\x6D\x5E\x8C\xE8\x03\xAA\x62\xB8\xD6\x54\xDB\x53\xD0\x9B" + "\x8D\xCF\xF2\x73\xCD\xFE\xB5\x73\xFA\xD8\xBC\xD4\x55\x78\xBE\xC2" + "\xE7\x70\xD0\x1E\xFD\xE8\x6E\x72\x1A\x3F\x7C\x6C\xCE\x27\x5D\xAB" + "\xE6\xE2\x14\x3F\x1A\xF1\x8D\xA7\xEF\xDD\xC4\xC7\xB7\x0B\x5E\x34" + "\x5D\xB9\x3C\xC9\x36\xBE\xA3\x23\x49\x1C\xCB\x38\xA3\x88\xF5\x46" + "\xA9\xFF\x00\xDD\x4E\x13\x00\xB9\xB2\x15\x3D\x20\x41\xD2\x05\xB4" + "\x43\xE4\x1B\x45\xA6\x53\xF2\xA5\xC4\x49\x2C\x1A\xDD\x54\x45\x12" + "\xDD\xA2\x52\x98\x33\x46\x2B\x71\xA4\x1A\x45\xBE\x97\x29\x0B\x6F" +}; + +xof_test_vector_t shake_128_32 = { + .alg = XOF_SHAKE_128, .len = 32, + .seed = "\x9F\x2F\xCC\x7C\x90\xDE\x09\x0D\x6B\x87\xCD\x7E\x97\x18\xC1\xEA" + "\x6C\xB2\x11\x18\xFC\x2D\x5D\xE9\xF9\x7E\x5D\xB6\xAC\x1E\x9C\x10", + .out_len = 512, + .out = "\xFC\xDE\xAD\x82\xF3\x9C\xDF\xCE\xF9\x9C\x1B\xAB\xB6\x74\xA9\xA8" + "\xE2\x4A\xC5\x94\x64\x6C\x31\xD0\x20\xA4\xCD\x2B\xC2\x55\x4A\xFD" + "\x78\xC4\xE4\x13\xF7\x80\x4F\xA1\x70\x8B\x9F\x40\x00\xFD\x86\x0E" + "\x30\x70\xF2\xE1\xBA\x9E\xEE\x38\x05\x35\x2A\xAD\x65\x5B\x4B\x0A" + "\x72\x8F\x2D\x5F\xCC\x43\x24\x38\x25\xBC\x0D\xCE\x33\xCA\x71\x66" + "\x26\xDC\x76\xE9\x20\xD7\x25\x75\xE2\x6D\xDD\x71\x10\xD0\xF9\x91" + "\xA9\x12\x00\xB5\x13\xAE\xE2\x3A\xC9\xBC\x70\x43\xA1\x52\xAC\xE0" + "\xCD\x0B\x49\x18\x1D\x2B\xB6\xBD\x36\xE9\x3C\x0B\x62\x7A\xCA\x9C" + "\x6A\xB6\xC8\x5E\xD7\x0C\xE7\x62\x42\x9C\x8F\x26\x27\x08\x10\x32" + "\x84\xC0\xA7\x92\x13\x8F\x10\xE8\x56\x8E\xFB\x23\x99\xB3\x8A\x31" + "\x05\x5C\x11\x88\xBA\x59\x34\x4E\x6A\x2B\x73\xD5\xC0\x4A\xA5\x24" + "\x05\x66\x49\x84\x4D\x1D\xAD\xCD\x07\xD3\x5D\xF5\xD8\x51\xEB\xAF" + "\xFC\xA5\x70\x3B\x80\x15\x3E\xA6\x27\xB1\xBA\xDF\xB2\x88\x5F\x70" + "\xF7\x86\xD3\x4F\x56\x50\xFE\x73\xE3\x69\x0A\x8A\x96\x61\x00\x59" + "\x25\x3D\xD3\xAB\xB5\xFA\x7C\x54\xCF\x6E\x77\x69\x5D\x24\xA6\x59" + "\x40\x77\xEE\x4D\x36\x73\xF9\xFC\x56\xC6\x2F\xC7\xF7\x10\xCF\x87" + "\x20\x14\xC0\xA7\xDE\x8B\x1C\xA6\xAE\x8C\xEF\xAA\xDE\xAF\x5F\x4D" + "\x05\x5F\xF7\x65\xAD\x41\x87\x13\xF2\xDD\x08\xEA\xFB\x5E\x16\xEE" + "\xD9\xFE\x34\x4E\xE8\xD4\x38\x8F\xDC\x22\x35\x1F\x63\x83\x40\x17" + "\xB5\x39\xE3\xFF\x14\x3F\x39\x4B\x5B\x74\xD0\x6F\x65\xE9\x6A\x7A" + "\x3D\x02\x8F\xD1\x4F\x6C\x70\x01\xEB\x7A\xD2\xDC\xFC\xF4\xB2\x44" + "\x7A\xA1\x73\xA2\xAE\x8E\xDB\x58\x1B\x5B\xBD\x89\xE8\xA4\x68\xFE" + "\x0A\x38\x50\x75\x30\xB9\x79\x5D\xA3\xBC\xEC\x6D\xDE\xBC\xE9\xEB" + "\x31\x32\xEF\x18\xC9\xC2\xA8\xB9\x36\xA4\x31\xC8\xB1\x21\xFA\x99" + "\x6F\xF9\xBA\x5C\xE5\x22\x98\x6B\x67\x8A\x5E\xC9\x9A\x10\x3A\x91" + "\xCF\x33\x19\x6E\x08\xC8\x2D\xC6\x5E\x68\xAE\xD2\x38\xA9\x31\x6A" + "\x73\xE7\x1C\xF5\xA6\x7C\xE4\x40\xB9\x3B\xDB\x84\x5B\x3A\x60\x53" + "\x9E\xCC\xDC\xE4\x1B\xC7\x23\xEC\x9A\x14\xEE\x4E\x08\x2F\x60\xC0" + "\xBE\x3D\x5E\x50\xDF\xC8\xBE\x1E\x86\xA9\x7E\xCE\xE9\xD8\x8E\x2B" + "\xB2\xA3\xAF\xF4\x7F\xBD\x6D\x66\x75\xD8\x1E\xFE\x07\x08\x92\x6B" + "\x81\xAB\x31\x4A\x52\x4F\xC7\x45\x09\x01\x62\xD2\xAC\x72\x3C\x43" + "\x26\xE0\xF9\xE1\x6F\xBD\xBA\x2B\x1E\x99\x14\xBB\xEE\xDF\xF9\x6B" +}; + +xof_test_vector_t shake_128_167 = { + .alg = XOF_SHAKE_128, .len = 167, + .seed = "\x0D\x8D\x09\xAE\xD1\x9F\x10\x13\x96\x9C\xE5\xE7\xEB\x92\xF8\x3A" + "\x20\x9A\xE7\x6B\xE3\x1C\x75\x48\x44\xEA\x91\x16\xCE\xB3\x9A\x22" + "\xEB\xB6\x00\x30\x17\xBB\xCF\x26\x55\x5F\xA6\x62\x41\x85\x18\x7D" + "\xB8\xF0\xCB\x35\x64\xB8\xB1\xC0\x6B\xF6\x85\xD4\x7F\x32\x86\xED" + "\xA2\x0B\x83\x35\x8F\x59\x9D\x20\x44\xBB\xF0\x58\x3F\xAB\x8D\x78" + "\xF8\x54\xFE\x0A\x59\x61\x83\x23\x0C\x5E\xF8\xE5\x44\x26\x75\x0E" + "\xAF\x2C\xC4\xE2\x9D\x3B\xDD\x03\x7E\x73\x4D\x86\x3C\x2B\xD9\x78" + "\x9B\x4C\x24\x30\x96\x13\x8F\x76\x72\xC2\x32\x31\x4E\xFF\xDF\xC6" + "\x51\x34\x27\xE2\xDA\x76\x91\x6B\x52\x48\x93\x3B\xE3\x12\xEB\x5D" + "\xDE\x4C\xF7\x08\x04\xFB\x25\x8A\xC5\xFB\x82\xD5\x8D\x08\x17\x7A" + "\xC6\xF4\x75\x60\x17\xFF\xF5", + .out_len = 512, + .out = "\xC7\x3D\x8F\xAA\xB5\xD0\xB4\xD6\x60\xBD\x50\x82\xE4\x4C\x3C\xAC" + "\x97\xE6\x16\x48\xBE\x0A\x04\xB1\x16\x72\x4E\x6F\x6B\x65\x76\x84" + "\x67\x4B\x4B\x0E\x90\xD0\xAE\x96\xC0\x85\x3E\xBD\x83\x7B\xD8\x24" + "\x9A\xDB\xD3\xB6\x0A\x1A\xD1\xFC\xF8\xA6\xAB\x8E\x2F\x5A\xA7\xFF" + "\x19\x7A\x3D\x7D\xBE\xDE\xFB\x43\x3B\x61\x35\x36\xAE\xC4\xD6\x55" + "\xB7\xBC\xD7\x78\x52\x6B\xE6\x67\x84\x7A\xCD\x2E\x05\x64\xD9\x6C" + "\xE5\x14\x0C\x91\x35\x7F\xAD\xE0\x00\xEF\xCB\x40\x45\x7E\x1B\x6C" + "\xED\x41\xFA\x10\x2E\x36\xE7\x99\x79\x2D\xB0\x3E\x9A\x40\xC7\x99" + "\xBC\xA9\x12\x62\x94\x8E\x17\x60\x50\x65\xFB\xF6\x38\xFB\x40\xA1" + "\x57\xB4\x5C\xF7\x91\x1A\x75\x3D\x0D\x20\x5D\xF8\x47\x16\xA5\x71" + "\x12\xBE\xAB\x44\xF6\x20\x1F\xF7\x5A\xAD\xE0\xBA\xFB\xA5\x04\x74" + "\x5C\xFE\x23\xE4\xE6\x0E\x67\xE3\x99\x36\x22\xAE\xD7\x3A\x1D\xD6" + "\xA4\x65\xBD\x45\x3D\xD3\xC5\xBA\x7D\x2C\xDF\x3F\x1D\x39\x37\x6A" + "\x67\xC2\x3E\x55\x5F\x5A\xCF\x25\xBC\xE1\xE5\x5F\x30\x72\x52\xB9" + "\xAA\xC2\xC0\xA3\x9C\x88\x5C\x7E\x44\xF2\x04\xCB\x82\x1C\x0D\x37" + "\xA2\x2D\xE3\xA7\x1F\x3A\x19\x09\xB1\x1B\x71\x81\xC4\x2B\xE9\xB7" + "\x8A\xA0\xD0\xA1\x54\x44\xF3\x30\x00\x75\x54\xBC\xFC\xC0\xD8\xFD" + "\x87\xD6\x43\x1F\xB9\x3C\x7C\xC3\x87\x67\xA5\x5D\x30\xD3\x54\x55" + "\x60\xBD\x38\x0D\xB8\xC4\xC0\xED\xA9\x39\x9F\x68\xF8\x54\x64\x42" + "\x66\xC1\xB7\x95\x8B\x27\x0E\x75\xB7\x91\x34\xAA\x01\xE7\xDC\xF1" + "\xE6\xFD\xB6\xD9\xAE\x5D\x02\xCC\xE8\xCE\x8E\x48\x04\x75\xE9\x61" + "\x7C\xC4\x2A\x91\xC0\x8D\x9A\xF6\xE5\x10\x1B\x8A\xC5\x83\x4A\xDB" + "\x2C\x66\x98\x7F\x42\xA5\x80\xBB\x50\x3A\x4B\x34\xA9\xF1\x5A\xDC" + "\xD0\xE2\x3D\x0D\x40\x29\x47\x97\x64\x83\x1D\x06\xB5\xCA\xF3\xF1" + "\x4B\x91\x44\x9F\x15\xA2\x91\xF4\xAC\x25\x0B\x27\x0B\x6C\xB3\xC3" + "\x04\x72\x5C\x99\xE3\x26\x45\xE1\xFC\x02\xA0\xCD\xDD\x9E\x71\x79" + "\x11\xF2\x34\x2D\x94\x82\xF8\xE0\x97\x99\x85\xA0\x17\x0D\x72\x5D" + "\xAB\x4E\xA6\x6D\x44\xF6\x26\xBA\x47\x59\x25\xFA\x39\xFC\x9D\xEE" + "\x92\x9C\x06\xD0\x09\x41\x6C\x0A\xDC\x1D\x98\x7C\xD6\x25\xA2\x0A" + "\xCB\xA4\xCC\x87\xF7\x2F\x61\x08\x67\xC3\xA7\xA9\x28\xA3\xA0\x37" + "\x96\x76\xE8\xFE\x25\x71\x07\xAB\x2F\x5C\x03\x0B\xD2\x48\x0E\x3D" + "\x18\x63\x56\x2E\x1F\xD0\x79\x02\x80\x33\x3E\xD9\xD5\xDD\x5A\x5C" +}; + +xof_test_vector_t shake_128_168 = { + .alg = XOF_SHAKE_128, .len = 168, + .seed = "\xC3\x23\x6B\x73\xDE\xB7\x66\x2B\xF3\xF3\xDA\xA5\x8F\x13\x7B\x35" + "\x8B\xA6\x10\x56\x0E\xF7\x45\x57\x85\xA9\xBE\xFD\xB0\x35\xA0\x66" + "\xE9\x07\x04\xF9\x29\xBD\x96\x89\xCE\xF0\xCE\x3B\xDA\x5A\xCF\x44" + "\x80\xBC\xEB\x8D\x09\xD1\x0B\x09\x8A\xD8\x50\x0D\x9B\x60\x71\xDF" + "\xC3\xA1\x4A\xF6\xC7\x75\x11\xD8\x1E\x3A\xA8\x84\x49\x86\xC3\xBE" + "\xA6\xF4\x69\xF9\xE0\x21\x94\xC9\x28\x68\xCD\x5F\x51\x64\x62\x56" + "\x79\x8F\xF0\x42\x49\x54\xC1\x43\x4B\xDF\xED\x9F\xAC\xB3\x90\xB0" + "\x7D\x34\x2E\x99\x29\x36\xE0\xF8\x8B\xFD\x0E\x88\x4A\x0D\xDB\x67" + "\x9D\x05\x47\xCC\xDE\xC6\x38\x42\x85\xA4\x54\x29\xD1\x15\xAC\x7D" + "\x23\x5A\x71\x72\x42\x02\x1D\x1D\xC3\x56\x41\xF5\xF0\xA4\x8E\x84" + "\x45\xDB\xA5\x8E\x6C\xB2\xC8\xEA", + .out_len = 512, + .out = "\x4A\x05\xF2\xEF\x1A\xAD\x5F\xF4\x30\x64\x29\xEC\x0F\x19\x04\x40" + "\x77\xFB\x64\xBF\xE1\xDC\xC5\x0F\x74\xC3\xF0\x45\xE9\xA9\xC3\xDE" + "\x4A\x3B\x59\x63\xAE\xF7\x71\xB0\x49\x11\x1B\x7B\x46\x40\xE2\x0B" + "\x1B\xA8\x4E\xD7\xAF\xEE\x32\x55\x71\xAC\xF3\x47\xE3\x11\xF3\x3C" + "\x1D\x42\x1F\x21\xD6\x63\x06\x5C\x4D\xAD\xDB\xD1\x78\x5C\x5D\xAC" + "\x0D\x55\x4C\xED\xB1\xA4\x5A\x32\xE2\x81\x45\xE9\x8F\x49\xDE\xE2" + "\x85\xB3\x3D\xE1\x4C\x33\x6D\x10\x95\x0E\xCC\x30\x96\x6B\x79\xE8" + "\x61\x3F\xFE\xBB\x70\x2F\xCC\x00\xA1\xC4\x25\x0D\xD3\x85\xAB\xB5" + "\x37\xA2\x84\xE9\x10\x8D\x16\xB6\xF0\x8F\x4E\x10\x3F\x2C\x5E\x9E" + "\x5C\x87\x9C\xB5\x09\x55\x34\x15\x1E\x3C\x9A\x31\x6D\x06\xDC\xE5" + "\x3B\x7F\x01\xB4\x24\xD3\x75\xB5\x64\xFE\x68\x39\xD1\xD1\xF0\x0A" + "\x2E\x62\x60\x40\x60\xA9\x74\x8B\xCD\xC8\x14\x37\x37\x95\x9F\xAB" + "\xBC\xAE\x18\x51\x21\x3E\x6D\xC2\x8B\xEF\xDA\x48\x14\x9D\xE6\xAA" + "\xF4\xA6\x0D\x46\x15\xBE\xD6\x7D\x11\x79\x6F\x61\x73\xC3\xDC\xF1" + "\x39\x03\x7B\x31\xEE\xC9\xA8\x40\x4D\xF0\x75\x97\xBC\x26\x6D\x3C" + "\x7D\x9E\xB9\xA7\xCA\xBF\x74\x9F\xB4\x4E\x40\xD7\x46\xD0\xE9\xDF" + "\xB5\xC8\xBB\xEB\x25\xE3\xF1\x61\x2D\x03\xD3\xEB\x0C\x15\x4D\xE4" + "\xB2\x70\x8C\x4F\x8A\x89\x76\x2E\x17\x1F\x74\x45\x18\xAE\xC1\x34" + "\xA0\x2E\xEA\xF4\x9D\xB2\xE2\xC6\xC9\x91\x47\x11\x28\x8D\x6B\x0C" + "\xE8\x77\x86\x1D\x9B\x10\xAC\xFC\xC1\x96\x43\x73\x82\x87\xDA\x00" + "\x52\x82\xF3\xFC\x82\xF9\xF5\x0A\xA6\x81\xF2\xF5\x5F\xE1\x80\x9C" + "\x9E\x23\xA3\xA5\x9E\x51\xC2\xE8\x94\xF7\x18\x37\x2F\x9F\xA1\x56" + "\x4B\x47\xAB\x3F\x43\xF0\x74\x7A\x17\x83\x9E\x93\x33\x69\xB6\x77" + "\x80\x53\xE1\x76\x4F\x52\xC5\xF3\x19\xE3\x3C\x8B\x25\x67\x8F\x72" + "\x33\x2E\x33\xCC\xA9\x7C\x68\xF1\x9E\x05\x8E\x70\xC3\x14\x10\xDF" + "\x4D\xE7\xE0\x81\x69\xD6\x09\x6B\x7B\x4E\xA4\x82\x71\xEB\x68\x4F" + "\xEE\x9F\xC8\xB5\x61\xC3\xFE\xE2\xDC\xE8\x3D\x09\x2B\x14\x2B\xEC" + "\x14\x78\xD2\x6B\x48\xC3\xC6\xE5\x97\xA7\xB2\xE4\x40\x27\xE1\xEC" + "\xA2\x31\x78\xD3\xAF\xCC\x67\xBB\x53\x0A\x52\x9C\x7E\x13\x36\xE1" + "\xAD\xAE\x74\xEF\x0B\xE9\xCD\x61\xE9\x1C\x6A\xEA\x57\xF7\xCC\xB2" + "\x3B\x64\xB2\xF8\x48\x61\xCE\x15\x92\x09\xFE\xF7\xA8\x97\xA1\x6A" + "\x87\x1A\xA9\x9E\x63\xA5\x12\x6D\xF2\xB0\x33\x87\xE4\x2C\x3D\x18" +}; + +xof_test_vector_t shake_128_255 = { + .alg = XOF_SHAKE_128, .len = 255, + .seed = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .out_len = 512, + .out = "\x14\x23\x6E\x75\xB9\x78\x4D\xF4\xF5\x79\x35\xF9\x45\x35\x6C\xBE" + "\x38\x3F\xE5\x13\xED\x30\x28\x6F\x91\x06\x07\x59\xBC\xB0\xEF\x4B" + "\xAA\xC8\x58\xEC\xAE\x7C\x6E\x7E\xDD\x49\x8F\x01\xA0\x82\xB6\x3F" + "\xA5\x7D\x22\x54\x02\x31\xE2\xE2\x5C\x83\xEF\xB3\xB3\xF2\x95\x3A" + "\x5F\x67\x45\x02\xAB\x63\x52\x26\x44\x6B\x84\x93\x76\x43\xDC\xD5" + "\x78\x9E\xE7\x3F\x1D\x73\x4B\xC8\xFE\x5F\x7F\x08\x83\xAB\x10\x96" + "\x1B\x9A\x31\xFF\x60\xDE\xE1\x61\x59\xBC\x69\x82\xEF\xB0\x85\x45" + "\x98\x4B\xF7\x1F\xED\x1C\x4C\xD8\x1C\x09\x14\xB4\xC1\x9F\xCF\xEE" + "\xF5\x4A\xF4\xBB\xE3\x72\xF1\x8C\xFC\xD3\xA1\x86\x57\xF5\xB9\x45" + "\x0F\x99\xA7\x8F\x0F\xA2\xC3\xCD\xCA\x74\x61\xC4\xED\x75\x69\x53" + "\x68\x83\xB6\x6C\xD8\x7E\x9C\x20\x09\x62\x90\x2E\xAA\x16\xA5\x4D" + "\xB6\xA0\xA5\xCC\x26\xD8\x89\x03\x8C\x07\x60\x81\x0B\x5B\xB4\xF3" + "\x3F\x1E\x5D\x63\x9B\x6F\x9B\xC7\xCA\x62\xBA\x6F\x8C\x9F\x8D\xE7" + "\x70\x26\x0A\xFE\x47\xF4\xE0\xF8\x2F\x10\x21\x98\xEB\xA2\x7F\x54" + "\x32\x52\xAC\x8D\xDD\x83\xE1\xB8\xDB\x0A\x91\xAC\x65\x63\x3F\xD1" + "\x2A\x55\x0E\xBE\x96\xF9\x3A\xA6\x70\x4E\xD5\x90\x5C\x23\x4F\xA6" + "\xD9\x20\x39\x10\xCB\xD0\x2D\xE1\x66\xC4\xC3\x34\x8F\xB8\x1E\xF7" + "\xB8\x4A\xE1\x45\x5F\xE3\x18\xB5\xFD\x17\x08\x83\xF4\x9B\xA2\xF2" + "\x42\x89\xC4\x79\xA2\xC7\x53\x14\x06\xBA\x98\x9B\xEA\xEF\x3A\x79" + "\xF6\x59\x02\x86\x42\xE9\xB0\x33\xF7\xDE\xB9\xEC\xEC\x3A\x7A\x9F" + "\x1D\xBD\x24\x51\xFC\xB4\x7C\x81\xE2\x1E\x91\xD2\x0B\x92\x4C\x6B" + "\xD0\x4C\x1F\x0B\x27\x10\xD2\xE5\x70\xCD\x24\xBA\xD5\xB5\xDE\x4E" + "\x49\xAA\x80\xB6\xAD\xD5\x50\x7B\x4D\x2E\x51\x03\x70\xC7\xAF\xA8" + "\x14\xD7\xE1\xA7\xE2\x78\xE5\x3D\x7C\xCF\x49\xA0\xA8\x66\xCA\x3A" + "\x7B\x5B\xB7\x1E\xF3\x42\x5E\x46\x0F\xEE\xB2\x91\x49\xF2\x17\x06" + "\x66\x13\x69\x5F\x85\x50\x6A\x09\x46\xCF\x68\x97\x9F\x04\xAE\x07" + "\x3A\xF8\x02\x89\x76\xBF\x0C\x5B\xDC\x22\x12\xE8\xC3\x64\x58\x3D" + "\xE9\xFB\xD0\x3B\x34\xDD\xEE\x5E\xC4\xCF\xA8\xED\x8C\xE5\x92\x97" + "\x1D\x01\x08\xFA\xF7\x6C\x89\x40\xE2\x5E\x6C\x5F\x86\x55\x84\xC3" + "\x4A\x23\x3C\x14\xF0\x05\x32\x67\x3F\xDB\xE3\x88\xCC\x7E\x98\xA5" + "\xB8\x67\xB1\xC5\x91\x30\x7A\x90\x15\x11\x2B\x56\x7F\xF6\xB4\xF3" + "\x18\x11\x41\x11\xFC\x95\xE5\xBD\x7C\x9C\x60\xB7\x4C\x1F\x87\x25" +}; + +/** + * SHAKE-256 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +xof_test_vector_t shake_256_0 = { + .alg = XOF_SHAKE_256, .len = 0, + .seed = "", + .out_len = 512, + .out = "\x46\xB9\xDD\x2B\x0B\xA8\x8D\x13\x23\x3B\x3F\xEB\x74\x3E\xEB\x24" + "\x3F\xCD\x52\xEA\x62\xB8\x1B\x82\xB5\x0C\x27\x64\x6E\xD5\x76\x2F" + "\xD7\x5D\xC4\xDD\xD8\xC0\xF2\x00\xCB\x05\x01\x9D\x67\xB5\x92\xF6" + "\xFC\x82\x1C\x49\x47\x9A\xB4\x86\x40\x29\x2E\xAC\xB3\xB7\xC4\xBE" + "\x14\x1E\x96\x61\x6F\xB1\x39\x57\x69\x2C\xC7\xED\xD0\xB4\x5A\xE3" + "\xDC\x07\x22\x3C\x8E\x92\x93\x7B\xEF\x84\xBC\x0E\xAB\x86\x28\x53" + "\x34\x9E\xC7\x55\x46\xF5\x8F\xB7\xC2\x77\x5C\x38\x46\x2C\x50\x10" + "\xD8\x46\xC1\x85\xC1\x51\x11\xE5\x95\x52\x2A\x6B\xCD\x16\xCF\x86" + "\xF3\xD1\x22\x10\x9E\x3B\x1F\xDD\x94\x3B\x6A\xEC\x46\x8A\x2D\x62" + "\x1A\x7C\x06\xC6\xA9\x57\xC6\x2B\x54\xDA\xFC\x3B\xE8\x75\x67\xD6" + "\x77\x23\x13\x95\xF6\x14\x72\x93\xB6\x8C\xEA\xB7\xA9\xE0\xC5\x8D" + "\x86\x4E\x8E\xFD\xE4\xE1\xB9\xA4\x6C\xBE\x85\x47\x13\x67\x2F\x5C" + "\xAA\xAE\x31\x4E\xD9\x08\x3D\xAB\x4B\x09\x9F\x8E\x30\x0F\x01\xB8" + "\x65\x0F\x1F\x4B\x1D\x8F\xCF\x3F\x3C\xB5\x3F\xB8\xE9\xEB\x2E\xA2" + "\x03\xBD\xC9\x70\xF5\x0A\xE5\x54\x28\xA9\x1F\x7F\x53\xAC\x26\x6B" + "\x28\x41\x9C\x37\x78\xA1\x5F\xD2\x48\xD3\x39\xED\xE7\x85\xFB\x7F" + "\x5A\x1A\xAA\x96\xD3\x13\xEA\xCC\x89\x09\x36\xC1\x73\xCD\xCD\x0F" + "\xAB\x88\x2C\x45\x75\x5F\xEB\x3A\xED\x96\xD4\x77\xFF\x96\x39\x0B" + "\xF9\xA6\x6D\x13\x68\xB2\x08\xE2\x1F\x7C\x10\xD0\x4A\x3D\xBD\x4E" + "\x36\x06\x33\xE5\xDB\x4B\x60\x26\x01\xC1\x4C\xEA\x73\x7D\xB3\xDC" + "\xF7\x22\x63\x2C\xC7\x78\x51\xCB\xDD\xE2\xAA\xF0\xA3\x3A\x07\xB3" + "\x73\x44\x5D\xF4\x90\xCC\x8F\xC1\xE4\x16\x0F\xF1\x18\x37\x8F\x11" + "\xF0\x47\x7D\xE0\x55\xA8\x1A\x9E\xDA\x57\xA4\xA2\xCF\xB0\xC8\x39" + "\x29\xD3\x10\x91\x2F\x72\x9E\xC6\xCF\xA3\x6C\x6A\xC6\xA7\x58\x37" + "\x14\x30\x45\xD7\x91\xCC\x85\xEF\xF5\xB2\x19\x32\xF2\x38\x61\xBC" + "\xF2\x3A\x52\xB5\xDA\x67\xEA\xF7\xBA\xAE\x0F\x5F\xB1\x36\x9D\xB7" + "\x8F\x3A\xC4\x5F\x8C\x4A\xC5\x67\x1D\x85\x73\x5C\xDD\xDB\x09\xD2" + "\xB1\xE3\x4A\x1F\xC0\x66\xFF\x4A\x16\x2C\xB2\x63\xD6\x54\x12\x74" + "\xAE\x2F\xCC\x86\x5F\x61\x8A\xBE\x27\xC1\x24\xCD\x8B\x07\x4C\xCD" + "\x51\x63\x01\xB9\x18\x75\x82\x4D\x09\x95\x8F\x34\x1E\xF2\x74\xBD" + "\xAB\x0B\xAE\x31\x63\x39\x89\x43\x04\xE3\x58\x77\xB0\xC2\x8A\x9B" + "\x1F\xD1\x66\xC7\x96\xB9\xCC\x25\x8A\x06\x4A\x8F\x57\xE2\x7F\x2A" +}; + +xof_test_vector_t shake_256_64 = { + .alg = XOF_SHAKE_256, .len = 64, + .seed = "\xE9\x26\xAE\x8B\x0A\xF6\xE5\x31\x76\xDB\xFF\xCC\x2A\x6B\x88\xC6" + "\xBD\x76\x5F\x93\x9D\x3D\x17\x8A\x9B\xDE\x9E\xF3\xAA\x13\x1C\x61" + "\xE3\x1C\x1E\x42\xCD\xFA\xF4\xB4\xDC\xDE\x57\x9A\x37\xE1\x50\xEF" + "\xBE\xF5\x55\x5B\x4C\x1C\xB4\x04\x39\xD8\x35\xA7\x24\xE2\xFA\xE7", + .out_len = 512, + .out = "\x77\xB7\x49\x6E\xD0\x8C\x39\x33\xBD\x75\x98\x3C\x0C\x04\x94\xBD" + "\xD8\x26\x24\x93\xA4\xB5\x5D\xDC\xCC\x64\x16\x7E\x67\xEA\xC0\xF6" + "\xE6\x30\x7A\xCC\x15\xC3\x3F\x39\x63\x74\x4E\x26\xCA\x6C\x50\x4D" + "\x39\x3B\x3E\xE8\x16\x5E\x4D\x49\xEB\x3B\x6E\x64\x92\x07\x65\x30" + "\x48\xF8\xB8\x22\xFF\x88\x4D\xC7\x49\x37\x44\x3B\x1C\x4A\x88\x8C" + "\x7A\x76\x8C\x63\xD5\xB5\xD2\x9E\x74\x46\x87\x39\x23\xB9\xD7\xA5" + "\x6F\xA5\xD9\xE9\x07\x60\xAB\x86\xD5\x71\x8E\x34\x64\x82\x1B\x79" + "\xEB\x46\xD1\x69\x14\x1F\xF1\x61\x20\xBF\xB6\x50\xC7\x6D\x4B\x3E" + "\x5B\x3F\x6C\xE6\x1F\xEB\xDB\xE0\x9A\xED\x7F\x4C\x91\x06\x6D\x90" + "\x3A\xF6\xE5\x65\x31\xE8\xFF\x71\x54\x95\x08\xB6\xE4\x20\xCA\xC6" + "\xBE\xDF\xE0\xCB\xEA\xE6\xBC\x22\x84\x76\xBC\x8C\x00\xEA\xE4\x3D" + "\x40\xC8\x2C\xBD\xF6\xB4\x60\xC3\x76\xD7\xC1\x16\x48\xEB\x28\x15" + "\xB6\x50\x6A\xBD\x43\x39\xB2\x5D\x58\xD4\x5C\xDD\x0A\x0B\x9E\x35" + "\xA8\x8E\x25\x1F\xDC\x34\xD4\x81\x0D\x65\x9D\x17\x9F\x59\xEB\xD0" + "\x37\x17\xFD\x31\xA6\x39\x4C\xE1\x2C\xD5\x56\x90\x66\xE1\x38\x88" + "\x5C\xB2\xBD\xEB\xBA\x06\x36\x75\x57\xCE\x84\x9E\xB8\x69\xF3\xCA" + "\xC3\x88\x00\xD5\x1C\x22\xB6\x66\xAE\x27\x01\xE5\x80\x79\x63\x94" + "\xDF\xA0\x2F\x49\x10\xBF\x5F\x86\xAA\xB5\x39\x51\x23\x33\x64\xEA" + "\x20\xCD\xA3\x5A\xFB\xAB\x44\x5B\xE7\xF6\x86\x64\x38\x56\xF8\x25" + "\x39\x4B\xE7\xB4\xB6\xD2\xC9\x18\xD0\x15\x1F\x46\xFB\x9A\xEE\x8A" + "\x7B\xA2\xD7\x06\xE4\x8C\xB0\xBC\x42\x9B\x06\x42\x62\xC1\xA0\xEB" + "\x35\x24\xFF\x14\x63\x2F\x51\x84\x57\x5C\x15\xF6\xF4\xA3\x44\x6E" + "\x93\xCB\x4E\x86\xB6\xA9\x31\xBA\x26\x84\x09\xCE\x30\xB4\x59\x5F" + "\xD2\x05\x9A\x27\x18\x3B\x3B\xA8\xD0\xAC\xE8\xE4\x82\x86\x6D\x5C" + "\x7D\x5B\x03\xDB\x8D\xBD\x24\xB9\x9D\x59\xEB\x6E\xEF\xFD\x20\x9E" + "\x12\x45\x35\xD1\x54\xB9\x8F\x99\x91\xD8\x4F\xE1\xAA\x76\x3C\x51" + "\x33\xD4\x1E\xCC\x23\x39\x30\x95\x7D\xCE\xB7\x89\x6A\xF7\x0F\x73" + "\x5A\x2F\x5C\x1E\x79\x48\x0A\xFD\x50\x94\x3B\xC5\x01\x4B\xCF\x0A" + "\x73\x54\xAA\x7F\x71\x31\x63\xB5\x5A\x1E\x41\xBD\xD0\x5F\xBB\xA9" + "\xC1\xDB\x2C\x69\x04\x3E\xD9\xEE\xA4\xFA\x45\xC9\x90\xCC\xB4\xA8" + "\xDC\x41\xAF\xAB\x18\x16\x40\x18\xE5\x4C\x47\xAC\x5B\xD6\x98\x0F" + "\xD7\x96\xAC\xF0\xDD\xB4\x2C\x70\x42\xA4\x87\x7E\x8B\xE3\xDE\x29" +}; + +xof_test_vector_t shake_256_135 = { + .alg = XOF_SHAKE_256, .len = 135, + .seed = "\xB7\x71\xD5\xCE\xF5\xD1\xA4\x1A\x93\xD1\x56\x43\xD7\x18\x1D\x2A" + "\x2E\xF0\xA8\xE8\x4D\x91\x81\x2F\x20\xED\x21\xF1\x47\xBE\xF7\x32" + "\xBF\x3A\x60\xEF\x40\x67\xC3\x73\x4B\x85\xBC\x8C\xD4\x71\x78\x0F" + "\x10\xDC\x9E\x82\x91\xB5\x83\x39\xA6\x77\xB9\x60\x21\x8F\x71\xE7" + "\x93\xF2\x79\x7A\xEA\x34\x94\x06\x51\x28\x29\x06\x5D\x37\xBB\x55" + "\xEA\x79\x6F\xA4\xF5\x6F\xD8\x89\x6B\x49\xB2\xCD\x19\xB4\x32\x15" + "\xAD\x96\x7C\x71\x2B\x24\xE5\x03\x2D\x06\x52\x32\xE0\x2C\x12\x74" + "\x09\xD2\xED\x41\x46\xB9\xD7\x5D\x76\x3D\x52\xDB\x98\xD9\x49\xD3" + "\xB0\xFE\xD6\xA8\x05\x2F\xBB", + .out_len = 512, + .out = "\x6C\x60\x95\x5D\xCB\x8A\x66\x3B\x6D\xC7\xF5\xEF\x7E\x06\x9C\xA8" + "\xFE\x3D\xA9\x9A\x66\xDF\x65\x96\x92\x5D\x55\x7F\xED\x91\xF4\x70" + "\x91\x40\x7D\x6F\xDE\x32\x02\x3B\x57\xE2\xEE\x4C\x6A\xC9\x7B\x07" + "\x76\x24\xFA\xC2\x5F\x6E\x13\xF4\x19\x16\x96\xB4\x0A\x4D\xF7\x5F" + "\x61\xCD\x55\x21\xD9\x82\xC6\xD0\x9D\x83\x42\xC1\x7A\x36\x6E\xC6" + "\x34\x6E\x35\x28\xB2\x6C\xFF\x91\x5B\xE9\x44\x2B\x9E\xBC\xC3\x0F" + "\xF2\xF6\xAD\xD0\xE8\x2B\xA9\x04\xC7\x37\x00\xCC\x99\xAC\xFF\x48" + "\x0C\xAF\x04\x87\xCE\xE5\x4C\xBA\x37\x53\xB6\xA5\xDD\x6F\x0D\xFE" + "\x65\x71\xF0\x11\x5E\x87\x37\xB0\x71\x03\x10\x23\xB6\xBB\x0D\x79" + "\x86\x4C\x3F\x33\x16\x2E\x78\x26\x9C\xEE\x23\xFC\xE4\x7B\x91\xB4" + "\xFD\xF9\x1F\x98\x46\x4A\x1D\x21\xE7\x99\xD1\x7F\x76\xC1\xBB\x80" + "\x7D\xEE\x66\x7B\x0B\x27\x30\x54\xBE\x29\x82\x99\xBD\x12\xB7\xA8" + "\x0F\xB3\x54\xCE\x3E\x6D\x1A\xCF\x98\x44\x38\x79\xA5\x54\xEC\xA6" + "\xB9\x6D\xF0\x61\xD0\x4A\x11\x7C\x98\xAE\xEC\x1C\xDE\x1A\xFA\x9C" + "\xEF\x62\xDD\x68\x6D\xA9\x1B\xB2\xB1\xF1\x23\x79\xBB\xDC\x9F\xA3" + "\x2A\x6B\x69\x98\xB7\x7E\x8E\xB0\xB5\x05\x07\x86\x2A\xFA\x77\x99" + "\xD0\x18\xE2\x72\x09\x1F\x51\xCA\xDD\x81\xAD\xB5\x87\xEF\x67\xBA" + "\x67\x61\x8C\x45\xD1\xF3\xD5\x59\xDB\xD2\x99\xAB\xC2\x6E\xC7\x12" + "\xDA\x8F\xA3\x4B\xA3\x3B\xFF\x40\x0D\x1F\x0F\x8B\x63\x45\xCF\x57" + "\x26\x9B\x85\x85\x78\xC0\x07\x2A\x91\xA6\x3E\xF8\x5F\x9D\x37\x89" + "\x00\xCD\x1A\x55\xD2\xBD\x46\x30\xDB\x82\x9E\xB4\x84\xD8\x9C\xE7" + "\xA4\x14\xAC\xA1\x73\xC5\x25\x34\xAD\x5F\x93\x55\xE8\x0E\x39\x5E" + "\x79\x15\x6D\x75\x1A\x93\x0F\x7F\x8B\x5D\x9F\x4D\x5A\x2C\x9A\x75" + "\x37\x23\x08\x3C\x5E\x8E\xC6\xCB\x24\xD8\xEF\x93\xC8\xFE\xF2\xD1" + "\xBE\x4E\xCA\x22\x2C\x6E\x6C\x2A\xCF\xD6\x84\x89\x3C\xEA\x65\xCB" + "\xF5\xB0\x96\xB3\xD8\x66\x00\x71\x36\x12\x6A\x33\xEF\x49\x6B\xF2" + "\x31\x0F\x29\x3B\xFA\x4C\x93\xAB\x82\x68\x21\xE2\xB9\x32\x59\xC4" + "\x64\xE0\xAE\xB0\x6D\x6D\xF8\xFF\xA3\x0B\x1C\x1E\x7E\x38\x4C\x7E" + "\x42\x7A\x2B\xA3\xD9\x9F\xF8\xA6\x66\x38\x0C\x5C\x1B\x67\x8F\x74" + "\x2C\x57\xB0\xC3\xB0\x88\x49\xFD\x65\x30\x0D\xF1\x34\x99\xDD\x89" + "\x4E\xFC\x33\x11\x6E\x7D\x07\x74\x06\x43\x31\xFD\xD4\x07\x48\x74" + "\x17\xD1\x3B\xBA\x42\x85\x29\x9A\xF6\x50\xD3\x06\x5D\x95\x11\x31" +}; + +xof_test_vector_t shake_256_136 = { + .alg = XOF_SHAKE_256, .len = 136, + .seed = "\xB3\x2D\x95\xB0\xB9\xAA\xD2\xA8\x81\x6D\xE6\xD0\x6D\x1F\x86\x00" + "\x85\x05\xBD\x8C\x14\x12\x4F\x6E\x9A\x16\x3B\x5A\x2A\xDE\x55\xF8" + "\x35\xD0\xEC\x38\x80\xEF\x50\x70\x0D\x3B\x25\xE4\x2C\xC0\xAF\x05" + "\x0C\xCD\x1B\xE5\xE5\x55\xB2\x30\x87\xE0\x4D\x7B\xF9\x81\x36\x22" + "\x78\x0C\x73\x13\xA1\x95\x4F\x87\x40\xB6\xEE\x2D\x3F\x71\xF7\x68" + "\xDD\x41\x7F\x52\x04\x82\xBD\x3A\x08\xD4\xF2\x22\xB4\xEE\x9D\xBD" + "\x01\x54\x47\xB3\x35\x07\xDD\x50\xF3\xAB\x42\x47\xC5\xDE\x9A\x8A" + "\xBD\x62\xA8\xDE\xCE\xA0\x1E\x3B\x87\xC8\xB9\x27\xF5\xB0\x8B\xEB" + "\x37\x67\x4C\x6F\x8E\x38\x0C\x04", + .out_len = 512, + .out = "\xCC\x2E\xAA\x04\xEE\xF8\x47\x9C\xDA\xE8\x56\x6E\xB8\xFF\xA1\x10" + "\x0A\x40\x79\x95\xBF\x99\x9A\xE9\x7E\xDE\x52\x66\x81\xDC\x34\x90" + "\x61\x6F\x28\x44\x2D\x20\xDA\x92\x12\x4C\xE0\x81\x58\x8B\x81\x49" + "\x1A\xED\xF6\x5C\xAA\xF0\xD2\x7E\x82\xA4\xB0\xE1\xD1\xCA\xB2\x38" + "\x33\x32\x8F\x1B\x8D\xA4\x30\xC8\xA0\x87\x66\xA8\x63\x70\xFA\x84" + "\x8A\x79\xB5\x99\x8D\xB3\xCF\xFD\x05\x7B\x96\xE1\xE2\xEE\x0E\xF2" + "\x29\xEC\xA1\x33\xC1\x55\x48\xF9\x83\x99\x02\x04\x37\x30\xE4\x4B" + "\xC5\x2C\x39\xFA\xDC\x1D\xDE\xEA\xD9\x5F\x99\x39\xF2\x20\xCA\x30" + "\x06\x61\x54\x0D\xF7\xED\xD9\xAF\x37\x8A\x5D\x4A\x19\xB2\xB9\x3E" + "\x6C\x78\xF4\x9C\x35\x33\x43\xA0\xB5\xF1\x19\x13\x2B\x53\x12\xD0" + "\x04\x83\x1D\x01\x76\x9A\x31\x6D\x2F\x51\xBF\x64\xCC\xB2\x0A\x21" + "\xC2\xCF\x7A\xC8\xFB\x6F\x6E\x90\x70\x61\x26\xBD\xAE\x06\x11\xDD" + "\x13\x96\x2E\x8B\x53\xD6\xEA\xE2\x6C\x7B\x0D\x25\x51\xDA\xF6\x24" + "\x8E\x9D\x65\x81\x73\x82\xB0\x4D\x23\x39\x2D\x10\x8E\x4D\x34\x43" + "\xDE\x5A\xDC\x72\x73\xC7\x21\xA8\xF8\x32\x0E\xCF\xE8\x17\x7A\xC0" + "\x67\xCA\x8A\x50\x16\x9A\x6E\x73\x00\x0E\xBC\xDC\x1E\x4E\xE6\x33" + "\x9F\xC8\x67\xC3\xD7\xAE\xAB\x84\x14\x63\x98\xD7\xBA\xDE\x12\x1D" + "\x19\x89\xFA\x45\x73\x35\x56\x4E\x97\x57\x70\xA3\xA0\x02\x59\xCA" + "\x08\x70\x61\x08\x26\x1A\xA2\xD3\x4D\xE0\x0F\x8C\xAC\x7D\x45\xD3" + "\x5E\x5A\xA6\x3E\xA6\x9E\x1D\x1A\x2F\x7D\xAB\x39\x00\xD5\x1E\x0B" + "\xC6\x53\x48\xA2\x55\x54\x00\x70\x39\xA5\x2C\x3C\x30\x99\x80\xD1" + "\x7C\xAD\x20\xF1\x15\x63\x10\xA3\x9C\xD3\x93\x76\x0C\xFE\x58\xF6" + "\xF8\xAD\xE4\x21\x31\x28\x82\x80\xA3\x5E\x1D\xB8\x70\x81\x83\xB9" + "\x1C\xFA\xF5\x82\x7E\x96\xB0\xF7\x74\xC4\x50\x93\xB4\x17\xAF\xF9" + "\xDD\x64\x17\xE5\x99\x64\xA0\x1B\xD2\xA6\x12\xFF\xCF\xBA\x18\xA0" + "\xF1\x93\xDB\x29\x7B\x9A\x6C\xC1\xD2\x70\xD9\x7A\xAE\x8F\x8A\x3A" + "\x6B\x26\x69\x5A\xB6\x64\x31\xC2\x02\xE1\x39\xD6\x3D\xD3\xA2\x47" + "\x78\x67\x6C\xEF\xE3\xE2\x1B\x02\xEC\x4E\x8F\x5C\xFD\x66\x58\x7A" + "\x12\xB4\x40\x78\xFC\xD3\x9E\xEE\x44\xBB\xEF\x4A\x94\x9A\x63\xC0" + "\xDF\xD5\x8C\xF2\xFB\x2C\xD5\xF0\x02\xE2\xB0\x21\x92\x66\xCF\xC0" + "\x31\x81\x74\x86\xDE\x70\xB4\x28\x5A\x8A\x70\xF3\xD3\x8A\x61\xD3" + "\x15\x5D\x99\xAA\xF4\xC2\x53\x90\xD7\x36\x45\xAB\x3E\x8D\x80\xF0" +}; + +xof_test_vector_t shake_256_255 = { + .alg = XOF_SHAKE_256, .len = 255, + .seed = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .out_len = 512, + .out = "\x8A\x51\x99\xB4\xA7\xE1\x33\xE2\x64\xA8\x62\x02\x72\x06\x55\x89" + "\x4D\x48\xCF\xF3\x44\xA9\x28\xCF\x83\x47\xF4\x83\x79\xCE\xF3\x47" + "\xDF\xC5\xBC\xFF\xAB\x99\xB2\x7B\x1F\x89\xAA\x27\x35\xE2\x3D\x30" + "\x08\x8F\xFA\x03\xB9\xED\xB0\x2B\x96\x35\x47\x0A\xB9\xF1\x03\x89" + "\x85\xD5\x5F\x9C\xA7\x74\x57\x2D\xD0\x06\x47\x0E\xA6\x51\x45\x46" + "\x96\x09\xF9\xFA\x08\x31\xBF\x1F\xFD\x84\x2D\xC2\x4A\xCA\xDE\x27" + "\xBD\x98\x16\xE3\xB5\xBF\x28\x76\xCB\x11\x22\x32\xA0\xEB\x44\x75" + "\xF1\xDF\xF9\xF5\xC7\x13\xD9\xFF\xD4\xCC\xB8\x9A\xE5\x60\x7F\xE3" + "\x57\x31\xDF\x06\x31\x79\x49\xEE\xF6\x46\xE9\x59\x1C\xF3\xBE\x53" + "\xAD\xD6\xB7\xDD\x2B\x60\x96\xE2\xB3\xFB\x06\xE6\x62\xEC\x8B\x2D" + "\x77\x42\x2D\xAA\xD9\x46\x3C\xD1\x55\x20\x4A\xCD\xBD\x38\xE3\x19" + "\x61\x3F\x39\xF9\x9B\x6D\xFB\x35\xCA\x93\x65\x16\x00\x66\xDB\x19" + "\x83\x58\x88\xC2\x24\x1F\xF9\xA7\x31\xA4\xAC\xBB\x56\x63\x72\x7A" + "\xAC\x34\xA4\x01\x24\x7F\xBA\xA7\x49\x9E\x7D\x5E\xE5\xB6\x9D\x31" + "\x02\x5E\x63\xD0\x4C\x35\xC7\x98\xBC\xA1\x26\x2D\x56\x73\xA9\xCF" + "\x09\x30\xB5\xAD\x89\xBD\x48\x55\x99\xDC\x18\x45\x28\xDA\x47\x90" + "\xF0\x88\xEB\xD1\x70\xB6\x35\xD9\x58\x16\x32\xD2\xFF\x90\xDB\x79" + "\x66\x5C\xED\x43\x00\x89\xAF\x13\xC9\xF2\x1F\x6D\x44\x3A\x81\x80" + "\x64\xF1\x7A\xEC\x9E\x9C\x54\x57\x00\x1F\xA8\xDC\x6A\xFB\xAD\xBE" + "\x31\x38\xF3\x88\xD8\x9D\x0E\x6F\x22\xF6\x66\x71\x25\x5B\x21\x07" + "\x54\xED\x63\xD8\x1D\xCE\x75\xCE\x8F\x18\x9B\x53\x4E\x6D\x6B\x35" + "\x39\xAA\x51\xE8\x37\xC4\x2D\xF9\xDF\x59\xC7\x1E\x61\x71\xCD\x49" + "\x02\xFE\x1B\xDC\x73\xFB\x17\x75\xB5\xC7\x54\xA1\xED\x4E\xA7\xF3" + "\x10\x5F\xC5\x43\xEE\x04\x18\xDA\xD2\x56\xF3\xF6\x11\x8E\xA7\x71" + "\x14\xA1\x6C\x15\x35\x5B\x42\x87\x7A\x1D\xB2\xA7\xDF\x0E\x15\x5A" + "\xE1\xD8\x67\x0A\xBC\xEC\x34\x50\xF4\xE2\xEE\xC9\x83\x8F\x89\x54" + "\x23\xEF\x63\xD2\x61\x13\x8B\xAA\xF5\xD9\xF1\x04\xCB\x5A\x95\x7A" + "\xEA\x06\xC0\xB9\xB8\xC7\x8B\x0D\x44\x17\x96\xDC\x03\x50\xDD\xEA" + "\xBB\x78\xA3\x3B\x6F\x1F\x9E\x68\xED\xE3\xD1\x80\x5C\x7B\x7E\x2C" + "\xFD\x54\xE0\xFA\xD6\x2F\x0D\x8C\xA6\x7A\x77\x5D\xC4\x54\x6A\xF9" + "\x09\x6F\x2E\xDB\x22\x1D\xB4\x28\x43\xD6\x53\x27\x86\x12\x82\xDC" + "\x94\x6A\x0B\xA0\x1A\x11\x86\x3A\xB2\xD1\xDF\xD1\x6E\x39\x73\xD4" +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 0505e2c40..c4d71848d 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -24,6 +24,7 @@ #define TEST_VECTOR_SIGNER(x) extern signer_test_vector_t x; #define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x; #define TEST_VECTOR_PRF(x) extern prf_test_vector_t x; +#define TEST_VECTOR_XOF(x) extern xof_test_vector_t x; #define TEST_VECTOR_RNG(x) extern rng_test_vector_t x; #define TEST_VECTOR_DH(x) extern dh_test_vector_t x; @@ -34,6 +35,7 @@ #undef TEST_VECTOR_SIGNER #undef TEST_VECTOR_HASHER #undef TEST_VECTOR_PRF +#undef TEST_VECTOR_XOF #undef TEST_VECTOR_RNG #undef TEST_VECTOR_DH @@ -42,6 +44,7 @@ #define TEST_VECTOR_SIGNER(x) #define TEST_VECTOR_HASHER(x) #define TEST_VECTOR_PRF(x) +#define TEST_VECTOR_XOF(x) #define TEST_VECTOR_RNG(x) #define TEST_VECTOR_DH(x) @@ -86,6 +89,14 @@ static prf_test_vector_t *prf[] = { #undef TEST_VECTOR_PRF #define TEST_VECTOR_PRF(x) +#undef TEST_VECTOR_XOF +#define TEST_VECTOR_XOF(x) &x, +static xof_test_vector_t *xof[] = { +#include "test_vectors.h" +}; +#undef TEST_VECTOR_XOF +#define TEST_VECTOR_XOF(x) + #undef TEST_VECTOR_RNG #define TEST_VECTOR_RNG(x) &x, static rng_test_vector_t *rng[] = { @@ -181,6 +192,11 @@ plugin_t *test_vectors_plugin_create() lib->crypto->add_test_vector(lib->crypto, PSEUDO_RANDOM_FUNCTION, prf[i]); } + for (i = 0; i < countof(xof); i++) + { + lib->crypto->add_test_vector(lib->crypto, + EXTENDED_OUTPUT_FUNCTION, xof[i]); + } for (i = 0; i < countof(rng); i++) { lib->crypto->add_test_vector(lib->crypto, diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index ea27fd384..665f77006 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/unbound/unbound_response.c b/src/libstrongswan/plugins/unbound/unbound_response.c index 6f6c25e89..950df344c 100644 --- a/src/libstrongswan/plugins/unbound/unbound_response.c +++ b/src/libstrongswan/plugins/unbound/unbound_response.c @@ -189,7 +189,7 @@ unbound_response_t *unbound_response_create_frm_libub_response( */ rr_list = linked_list_create(); - orig_rr_list = ldns_pkt_get_section_clone(dns_pkt, LDNS_SECTION_ANSWER); + orig_rr_list = ldns_pkt_answer(dns_pkt); orig_rr_count = ldns_rr_list_rr_count(orig_rr_list); for (i = 0; i < orig_rr_count; i++) @@ -253,7 +253,6 @@ unbound_response_t *unbound_response_create_frm_libub_response( this->rr_set = rr_set_create(rr_list, rrsig_list); ldns_pkt_free(dns_pkt); - ldns_rr_list_free(orig_rr_list); } return &this->public; } diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.c b/src/libstrongswan/plugins/unbound/unbound_rr.c index fc69eed00..91b5cdb33 100644 --- a/src/libstrongswan/plugins/unbound/unbound_rr.c +++ b/src/libstrongswan/plugins/unbound/unbound_rr.c @@ -154,11 +154,13 @@ unbound_rr_t *unbound_rr_create_frm_ldns_rr(ldns_rr *rr) if (status != LDNS_STATUS_OK) { DBG1(DBG_LIB, "failed to get the RDATA field of a DNS RR"); + ldns_buffer_free(buf); _destroy(this); return NULL; } this->rdata = ldns_buffer_export(buf); + ldns_buffer_free(buf); return &this->public; } diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index 0bf311c38..672ff5f4c 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 6288e0f40..c96dac089 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 98fad6f8f..44021e4cd 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c index b7628501a..df6066b19 100644 --- a/src/libstrongswan/processing/watcher.c +++ b/src/libstrongswan/processing/watcher.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * @@ -27,6 +30,7 @@ #include typedef struct private_watcher_t private_watcher_t; +typedef struct entry_t entry_t; /** * Private data of an watcher_t object. @@ -39,9 +43,19 @@ struct private_watcher_t { watcher_t public; /** - * List of registered FDs, as entry_t + * List of registered FDs */ - linked_list_t *fds; + entry_t *fds; + + /** + * Last registered FD + */ + entry_t *last; + + /** + * Number of registered FDs + */ + u_int count; /** * Pending update of FD list? @@ -77,7 +91,7 @@ struct private_watcher_t { /** * Entry for a registered file descriptor */ -typedef struct { +struct entry_t { /** file descriptor */ int fd; /** events to watch */ @@ -88,7 +102,53 @@ typedef struct { void *data; /** callback(s) currently active? */ int in_callback; -} entry_t; + /** next registered fd */ + entry_t *next; +}; + +/** + * Adds the given entry at the end of the list + */ +static void add_entry(private_watcher_t *this, entry_t *entry) +{ + if (this->last) + { + this->last->next = entry; + this->last = entry; + } + else + { + this->fds = this->last = entry; + } + this->count++; +} + +/** + * Removes and frees the given entry + * + * Updates the previous entry and returns the next entry in the list, if any. + */ +static entry_t *remove_entry(private_watcher_t *this, entry_t *entry, + entry_t *prev) +{ + entry_t *next = entry->next; + + if (prev) + { + prev->next = next; + } + else + { + this->fds = next; + } + if (this->last == entry) + { + this->last = prev; + } + this->count--; + free(entry); + return next; +} /** * Data we pass on for an async notification @@ -153,13 +213,11 @@ static job_requeue_t notify_async(notify_data_t *data) static void notify_end(notify_data_t *data) { private_watcher_t *this = data->this; - enumerator_t *enumerator; - entry_t *entry; + entry_t *entry, *prev = NULL; /* reactivate the disabled entry */ this->mutex->lock(this->mutex); - enumerator = this->fds->create_enumerator(this->fds); - while (enumerator->enumerate(enumerator, &entry)) + for (entry = this->fds; entry; prev = entry, entry = entry->next) { if (entry->fd == data->fd) { @@ -168,8 +226,7 @@ static void notify_end(notify_data_t *data) entry->events &= ~data->event; if (!entry->events) { - this->fds->remove_at(this->fds, enumerator); - free(entry); + remove_entry(this, entry, prev); break; } } @@ -177,8 +234,6 @@ static void notify_end(notify_data_t *data) break; } } - enumerator->destroy(enumerator); - update(this); this->condvar->broadcast(this->condvar); this->mutex->unlock(this->mutex); @@ -219,19 +274,16 @@ static void notify(private_watcher_t *this, entry_t *entry, */ static void activate_all(private_watcher_t *this) { - enumerator_t *enumerator; entry_t *entry; /* When the watcher thread gets cancelled, we have to reactivate any entry * and signal threads in remove() to go on. */ this->mutex->lock(this->mutex); - enumerator = this->fds->create_enumerator(this->fds); - while (enumerator->enumerate(enumerator, &entry)) + for (entry = this->fds; entry; entry = entry->next) { entry->in_callback = 0; } - enumerator->destroy(enumerator); this->state = WATCHER_STOPPED; this->condvar->broadcast(this->condvar); this->mutex->unlock(this->mutex); @@ -240,7 +292,7 @@ static void activate_all(private_watcher_t *this) /** * Find flagged revents in a pollfd set by fd */ -static int find_revents(struct pollfd *pfd, int count, int fd) +static inline int find_revents(struct pollfd *pfd, int count, int fd) { int i; @@ -257,7 +309,8 @@ static int find_revents(struct pollfd *pfd, int count, int fd) /** * Check if entry is waiting for a specific event, and if it got signaled */ -static bool entry_ready(entry_t *entry, watcher_event_t event, int revents) +static inline bool entry_ready(entry_t *entry, watcher_event_t event, + int revents) { if (entry->events & event) { @@ -279,7 +332,6 @@ static bool entry_ready(entry_t *entry, watcher_event_t event, int revents) */ static job_requeue_t watch(private_watcher_t *this) { - enumerator_t *enumerator; entry_t *entry; struct pollfd *pfd; int count = 0, res; @@ -287,8 +339,8 @@ static job_requeue_t watch(private_watcher_t *this) this->mutex->lock(this->mutex); - count = this->fds->get_count(this->fds); - if (count == 0) + count = this->count; + if (!count) { this->state = WATCHER_STOPPED; this->mutex->unlock(this->mutex); @@ -304,8 +356,7 @@ static job_requeue_t watch(private_watcher_t *this) pfd[0].events = POLLIN; count = 1; - enumerator = this->fds->create_enumerator(this->fds); - while (enumerator->enumerate(enumerator, &entry)) + for (entry = this->fds; entry; entry = entry->next) { if (!entry->in_callback) { @@ -329,7 +380,6 @@ static job_requeue_t watch(private_watcher_t *this) count++; } } - enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); while (!rebuild) @@ -378,8 +428,7 @@ static job_requeue_t watch(private_watcher_t *this) } this->mutex->lock(this->mutex); - enumerator = this->fds->create_enumerator(this->fds); - while (enumerator->enumerate(enumerator, &entry)) + for (entry = this->fds; entry; entry = entry->next) { if (entry->in_callback) { @@ -406,7 +455,6 @@ static job_requeue_t watch(private_watcher_t *this) } } } - enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); if (this->jobs->get_count(this->jobs)) @@ -446,7 +494,7 @@ METHOD(watcher_t, add, void, ); this->mutex->lock(this->mutex); - this->fds->insert_last(this->fds, entry); + add_entry(this, entry); if (this->state == WATCHER_STOPPED) { this->state = WATCHER_QUEUED; @@ -464,16 +512,15 @@ METHOD(watcher_t, add, void, METHOD(watcher_t, remove_, void, private_watcher_t *this, int fd) { - enumerator_t *enumerator; - entry_t *entry; + entry_t *entry, *prev = NULL; this->mutex->lock(this->mutex); while (TRUE) { bool is_in_callback = FALSE; - enumerator = this->fds->create_enumerator(this->fds); - while (enumerator->enumerate(enumerator, &entry)) + entry = this->fds; + while (entry) { if (entry->fd == fd) { @@ -482,11 +529,12 @@ METHOD(watcher_t, remove_, void, is_in_callback = TRUE; break; } - this->fds->remove_at(this->fds, enumerator); - free(entry); + entry = remove_entry(this, entry, prev); + continue; } + prev = entry; + entry = entry->next; } - enumerator->destroy(enumerator); if (!is_in_callback) { break; @@ -515,7 +563,6 @@ METHOD(watcher_t, destroy, void, { this->mutex->destroy(this->mutex); this->condvar->destroy(this->condvar); - this->fds->destroy(this->fds); if (this->notify[0] != -1) { close(this->notify[0]); @@ -590,7 +637,6 @@ watcher_t *watcher_create() .get_state = _get_state, .destroy = _destroy, }, - .fds = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), .jobs = linked_list_create(), diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 4e5321755..51ba9c0d1 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -390,7 +390,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -424,8 +423,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -479,6 +476,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c index e046725b8..139b73021 100644 --- a/src/libstrongswan/tests/suites/test_auth_cfg.c +++ b/src/libstrongswan/tests/suites/test_auth_cfg.c @@ -22,19 +22,19 @@ struct { signature_scheme_t sig[5]; signature_scheme_t ike[5]; } sig_constraints_tests[] = { - { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}}, - { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}}, + { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}}, + { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}}, { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}}, - { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }}, + { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, + { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}}, + { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }}, { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}}, + { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}}, { "rsa4096-sha256", {0}, {0}}, { "sha256", {0}, {0}}, { "ike:sha256", {0}, {0}}, diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c index 067abf0d9..de285ca09 100644 --- a/src/libstrongswan/tests/suites/test_hasher.c +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -87,29 +87,33 @@ typedef struct { }hasher_sig_scheme_t; static hasher_sig_scheme_t sig_schemes[] = { - { SIGN_UNKNOWN, HASH_UNKNOWN }, - { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, - { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, - { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 }, - { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 }, - { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 }, - { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 }, - { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 }, - { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, - { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, - { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, - { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 }, - { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN }, - { SIGN_ECDSA_256, HASH_SHA256 }, - { SIGN_ECDSA_384, HASH_SHA384 }, - { SIGN_ECDSA_521, HASH_SHA512 }, - { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 }, - { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 }, - { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 }, - { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 }, - { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 }, - { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, - { 30, HASH_UNKNOWN } + { SIGN_UNKNOWN, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, + { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 }, + { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, + { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, + { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, + { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 }, + { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN }, + { SIGN_ECDSA_256, HASH_SHA256 }, + { SIGN_ECDSA_384, HASH_SHA384 }, + { SIGN_ECDSA_521, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 }, + { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 }, + { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 }, + { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 }, + { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, + { 30, HASH_UNKNOWN } }; START_TEST(test_hasher_from_sig_scheme) diff --git a/src/libstrongswan/tests/suites/test_mgf1.c b/src/libstrongswan/tests/suites/test_mgf1.c index 9388b95d4..6945f5c7f 100644 --- a/src/libstrongswan/tests/suites/test_mgf1.c +++ b/src/libstrongswan/tests/suites/test_mgf1.c @@ -17,11 +17,12 @@ #include #include -#include -#include +#include +#include +#include typedef struct { - hash_algorithm_t alg; + ext_out_function_t alg; size_t hash_size; size_t ml1, ml2, ml3, seed_len; chunk_t seed; @@ -34,7 +35,7 @@ typedef struct { * MGF1 Mask Generation Function Test Vectors */ mgf1_test_t mgf1_tests[] = { - { HASH_SHA1, 20, 60, 20, 15, 24, + { XOF_MGF1_SHA1, 20, 60, 20, 15, 24, chunk_from_chars( 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D, 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D, @@ -73,7 +74,7 @@ mgf1_test_t mgf1_tests[] = { { 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403, 0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B }, }, - { HASH_SHA256, 32, 64, 32, 33, 40, + { XOF_MGF1_SHA256, 32, 64, 32, 33, 40, chunk_from_chars( 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53, 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69, @@ -127,6 +128,7 @@ mgf1_test_t mgf1_tests[] = { START_TEST(mgf1_test_mgf1) { + xof_t *xof; mgf1_t *mgf1; chunk_t mask, mask1, mask2, mask3; @@ -137,72 +139,88 @@ START_TEST(mgf1_test_mgf1) mask2.len = mgf1_tests[_i].ml2; mask3.len = mgf1_tests[_i].ml3; - mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE); - ck_assert(mgf1 == NULL); + /* unknown XOF */ + xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED); + ck_assert(xof == NULL); - mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE); - ck_assert(mgf1 == NULL); + /* create MGF1 XOF */ + xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg); + ck_assert(xof); - /* return mask in allocated chunk */ - mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE); - ck_assert(mgf1); + /* hash the seed */ + mgf1 = (mgf1_t*)xof; + mgf1->set_hash_seed(mgf1, TRUE); - /* check hash size */ - ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size); + /* check MGF1 type */ + ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg); - /* get zero number of octets */ - ck_assert(mgf1->allocate_mask(mgf1, 0, &mask)); + /* check seed size */ + ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size); + + /* check block size */ + ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size); + + /* empty seed */ + ck_assert(!xof->set_seed(xof, chunk_empty)); + + /* initialize MGF1 with non-empty seed */ + ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed)); + + /* allocate zero number of octets */ + ck_assert(xof->allocate_bytes(xof, 0, &mask)); ck_assert(mask.len == 0 && mask.ptr == NULL); - /* get non-zero number of octets */ - ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask)); + /* allocate non-zero number of octets */ + ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask)); ck_assert(chunk_equals(mask, mgf1_tests[_i].mask)); - mgf1->destroy(mgf1); + + /* re-initialize MGF1 with non-empty seed */ + ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed)); /* copy mask to pre-allocated buffer */ - mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE); - ck_assert(mgf1); - ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr)); + ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr)); ck_assert(chunk_equals(mask, mgf1_tests[_i].mask)); - mgf1->destroy(mgf1); - /* get mask in batches without hashing the seed */ - mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE); - ck_assert(mgf1); + /* do not hash the seed */ + mgf1->set_hash_seed(mgf1, FALSE); + + /* re-initialize MGF1 with non-empty seed */ + ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed)); /* first batch */ - ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr)); + ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr)); mask.len = mask1.len; ck_assert(chunk_equals(mask, mask1)); /* second batch */ - ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr)); + ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr)); mask.len = mask2.len; ck_assert(chunk_equals(mask, mask2)); /* third batch */ - ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr)); + ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr)); mask.len = mask3.len; ck_assert(chunk_equals(mask, mask3)); - mgf1->destroy(mgf1); + /* clean up */ + xof->destroy(xof); chunk_free(&mask); } END_TEST START_TEST(mgf1_test_bitspender) { - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; uint32_t bits; uint8_t byte; int j; - bitspender = mgf1_bitspender_create(HASH_UNKNOWN, - mgf1_tests[_i].hashed_seed, FALSE); + bitspender = xof_bitspender_create(XOF_UNDEFINED, + mgf1_tests[_i].hashed_seed, FALSE); ck_assert(bitspender == NULL); - bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg, - mgf1_tests[_i].hashed_seed, FALSE); + bitspender = xof_bitspender_create(mgf1_tests[_i].alg, + mgf1_tests[_i].hashed_seed, FALSE); ck_assert(bitspender); for (j = 0; j < 15; j++) diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c index 0a6d24d04..0b432e24c 100644 --- a/src/libstrongswan/tests/suites/test_ntru.c +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -17,7 +17,7 @@ #include #include -#include +#include #include #include #include @@ -28,10 +28,10 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*, uint32_t strength, chunk_t pers_str, rng_t *entropy) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, - size_t len, hash_algorithm_t alg, chunk_t seed) + size_t len, ext_out_function_t alg, chunk_t seed) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*, - hash_algorithm_t alg, chunk_t seed, uint8_t c_bits, + ext_out_function_t alg, chunk_t seed, uint8_t c_bits, uint16_t N, uint16_t q, uint32_t indices_len_p, uint32_t indices_len_m, bool is_product_form) @@ -329,7 +329,7 @@ typedef struct { } poly_test_t; typedef struct { - hash_algorithm_t alg; + ext_out_function_t alg; size_t hash_size; size_t seed_len; chunk_t seed; @@ -384,7 +384,7 @@ uint16_t indices_ees1171ep1[] = { * Trits and Polynomial Test Vectors */ static trits_test_t trits_tests[] = { - { HASH_SHA1, 20, 24, + { XOF_MGF1_SHA1, 20, 24, chunk_from_chars( 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D, 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D, @@ -432,7 +432,7 @@ static trits_test_t trits_tests[] = { } } }, - { HASH_SHA256, 32, 40, + { XOF_MGF1_SHA256, 32, 40, chunk_from_chars( 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53, 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69, @@ -501,7 +501,7 @@ START_TEST(test_ntru_trits) chunk_t trits; mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len, - HASH_UNKNOWN, trits_tests[_i].seed); + XOF_UNDEFINED, trits_tests[_i].seed); ck_assert(mask == NULL); mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len, @@ -539,7 +539,7 @@ START_TEST(test_ntru_poly) seed.len = trits_tests[_i].seed_len; p = &trits_tests[_i].poly_test[0]; - poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed, + poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed, p->c_bits, p->N, p->q, p->indices_len, p->indices_len, p->is_product_form); ck_assert(poly == NULL); diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 2c1c6fb8d..41e783521 100644 --- a/src/libstrongswan/tests/suites/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = { SIGN_RSA_EMSA_PKCS1_NULL, SIGN_RSA_EMSA_PKCS1_MD5, SIGN_RSA_EMSA_PKCS1_SHA1, - SIGN_RSA_EMSA_PKCS1_SHA224, - SIGN_RSA_EMSA_PKCS1_SHA256, - SIGN_RSA_EMSA_PKCS1_SHA384, - SIGN_RSA_EMSA_PKCS1_SHA512, + SIGN_RSA_EMSA_PKCS1_SHA2_224, + SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, }; /** diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 1eb3c8bc3..de7b470d2 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -858,15 +858,22 @@ static struct { int size; signature_scheme_t expected[4]; } scheme_data[] = { - {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, - {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, + {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, + SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, + {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, + SIGN_UNKNOWN }}, {KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, - {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, - {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, + SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, + SIGN_UNKNOWN }}, {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, }; diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index 824c88022..fabfaa8f8 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -46,7 +46,7 @@ TEST_SUITE(pen_suite_create) TEST_SUITE(asn1_suite_create) TEST_SUITE(asn1_parser_suite_create) TEST_SUITE(test_rng_suite_create) -TEST_SUITE_DEPEND(mgf1_sha1_suite_create, HASHER, HASH_SHA1) -TEST_SUITE_DEPEND(mgf1_sha256_suite_create, HASHER, HASH_SHA256) +TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1) +TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT) TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index d0f646c31..ad67c0380 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -494,7 +494,7 @@ static bool register_hooks() * List of functions using static allocation buffers or should be suppressed * otherwise on leak report. */ -char *whitelist[] = { +static char *whitelist[] = { /* backtraces, including own */ "backtrace_create", "strerror_safe", @@ -551,6 +551,15 @@ char *whitelist[] = { "xmlInitParserCtxt", /* libcurl */ "Curl_client_write", + /* libsoup */ + "soup_message_headers_append", + "soup_message_headers_clear", + "soup_message_headers_get_list", + "soup_message_headers_get_one", + "soup_session_abort", + "soup_session_get_type", + /* libldap */ + "ldap_int_initialize", /* ClearSilver */ "nerr_init", /* libgcrypt */ @@ -575,17 +584,28 @@ char *whitelist[] = { /* libapr */ "apr_pool_create_ex", /* glib */ + "g_output_stream_write", + "g_resolver_lookup_by_name", + "g_signal_connect_data", + "g_socket_connection_factory_lookup_type", "g_type_init_with_debug_flags", "g_type_register_static", "g_type_class_ref", "g_type_create_instance", "g_type_add_interface_static", "g_type_interface_add_prerequisite", - "g_socket_connection_factory_lookup_type", + "g_private_set", + "g_queue_pop_tail", /* libgpg */ "gpg_err_init", /* gnutls */ "gnutls_global_init", + /* Ada runtime */ + "system__tasking__initialize", + "system__tasking__initialization__abort_defer", + "system__tasking__stages__create_task", + /* in case external threads call into our code */ + "thread_current_id", }; /** diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index 18b17b120..0aed842b1 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -22,16 +22,20 @@ #ifndef UTILS_H_ #define UTILS_H_ +#define _GNU_SOURCE #include #include #include #include #include +#ifdef HAVE_SYS_PARAM_H +#include +#endif + #ifdef WIN32 # include "compat/windows.h" #else -# define _GNU_SOURCE # include # include # include diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h index 7c7e53420..0665ef363 100644 --- a/src/libstrongswan/utils/utils/byteorder.h +++ b/src/libstrongswan/utils/utils/byteorder.h @@ -44,6 +44,21 @@ #define BITFIELD5(t, a, b, c, d, e,...) struct { t e; t d; t c; t b; t a; __VA_ARGS__} #endif +#ifndef le16toh +# if BYTE_ORDER == BIG_ENDIAN +# define le16toh(x) __builtin_bswap16(x) +# else +# define le16toh(x) (x) +# endif +#endif +#ifndef htole16 +# if BYTE_ORDER == BIG_ENDIAN +# define htole16(x) __builtin_bswap16(x) +# else +# define htole16(x) (x) +# endif +#endif + #ifndef le32toh # if BYTE_ORDER == BIG_ENDIAN # define le32toh(x) __builtin_bswap32(x) @@ -176,6 +191,33 @@ static inline uint64_t untoh64(void *network) return be64toh(tmp); } +/** + * Read a 16-bit value in little-endian order from unaligned address. + * + * @param p unaligned address to read little endian value from + * @return host order value + */ +static inline uint16_t uletoh16(void *p) +{ + uint16_t ret; + + memcpy(&ret, p, sizeof(ret)); + ret = le16toh(ret); + return ret; +} + +/** + * Write a 16-bit value in little-endian to an unaligned address. + * + * @param p host order 16-bit value + * @param v unaligned address to write little endian value to + */ +static inline void htoule16(void *p, uint16_t v) +{ + v = htole16(v); + memcpy(p, &v, sizeof(v)); +} + /** * Read a 32-bit value in little-endian order from unaligned address. * diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 0bd5f741e..ca49a0a73 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -403,7 +403,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -437,8 +436,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -492,6 +489,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index e00de3f47..7d8975adf 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -347,7 +347,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -381,8 +380,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -436,6 +433,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 6bbd95873..84b511f53 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1215,16 +1215,16 @@ static struct { tls_hash_algorithm_t hash; signature_scheme_t scheme; } schemes[] = { - { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER }, - { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER }, - { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER }, - { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER }, - { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA256 }, - { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA384 }, - { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA512 }, - { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA224 }, - { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 }, - { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 }, + { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER }, + { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER }, + { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER }, + { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER }, + { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA2_256 }, + { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA2_384 }, + { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA2_512 }, + { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA2_224 }, + { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 }, + { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 }, }; METHOD(tls_crypto_t, get_signature_algorithms, void, diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index af02b7549..1f4f22fb6 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -407,7 +407,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -441,8 +440,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -496,6 +493,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index d93bded57..f8797f3eb 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index 3987e79cf..811dd0ad0 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -445,6 +442,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index b4357b911..048c7cdc3 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index 653e1f4d4..2580d2f09 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -365,7 +365,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -399,8 +398,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -454,6 +451,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 1a50c7b23..43ab69a7b 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -368,7 +368,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -402,8 +401,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -457,6 +454,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 59efdbb9b..0d9a6414e 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -444,6 +441,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 9d7ba9a1a..d3c74a22c 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -317,7 +317,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -351,8 +350,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -406,6 +403,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am index 8fcb44f6a..e2c159710 100644 --- a/src/libtpmtss/Makefile.am +++ b/src/libtpmtss/Makefile.am @@ -1,6 +1,9 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ + $(tss2_CFLAGS) + AM_LDFLAGS = \ -no-undefined @@ -16,7 +19,7 @@ libtpmtss_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la if USE_TSS2 -libtpmtss_la_LIBADD += -ltctisocket -ltss2 +libtpmtss_la_LIBADD += $(tss2_LIBS) endif if USE_TROUSERS diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in index fcee04fc3..46d8cf6a7 100644 --- a/src/libtpmtss/Makefile.in +++ b/src/libtpmtss/Makefile.in @@ -88,7 +88,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@USE_TSS2_TRUE@am__append_1 = -ltctisocket -ltss2 +@USE_TSS2_TRUE@am__append_1 = $(tss2_LIBS) @USE_TROUSERS_TRUE@am__append_2 = -ltspi subdir = src/libtpmtss ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -139,9 +139,10 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(ipseclibdir)" LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = +@USE_TSS2_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) libtpmtss_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \ tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS) @@ -350,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,12 +437,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ + $(tss2_CFLAGS) + AM_LDFLAGS = \ -no-undefined diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c index 39d9f2e4d..d0f76ac45 100644 --- a/src/libtpmtss/tpm_tss_tss2.c +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -22,8 +22,8 @@ #include #include -#include -#include +#include +#include #define LABEL "TPM 2.0 -" @@ -276,7 +276,8 @@ static void finalize_context(private_tpm_tss_tss2_t *this) { if (this->tcti_context) { - TeardownSocketTcti(this->tcti_context); + tss2_tcti_finalize(this->tcti_context); + free(this->tcti_context); } if (this->sys_context) { diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names.c index 9185aa374..a613ac566 100644 --- a/src/libtpmtss/tpm_tss_tss2_names.c +++ b/src/libtpmtss/tpm_tss_tss2_names.c @@ -17,7 +17,7 @@ #ifdef TSS_TSS2 -#include +#include #ifndef TPM_ALG_ECMQV #define TPM_ALG_ECMQV (TPM_ALG_ID)0x001D diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index a1ad709f4..90e2d5ea0 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -369,7 +369,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -403,8 +402,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -458,6 +455,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 44ed9f82f..bd88b0da5 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -358,7 +358,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -392,8 +391,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -447,6 +444,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 7b900f238..d9ffbf8cf 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -371,7 +371,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -405,8 +404,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -460,6 +457,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index fdc43d705..b15f90199 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -117,6 +117,11 @@ static int issue() type = CRED_PRIVATE_KEY; subtype = KEY_BLISS; } + else if (streq(arg, "priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ANY; + } else if (!streq(arg, "pub")) { error = "invalid input type"; @@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { issue, 'i', "issue", "issue a certificate using a CA certificate and key", - {"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex", + {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex", " --cacert file [--dn subject-dn] [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--pathlen len]", "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+", diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 3bc62e74d..f79120b31 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -26,7 +26,7 @@ static int keyid() { credential_type_t type = CRED_PRIVATE_KEY; - int subtype = KEY_RSA; + int subtype = KEY_ANY; certificate_t *cert; private_key_t *private; public_key_t *public; @@ -42,21 +42,29 @@ static int keyid() case 'h': return command_usage(NULL); case 't': - if (streq(arg, "rsa-priv")) + if (streq(arg, "rsa") || + streq(arg, "rsa-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_RSA; } - else if (streq(arg, "ecdsa-priv")) + else if (streq(arg, "ecdsa") || + streq(arg, "ecdsa-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_ECDSA; } - else if (streq(arg, "bliss-priv")) + else if (streq(arg, "bliss") || + streq(arg, "bliss-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_BLISS; } + else if (streq(arg, "priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ANY; + } else if (streq(arg, "pub")) { type = CRED_PUBLIC_KEY; @@ -169,11 +177,11 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { keyid, 'k', "keyid", "calculate key identifiers of a key/certificate", - {"[--in file] [--type rsa-priv|ecdsa-priv|bliss-priv|pub|pkcs10|x509]"}, + {"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, - {"type", 't', 1, "type of key, default: rsa-priv"}, + {"type", 't', 1, "type of key, default: priv"}, } }); } diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index c367a21a9..8cb0a7b5d 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -89,17 +89,25 @@ static int print() type = CRED_CERTIFICATE; subtype = CERT_TRUSTED_PUBKEY; } - else if (streq(arg, "rsa-priv")) + else if (streq(arg, "priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ANY; + } + else if (streq(arg, "rsa") || + streq(arg, "rsa-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_RSA; } - else if (streq(arg, "ecdsa-priv")) + else if (streq(arg, "ecdsa") || + streq(arg, "ecdsa-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_ECDSA; } - else if (streq(arg, "bliss-priv")) + else if (streq(arg, "bliss") || + streq(arg, "bliss-priv")) { type = CRED_PRIVATE_KEY; subtype = KEY_BLISS; @@ -173,7 +181,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { print, 'a', "print", "print a credential in a human readable form", - {"[--in file] [--type rsa-priv|ecdsa-priv|bliss-priv|pub|x509|crl|ac]"}, + {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index ccc3c4251..1d876f6f7 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -28,7 +28,7 @@ static int pub() { cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER; credential_type_t type = CRED_PRIVATE_KEY; - int subtype = KEY_RSA; + int subtype = KEY_ANY; certificate_t *cert; private_key_t *private; public_key_t *public; @@ -59,6 +59,11 @@ static int pub() type = CRED_PRIVATE_KEY; subtype = KEY_BLISS; } + else if (streq(arg, "priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ANY; + } else if (streq(arg, "pub")) { type = CRED_PUBLIC_KEY; @@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { pub, 'p', "pub", "extract the public key from a private key/certificate", - {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]", + {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]", "[--outform der|pem|dnskey|sshkey]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, {"keyid", 'x', 1, "keyid on smartcard of private key"}, - {"type", 't', 1, "type of credential, default: rsa"}, + {"type", 't', 1, "type of credential, default: priv"}, {"outform", 'f', 1, "encoding of extracted public key, default: der"}, } }); diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 68d611250..23d07a28d 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -30,7 +30,7 @@ static int req() { cred_encoding_type_t form = CERT_ASN1_DER; - key_type_t type = KEY_RSA; + key_type_t type = KEY_ANY; hash_algorithm_t digest = HASH_UNKNOWN; certificate_t *cert = NULL; private_key_t *private = NULL; @@ -62,6 +62,10 @@ static int req() { type = KEY_BLISS; } + else if (streq(arg, "priv")) + { + type = KEY_ANY; + } else { error = "invalid input type"; @@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { req, 'r', "req", "create a PKCS#10 certificate request", - {" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name", + {" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name", "[--san subjectAltName]+ [--password challengePassword]", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "private key input file, default: stdin"}, - {"type", 't', 1, "type of input key, default: rsa"}, + {"type", 't', 1, "type of input key, default: priv"}, {"dn", 'd', 1, "subject distinguished name"}, {"san", 'a', 1, "subjectAltName to include in cert request"}, {"password",'p', 1, "challengePassword to include in cert request"}, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index f4e83c76c..6fb7b75ae 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -94,6 +94,10 @@ static int self() { type = KEY_BLISS; } + else if (streq(arg, "priv")) + { + type = KEY_ANY; + } else { error = "invalid input type"; @@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { self, 's', "self", "create a self signed certificate", - {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]", + {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+", @@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg() {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "private key input file, default: stdin"}, {"keyid", 'x', 1, "keyid on smartcard of private key"}, - {"type", 't', 1, "type of input key, default: rsa"}, + {"type", 't', 1, "type of input key, default: priv"}, {"dn", 'd', 1, "subject and issuer distinguished name"}, {"san", 'a', 1, "subjectAltName to include in certificate"}, {"lifetime", 'l', 1, "days the certificate is valid, default: 1095"}, diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 6c27289f9..b9cf9c466 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -369,18 +369,22 @@ static int sign_crl() } else { - crl_serial = chunk_from_chars(0x00); + if (!crl_serial.ptr) + { + crl_serial = chunk_from_chars(0x00); + } lastenum = enumerator_create_empty(); } - /* remove superfluous leading zeros */ - while (crl_serial.len > 1 && crl_serial.ptr[0] == 0x00 && - (crl_serial.ptr[1] & 0x80) == 0x00) + if (!crl_serial.len || crl_serial.ptr[0] & 0x80) + { /* add leading 0x00 to handle potential overflow if serial is encoded + * incorrectly */ + crl_serial = chunk_cat("cc", chunk_from_chars(0x00), crl_serial); + } + else { - crl_serial = chunk_skip_zero(crl_serial); + crl_serial = chunk_clone(crl_serial); } - crl_serial = chunk_clone(crl_serial); - /* increment the serial number by one */ chunk_increment(crl_serial); diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index 8cc633a95..dd667fb34 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -59,6 +60,18 @@ static int verify() has_ca = TRUE; creds->add_cert(creds, TRUE, cert); continue; + case 'l': + cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509_CRL, + BUILD_FROM_FILE, arg, BUILD_END); + if (!cert) + { + fprintf(stderr, "parsing CRL failed\n"); + goto end; + } + online = TRUE; + creds->add_crl(creds, (crl_t*)cert); + continue; case 'o': online = TRUE; continue; @@ -173,11 +186,12 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { verify, 'v', "verify", "verify a certificate using the CA certificate", - {"[--in file] [--cacert file]"}, + {"[--in file] [--cacert file] [--crl file]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "X.509 certificate to verify, default: stdin"}, {"cacert", 'c', 1, "CA certificate for trustchain verification"}, + {"crl", 'l', 1, "CRL for trustchain verification"}, {"online", 'o', 0, "enable online CRL/OCSP revocation checking"}, } }); diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index 982a1175f..030d6be53 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -308,7 +308,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -342,8 +341,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -397,6 +394,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 20238b73d..bfc7bb1a5 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the key/request is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key), -\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request), -defaults to \fIpub\fR. +Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key), +\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS +private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to +\fIpub\fR. .TP .BI "\-k, \-\-cakey " file CA private key file. Either this or diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in index 490f7afea..c69f7cbc7 100644 --- a/src/pki/man/pki---keyid.1.in +++ b/src/pki/man/pki---keyid.1.in @@ -44,9 +44,10 @@ Read command line options from \fIfile\fR. Input file. If not given the input is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA -private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate -request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR. +Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key), +\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key), +\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request), +\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR. . .SH "EXAMPLES" . diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in index 434d4ea16..09f81cdaa 100644 --- a/src/pki/man/pki---print.1.in +++ b/src/pki/man/pki---print.1.in @@ -44,10 +44,11 @@ Read command line options from \fIfile\fR. Input file. If not given the input is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA -private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR -(Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate), -defaults to \fIx509\fR. +Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate +Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key), +\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private +key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to +\fIx509\fR. . .SH "SEE ALSO" . diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in index c57e03a40..fe6c520f4 100644 --- a/src/pki/man/pki---pub.1.in +++ b/src/pki/man/pki---pub.1.in @@ -47,10 +47,9 @@ Read command line options from \fIfile\fR. Input file. If not given the input is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA -private key), \fIpub\fR (public key), -\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate), -defaults to \fIrsa\fR. +Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key), +\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 +certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR. .TP .BI "\-f, \-\-outform " encoding Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in index a6f6a480a..4a39c5c94 100644 --- a/src/pki/man/pki---req.1.in +++ b/src/pki/man/pki---req.1.in @@ -49,7 +49,8 @@ Read command line options from \fIfile\fR. Private key input file. If not given the key is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR, +defaults to \fIpriv\fR. .TP .BI "\-d, \-\-dn " distinguished-name Subject distinguished name (DN). Required. diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in index 53f53f816..9461e3eff 100644 --- a/src/pki/man/pki---self.1.in +++ b/src/pki/man/pki---self.1.in @@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR. Key ID of a private key on a smartcard. .TP .BI "\-t, \-\-type " type -Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR, +defaults to \fIpriv\fR. .TP .BI "\-d, \-\-dn " distinguished-name Subject and issuer distinguished name (DN). Required. diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in index dd0c0e928..74adaf150 100644 --- a/src/pki/man/pki---verify.1.in +++ b/src/pki/man/pki---verify.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-VERIFY" 1 "2016-08-19" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -9,6 +9,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate .SY pki\ \-\-verify .OP \-\-in file .OP \-\-cacert file +.OP \-\-crl file .OP \-\-debug level .OP \-\-online .YS @@ -48,6 +49,9 @@ X.509 certificate to verify. If not given it is read from \fISTDIN\fR. CA certificate to use for trustchain verification. If not given the certificate is assumed to be self\-signed. .TP +.BI "\-l, \-\-crl " file +Local CRL to use for trustchain verification. Implies \fB-o\fR. +.TP .BI "\-o, \-\-online Enable online CRL/OCSP revocation checking. . diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 8b73403e7..9ad2445cb 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,6 +439,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pool/pool.c b/src/pool/pool.c index 265974860..cd9fb6293 100644 --- a/src/pool/pool.c +++ b/src/pool/pool.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2011-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -23,6 +24,7 @@ #include #include +#include #include #include #include @@ -586,11 +588,11 @@ static void resize(char *name, host_t *end) /** * create the lease query using the filter string */ -static enumerator_t *create_lease_query(char *filter) +static enumerator_t *create_lease_query(char *filter, array_t **to_free) { enumerator_t *query; - identification_t *id = NULL; - host_t *addr = NULL; + chunk_t id_chunk = chunk_empty, addr_chunk = chunk_empty; + id_type_t id_type = 0; u_int tstamp = 0; bool online = FALSE, valid = FALSE, expired = FALSE; char *value, *pos, *pool = NULL; @@ -635,18 +637,29 @@ static enumerator_t *create_lease_query(char *filter) case FIL_ID: if (value) { + identification_t *id; + id = identification_create_from_string(value); + id_type = id->get_type(id); + id_chunk = chunk_clone(id->get_encoding(id)); + array_insert_create(to_free, ARRAY_TAIL, id_chunk.ptr); + id->destroy(id); } break; case FIL_ADDR: if (value) { + host_t *addr; + addr = host_create_from_string(value, 0); - } - if (!addr) - { - fprintf(stderr, "invalid 'addr' in filter string.\n"); - exit(EXIT_FAILURE); + if (!addr) + { + fprintf(stderr, "invalid 'addr' in filter string.\n"); + exit(EXIT_FAILURE); + } + addr_chunk = chunk_clone(addr->get_address(addr)); + array_insert_create(to_free, ARRAY_TAIL, addr_chunk.ptr); + addr->destroy(addr); } break; case FIL_TSTAMP: @@ -710,11 +723,11 @@ static enumerator_t *create_lease_query(char *filter) "AND (? OR (identities.type = ? AND identities.data = ?)) " "AND (? OR address = ?)", DB_INT, pool == NULL, DB_TEXT, pool, - DB_INT, id == NULL, - DB_INT, id ? id->get_type(id) : 0, - DB_BLOB, id ? id->get_encoding(id) : chunk_empty, - DB_INT, addr == NULL, - DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + DB_INT, !id_chunk.ptr, + DB_INT, id_type, + DB_BLOB, id_chunk, + DB_INT, !addr_chunk.ptr, + DB_BLOB, addr_chunk, DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp, DB_INT, !valid, DB_INT, time(NULL), DB_INT, !expired, DB_INT, time(NULL), @@ -722,14 +735,13 @@ static enumerator_t *create_lease_query(char *filter) /* union */ DB_INT, !(valid || expired), DB_INT, pool == NULL, DB_TEXT, pool, - DB_INT, id == NULL, - DB_INT, id ? id->get_type(id) : 0, - DB_BLOB, id ? id->get_encoding(id) : chunk_empty, - DB_INT, addr == NULL, - DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + DB_INT, !id_chunk.ptr, + DB_INT, id_type, + DB_BLOB, id_chunk, + DB_INT, !addr_chunk.ptr, + DB_BLOB, addr_chunk, /* res */ DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT); - /* id and addr leak but we can't destroy them until query is destroyed. */ return query; } @@ -739,6 +751,7 @@ static enumerator_t *create_lease_query(char *filter) static void leases(char *filter, bool utc) { enumerator_t *query; + array_t *to_free = NULL; chunk_t address_chunk, identity_chunk; int identity_type; char *name; @@ -748,7 +761,7 @@ static void leases(char *filter, bool utc) identification_t *identity; bool found = FALSE; - query = create_lease_query(filter); + query = create_lease_query(filter, &to_free); if (!query) { fprintf(stderr, "querying leases failed.\n"); @@ -809,6 +822,10 @@ static void leases(char *filter, bool utc) identity->destroy(identity); } query->destroy(query); + if (to_free) + { + array_destroy_function(to_free, (void*)free, NULL); + } if (!found) { fprintf(stderr, "no matching leases found.\n"); diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index b2c9c9598..3a8ffb8fd 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -322,7 +322,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -356,8 +355,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -411,6 +408,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index b91997ddd..6f200c316 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -42,7 +42,7 @@ static void usage(FILE *out) { fprintf(out, "Usage: pt-tls --connect [--port ]\n" - " [--cert ]+ [--key ]\n" + " [--cert ]+ [--key ] [--key-type rsa|ecdsa]\n" " [--client ] [--secret ]\n" " [--optionsfrom ] [--quiet] [--debug ]\n"); } @@ -121,11 +121,11 @@ static bool load_certificate(char *filename) /** * Load private key from file */ -static bool load_key(char *filename) +static bool load_key(char *filename, key_type_t type) { private_key_t *key; - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_FROM_FILE, filename, BUILD_END); if (!key) { @@ -255,7 +255,8 @@ static void init() int main(int argc, char *argv[]) { - char *address = NULL, *identity = "%any", *secret = NULL; + char *address = NULL, *identity = "%any", *secret = NULL, *key_file = NULL; + key_type_t key_type = KEY_RSA; int port = PT_TLS_PORT; init(); @@ -270,6 +271,7 @@ int main(int argc, char *argv[]) {"port", required_argument, NULL, 'p' }, {"cert", required_argument, NULL, 'x' }, {"key", required_argument, NULL, 'k' }, + {"key-type", required_argument, NULL, 't' }, {"mutual", no_argument, NULL, 'm' }, {"quiet", no_argument, NULL, 'q' }, {"debug", required_argument, NULL, 'd' }, @@ -290,9 +292,20 @@ int main(int argc, char *argv[]) } continue; case 'k': /* --key */ - if (!load_key(optarg)) + key_file = optarg; + continue; + case 't': /* --key-type */ + if (strcaseeq(optarg, "ecdsa")) { - return 1; + key_type = KEY_ECDSA; + } + else if (strcaseeq(optarg, "rsa")) + { + key_type = KEY_RSA; + } + else + { + key_type = KEY_ANY; } continue; case 'c': /* --connect */ @@ -339,12 +352,15 @@ int main(int argc, char *argv[]) usage(stderr); return 1; } + if (key_file && !load_key(key_file, key_type)) + { + return 1; + } if (secret) { creds->add_shared(creds, shared_key_create(SHARED_EAP, chunk_clone(chunk_from_str(secret))), identification_create_from_string(identity), NULL); } - return client(address, port, identity); } diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 1fdea8a7b..1b36b91a0 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -439,6 +436,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 873c20ace..a3c58126e 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -39,7 +39,7 @@ starter_LDADD = \ libstarter.la \ $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) -EXTRA_DIST = keywords.txt ipsec.conf Android.mk +EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk MAINTAINERCLEANFILES = keywords.c BUILT_SOURCES = keywords.c parser/parser.h @@ -47,10 +47,6 @@ if USE_LOAD_WARNING AM_CPPFLAGS += -DLOAD_WARNING endif -if USE_SCEPCLIENT - AM_CPPFLAGS += -DGENERATE_SELFCERT -endif - keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h $(AM_V_GEN) \ $(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@ @@ -66,3 +62,4 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 19753de4f..4cc0ab54e 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -91,7 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_LOAD_WARNING_TRUE@am__append_1 = -DLOAD_WARNING -@USE_SCEPCLIENT_TRUE@am__append_2 = -DGENERATE_SELFCERT subdir = src/starter ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -396,7 +395,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -430,8 +428,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -485,6 +481,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -509,8 +507,7 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_SCRIPT=\"${ipsec_script}\" \ -DDEV_RANDOM=\"${random_device}\" \ -DDEV_URANDOM=\"${urandom_device}\" \ - -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \ - $(am__append_2) + -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) AM_CFLAGS = \ @COVERAGE_CFLAGS@ @@ -521,7 +518,7 @@ starter_LDADD = \ libstarter.la \ $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) -EXTRA_DIST = keywords.txt ipsec.conf Android.mk +EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk MAINTAINERCLEANFILES = keywords.c BUILT_SOURCES = keywords.c parser/parser.h all: $(BUILT_SOURCES) @@ -1007,6 +1004,7 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/starter/confread.c b/src/starter/confread.c index 33924b065..3fb750e51 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -222,6 +222,7 @@ static void conn_defaults(starter_conn_t *conn) conn->dpd_delay = 30; /* seconds */ conn->dpd_timeout = 150; /* seconds */ conn->replay_window = SA_REPLAY_WINDOW_DEFAULT; + conn->fragmentation = FRAGMENTATION_YES; conn->left.sendcert = CERT_SEND_IF_ASKED; conn->right.sendcert = CERT_SEND_IF_ASKED; diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets new file mode 100644 index 000000000..dae7709a1 --- /dev/null +++ b/src/starter/ipsec.secrets @@ -0,0 +1 @@ +# ipsec.secrets - strongSwan IPsec secrets file diff --git a/src/starter/starter.c b/src/starter/starter.c index 45c28d3cc..51a42a504 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -257,68 +257,6 @@ static void fatal_signal_handler(int signal) abort(); } -#ifdef GENERATE_SELFCERT -static void generate_selfcert() -{ - const char *secrets_file; - struct stat stb; - - secrets_file = lib->settings->get_str(lib->settings, - "charon.plugins.stroke.secrets_file", SECRETS_FILE); - - /* if ipsec.secrets file is missing then generate RSA default key pair */ - if (stat(secrets_file, &stb) != 0) - { - mode_t oldmask; - FILE *f; - uid_t uid = 0; - gid_t gid = 0; - -#ifdef IPSEC_GROUP - { - char buf[1024]; - struct group group, *grp; - - if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp) - { - gid = grp->gr_gid; - } - } -#endif -#ifdef IPSEC_USER - { - char buf[1024]; - struct passwd passwd, *pwp; - - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp) - { - uid = pwp->pw_uid; - } - } -#endif - ignore_result(setegid(gid)); - ignore_result(seteuid(uid)); - ignore_result(system(IPSEC_SCRIPT " scepclient --out pkcs1 --out cert-self --quiet")); - ignore_result(seteuid(0)); - ignore_result(setegid(0)); - - /* ipsec.secrets is root readable only */ - oldmask = umask(0066); - - f = fopen(secrets_file, "w"); - if (f) - { - fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n"); - fprintf(f, "\n"); - fprintf(f, ": RSA myKey.der\n"); - fclose(f); - } - ignore_result(chown(secrets_file, uid, gid)); - umask(oldmask); - } -} -#endif /* GENERATE_SELFCERT */ - static bool check_pid(char *pid_file) { struct stat stb; @@ -604,10 +542,6 @@ int main (int argc, char **argv) exit(LSB_RC_SUCCESS); } -#ifdef GENERATE_SELFCERT - generate_selfcert(); -#endif - /* fork if we're not debugging stuff */ if (!no_fork) { diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 25e3e7488..46d200f95 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -347,7 +347,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -381,8 +380,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -436,6 +433,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 4673f5961..39ca9fdd5 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -321,7 +321,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -355,8 +354,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -410,6 +407,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 37a0224c3..9ca759ea3 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -13,6 +13,7 @@ swanctl_SOURCES = \ commands/list_certs.c \ commands/list_pools.c \ commands/list_algs.c \ + commands/flush_certs.c \ commands/load_all.c \ commands/load_authorities.h commands/load_authorities.c \ commands/load_conns.c commands/load_conns.h \ @@ -69,6 +70,7 @@ install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true + test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index ebe1aba0d..ff9dca09d 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -119,7 +119,7 @@ am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \ commands/list_authorities.$(OBJEXT) \ commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \ commands/list_pools.$(OBJEXT) commands/list_algs.$(OBJEXT) \ - commands/load_all.$(OBJEXT) \ + commands/flush_certs.$(OBJEXT) commands/load_all.$(OBJEXT) \ commands/load_authorities.$(OBJEXT) \ commands/load_conns.$(OBJEXT) commands/load_creds.$(OBJEXT) \ commands/load_pools.$(OBJEXT) commands/log.$(OBJEXT) \ @@ -370,7 +370,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -404,8 +403,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -459,6 +456,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ @@ -475,6 +474,7 @@ swanctl_SOURCES = \ commands/list_certs.c \ commands/list_pools.c \ commands/list_algs.c \ + commands/flush_certs.c \ commands/load_all.c \ commands/load_authorities.h commands/load_authorities.c \ commands/load_conns.c commands/load_conns.h \ @@ -621,6 +621,8 @@ commands/list_pools.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/list_algs.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) +commands/flush_certs.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) commands/load_all.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/load_authorities.$(OBJEXT): commands/$(am__dirstamp) \ @@ -653,6 +655,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/swanctl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/flush_certs.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/initiate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/install.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/list_algs.Po@am__quote@ @@ -1037,6 +1040,7 @@ install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true + test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true diff --git a/src/swanctl/command.h b/src/swanctl/command.h index 8d0a2e6b9..7b92ae91a 100644 --- a/src/swanctl/command.h +++ b/src/swanctl/command.h @@ -27,7 +27,7 @@ /** * Maximum number of commands (+1). */ -#define MAX_COMMANDS 23 +#define MAX_COMMANDS 24 /** * Maximum number of options in a command (+3) diff --git a/src/swanctl/commands/flush_certs.c b/src/swanctl/commands/flush_certs.c new file mode 100644 index 000000000..527419f88 --- /dev/null +++ b/src/swanctl/commands/flush_certs.c @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "command.h" + +static int flush_certs(vici_conn_t *conn) +{ + vici_req_t *req; + vici_res_t *res; + command_format_options_t format = COMMAND_FORMAT_NONE; + char *arg, *type = NULL; + int ret; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 't': + type = arg; + continue; + case 'P': + format |= COMMAND_FORMAT_PRETTY; + /* fall through to raw */ + case 'r': + format |= COMMAND_FORMAT_RAW; + continue; + case EOF: + break; + default: + return command_usage("invalid --flush-certs option"); + } + break; + } + req = vici_begin("flush-certs"); + + if (type) + { + vici_add_key_valuef(req, "type", "%s", type); + } + res = vici_submit(req, conn); + + if (!res) + { + ret = errno; + fprintf(stderr, "flush-certs request failed: %s\n", strerror(errno)); + return ret; + } + if (format & COMMAND_FORMAT_RAW) + { + vici_dump(res, "flush-certs reply", format & COMMAND_FORMAT_PRETTY, + stdout); + } + vici_free_res(res); + + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + flush_certs, 'f', "flush-certs", "flush cached certificates", + {"[--type x509|x509_ac|x509_crl|ocsp_response|pubkey]", + "[--raw|--pretty]"}, + { + {"help", 'h', 0, "show usage information"}, + {"type", 't', 1, "filter by certificate type"}, + {"raw", 'r', 0, "dump raw response message"}, + {"pretty", 'P', 0, "dump raw response message in pretty print"}, + } + }); +} diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index 87526bc79..2e443a94a 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -221,7 +221,7 @@ static bool load_conn(vici_conn_t *conn, settings_t *cfg, vici_req_t *req; vici_res_t *res; bool ret = TRUE; - char buf[128]; + char buf[BUF_LEN]; snprintf(buf, sizeof(buf), "%s.%s", "connections", section); diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index 4647934f7..6278f66b4 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -2,6 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format, req = vici_begin("load-key"); - if (streq(type, "pkcs8")) + if (streq(type, "private") || + streq(type, "pkcs8")) { /* as used by vici */ vici_add_key_valuef(req, "type", "any"); } @@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype, credential_type_t credtype; int subtype; } map[] = { + { "private", CRED_PRIVATE_KEY, KEY_ANY, }, { "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, }, { "rsa", CRED_PRIVATE_KEY, KEY_RSA, }, { "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, }, @@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg, "eap", "xauth", "ike", + "private", "rsa", "ecdsa", "bliss", @@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format, load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR); load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR); - load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); - load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); - load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR); - load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR); + load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR); + load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); + load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); + load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR); + load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR); load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR); diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in index a3074601e..9c5a5a03d 100644 --- a/src/swanctl/swanctl.8.in +++ b/src/swanctl/swanctl.8.in @@ -38,11 +38,9 @@ output. initiate a connection .TP .B "\-t, \-\-terminate" -\-\-terminate\fR terminate a connection .TP .B "\-d, \-\-redirect" -\-\-redirect\fR redirect an IKE_SA .TP .B "\-p, \-\-install" @@ -93,7 +91,10 @@ trace logging output .B "\-S, \-\-stats" show daemon infos and statistics .TP -.B "\-r, \-\-reload-settings" +.B "\-f, \-\-flush\-certs" +flush cached certificates +.TP +.B "\-r, \-\-reload\-settings" reload strongswan.conf(5) configuration .TP .B "\-v, \-\-version" diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 6bc81becf..eb46005e1 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -44,7 +44,7 @@ # dpd_timeout = 0s # Use IKE UDP datagram fragmentation. (yes, no or force). - # fragmentation = no + # fragmentation = yes # Send certificate requests payloads (yes or no). # send_certreq = yes @@ -201,6 +201,9 @@ # Whether to install IPsec policies or not. # policies = yes + # Whether to install outbound FWD IPsec policies or not. + # policies_fwd_out = no + # Action to perform on DPD timeout (clear, trap or restart). # dpd_action = clear @@ -278,6 +281,18 @@ # } + # Private key decryption passphrase for a key in the private folder. + # private { + + # File name in the private folder for which this passphrase should be + # used. + # file = + + # Value of decryption passphrase for private key. + # secret = + + # } + # Private key decryption passphrase for a key in the rsa folder. # rsa { diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 013e35fb7..697bd406a 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -151,22 +151,23 @@ compatibility reasons, with IKEv1 a custom interval may be specified; this option has no effect on connections using IKE2. .TP -.BR connections..fragmentation " [no]" +.BR connections..fragmentation " [yes]" Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 fragmentation). Acceptable values are -.RI "" "yes" "," +.RI "" "yes" "" +(the default), .RI "" "force" "" and -.RI "" "no" "" -(the default). -Fragmented IKE messages sent by a peer are always accepted irrespective of the -value of this option. If set to +.RI "" "no" "." +Fragmented IKE messages sent by a peer are always accepted irrespective of +the value of this option. If set to .RI "" "yes" "," -and the peer supports it, oversized IKE -messages will be sent in fragments. If set to +and the peer supports it, +oversized IKE messages will be sent in fragments. If set to .RI "" "force" "" -(only supported for -IKEv1) the initial IKE message will already be fragmented if required. +(only +supported for IKEv1) the initial IKE message will already be fragmented if +required. .TP .BR connections..send_certreq " [yes]" @@ -594,7 +595,9 @@ the CHILD_SA configuration, which must be unique within the connection. AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For AH, this includes an integrity algorithm and an optional Diffie\-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation -uses a separate Diffie\-Hellman exchange using the specified group. +uses a separate Diffie\-Hellman exchange using the specified group (refer to +.RI "" "esp_proposals" "" +for details). In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is @@ -617,14 +620,19 @@ algorithm, an optional Diffie\-Hellman group and an optional Extended Sequence Number Mode indicator. For AEAD proposals, a combined mode algorithm is used instead of the separate encryption/integrity algorithms. -If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non -IKE_AUTH piggybacked) negotiation uses a separate Diffie\-Hellman exchange using -the specified group. Extended Sequence Number support may be indicated with the +If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation +use a separate Diffie\-Hellman exchange using the specified group. However, for +IKEv2, the keys of the CHILD_SA created implicitly with the IKE_SA will always +be derived from the IKE_SA's key material. So any DH group specified here will +only apply when the CHILD_SA is later rekeyed or is created with a separate +CREATE_CHILD_SA exchange. A proposal mismatch might, therefore, not immediately +be noticed when the SA is established, but may later cause rekeying to fail. + +Extended Sequence Number support may be indicated with the .RI "" "esn" "" and .RI "" "noesn" "" -values, both may be included to indicate support for both -modes. If omitted, +values, both may be included to indicate support for both modes. If omitted, .RI "" "noesn" "" is assumed. @@ -820,6 +828,12 @@ defined traffic from IPsec processing or drop it, respectively. Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. +.TP +.BR connections..children..policies_fwd_out " [no]" +Whether to install outbound FWD IPsec policies or not. Enabling this is required +in case there is a drop policy that would match and block forwarded traffic for +this CHILD_SA. + .TP .BR connections..children..dpd_action " [clear]" Action to perform for this CHILD_SA on DPD timeout. The default @@ -1021,6 +1035,23 @@ be specified, each having an prefix, if a secret is shared between multiple peers. +.TP +.B secrets.private +.br +Private key decryption passphrase for a key in the +.RI "" "private" "" +folder. + +.TP +.BR secrets.private.file " []" +File name in the +.RI "" "private" "" +folder for which this passphrase should be used. + +.TP +.BR secrets.private.secret " []" +Value of decryption passphrase for private key. + .TP .B secrets.rsa .br diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h index 560e89513..eac1fc6d0 100644 --- a/src/swanctl/swanctl.h +++ b/src/swanctl/swanctl.h @@ -2,6 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -64,6 +65,11 @@ */ #define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey" +/** + * Directory for private keys + */ +#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private" + /** * Directory for RSA private keys */ diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index fe5b293fb..a7d6d9fc3 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -139,12 +139,12 @@ connections..dpd_timeout = 0s checking. For compatibility reasons, with IKEv1 a custom interval may be specified; this option has no effect on connections using IKE2. -connections..fragmentation = no +connections..fragmentation = yes Use IKE UDP datagram fragmentation. (_yes_, _no_ or _force_). Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 - fragmentation). Acceptable values are _yes_, _force_ and _no_ (the - default). Fragmented IKE messages sent by a peer are always accepted + fragmentation). Acceptable values are _yes_ (the default), _force_ and + _no_. Fragmented IKE messages sent by a peer are always accepted irrespective of the value of this option. If set to _yes_, and the peer supports it, oversized IKE messages will be sent in fragments. If set to _force_ (only supported for IKEv1) the initial IKE message will already @@ -472,7 +472,7 @@ connections..children..ah_proposals = For AH, this includes an integrity algorithm and an optional Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate Diffie-Hellman exchange using the specified - group. + group (refer to _esp_proposals_ for details). In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per @@ -495,11 +495,18 @@ connections..children..esp_proposals = default mode algorithm is used instead of the separate encryption/integrity algorithms. - If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial (non - IKE_AUTH piggybacked) negotiation uses a separate Diffie-Hellman exchange - using the specified group. Extended Sequence Number support may be indicated - with the _esn_ and _noesn_ values, both may be included to indicate support - for both modes. If omitted, _noesn_ is assumed. + If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial + negotiation use a separate Diffie-Hellman exchange using the specified + group. However, for IKEv2, the keys of the CHILD_SA created implicitly with + the IKE_SA will always be derived from the IKE_SA's key material. So any DH + group specified here will only apply when the CHILD_SA is later rekeyed or + is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch + might, therefore, not immediately be noticed when the SA is established, but + may later cause rekeying to fail. + + Extended Sequence Number support may be indicated with the _esn_ and _noesn_ + values, both may be included to indicate support for both modes. If omitted, + _noesn_ is assumed. In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per @@ -652,6 +659,13 @@ connections..children..policies = yes Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. +connections..children..policies_fwd_out = no + Whether to install outbound FWD IPsec policies or not. + + Whether to install outbound FWD IPsec policies or not. Enabling this is + required in case there is a drop policy that would match and block forwarded + traffic for this CHILD_SA. + connections..children..dpd_action = clear Action to perform on DPD timeout (_clear_, _trap_ or _restart_). @@ -821,6 +835,15 @@ secrets.ike.id = may be specified, each having an _id_ prefix, if a secret is shared between multiple peers. +secrets.private { # } + Private key decryption passphrase for a key in the _private_ folder. + +secrets.private.file = + File name in the _private_ folder for which this passphrase should be used. + +secrets.private.secret + Value of decryption passphrase for private key. + secrets.rsa { # } Private key decryption passphrase for a key in the _rsa_ folder. diff --git a/testing/Makefile.in b/testing/Makefile.in index b6ad617b9..58fd2eb06 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -356,6 +353,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/testing/config/kernel/config-4.7 b/testing/config/kernel/config-4.7 new file mode 100644 index 000000000..011184db6 --- /dev/null +++ b/testing/config/kernel/config-4.7 @@ -0,0 +1,2460 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.7.0 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_NMI_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +# CONFIG_VMD is not set +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_KERNEL_API is not set +# CONFIG_CXL_EEH is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_MVNETA_BM is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +# CONFIG_CRYPTO_MCRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/config/kernel/config-4.8 b/testing/config/kernel/config-4.8 new file mode 100644 index 000000000..2fa52d9c2 --- /dev/null +++ b/testing/config/kernel/config-4.8 @@ -0,0 +1,2484 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.8.1 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_NMI_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +# CONFIG_VMD is not set +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +CONFIG_NF_CONNTRACK_PROC_COMPAT=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_MVNETA_BM is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_AVS is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# + +# +# Broadcom SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y diff --git a/testing/config/kvm/winnetou.xml b/testing/config/kvm/winnetou.xml index 9dbf3a563..b21cb7b08 100644 --- a/testing/config/kvm/winnetou.xml +++ b/testing/config/kvm/winnetou.xml @@ -35,6 +35,11 @@
+ + + +
+ diff --git a/testing/do-tests b/testing/do-tests index d0d1ead88..fd5cfe61b 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -46,6 +46,7 @@ SOURCEIP_ROUTING_TABLE=220 testnumber="0" failed_cnt="0" passed_cnt="0" +subdir_cnt="0" ############################################################################## # copy default tests to $BUILDDIR @@ -181,17 +182,25 @@ echo "strongSwan : $SWANVERSION" echo "Date : $TESTDATE" echo +############################################################################## +# trap CTRL-C to properly terminate a long run +# + +function abort_tests() +{ + echo -n "...aborting..." > /dev/tty + aborted=YES +} +trap abort_tests INT ############################################################################## # enter specific test directory # - if [ $# -gt 0 ] then - TESTS=$* + TESTS=$(printf "%s\n" $* | sort -u) else - # set internal field seperator - TESTS="`ls $DEFAULTTESTSDIR`" + TESTS=$(ls $DEFAULTTESTSDIR) fi for SUBDIR in $TESTS @@ -214,12 +223,18 @@ do else FIRST=" " fi + + if [ $subdir_cnt != 0 ] + then + echo " $subdir_cnt" >> $INDEX + echo "  " >> $INDEX + echo " " >> $INDEX + subdir_cnt="0" + fi echo " " >> $INDEX echo " $FIRST">> $INDEX echo " $SUBDIR" >> $INDEX - echo " x" >> $INDEX - echo "  " >> $INDEX - echo " " >> $INDEX + SUBTESTSINDEX=$TODAYDIR/$SUBDIR/index.html cat > $SUBTESTSINDEX <<@EOF @@ -259,6 +274,7 @@ do for name in $SUBTESTS do let "testnumber += 1" + let "subdir_cnt += 1" testname=$SUBDIR/$name log_action " $testnumber $testname:" @@ -341,7 +357,7 @@ do ########################################################################## - # copy test specific configurations to uml hosts and clear auth.log files + # copy test specific configurations to hosts and clear log files # DBDIR=/etc/db.d @@ -393,6 +409,16 @@ do ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'conntrack -F' >/dev/null 2>&1 done + ########################################################################## + # remove leak detective log on all hosts + # + + export LEAK_DETECTIVE_LOG=/var/log/leak-detective.log + for host in $STRONGSWANHOSTS + do + ssh $SSHCONF root@`eval echo \\\$ipv4_$host` 'rm -f $LEAK_DETECTIVE_LOG' >/dev/null 2>&1 + done + ########################################################################## # flush IPsec state on all hosts # @@ -410,7 +436,7 @@ do echo -e "\nPRE-TEST\n" >> $CONSOLE_LOG 2>&1 eval `awk -F "::" '{ - if ($2 != "") + if ($1 !~ /^#.*/ && $2 != "") { printf("echo \"%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) @@ -447,7 +473,7 @@ do command=$2 pattern=$3 hit=$4 - if (command != "") + if (host !~ /^#.*/ && command != "") { if (command == "tcpdump") { @@ -469,18 +495,6 @@ do }' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1 - ########################################################################## - # set counters - # - - if [ $STATUS = "failed" ] - then - let "failed_cnt += 1" - else - let "passed_cnt += 1" - fi - - ########################################################################## # log statusall and listall output # get copies of ipsec.conf, ipsec.secrets @@ -508,25 +522,34 @@ do $VIRTHOSTS @EOF + IPTABLES_CMD_V4="echo -e '=== filter table ==='; iptables -v -n -L; echo -e '\n=== nat table ==='; iptables -v -n -t nat -L; echo -e '\n=== mangle table ==='; iptables -v -n -t mangle -L" + IPTABLES_CMD_V6="echo -e '=== filter table ==='; ip6tables -v -n -L; echo -e '\n=== nat table ==='; ip6tables -v -n -t nat -L; echo -e '\n=== mangle table ==='; ip6tables -v -n -t mangle -L" + if [ -n "$IPV6" ] then IPROUTE_CMD="ip -6 route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="ip6tables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V6" IPTABLES_DSP="ip6tables -L" + IPTABLES_SAVE_CMD="ip6tables-save" + IPTABLES_SAVE_DSP="ip6tables-save" else IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP=$IPROUTE_CMD - IPTABLES_CMD="iptables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V4" IPTABLES_DSP="iptables -L" + IPTABLES_SAVE_CMD="iptables-save" + IPTABLES_SAVE_DSP="iptables-save" fi if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ] then IPROUTE_CMD="ip route list table $SOURCEIP_ROUTING_TABLE; echo; ip -6 route list table $SOURCEIP_ROUTING_TABLE" IPROUTE_DSP="ip (-6) route list table $SOURCEIP_ROUTING_TABLE" - IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L" + IPTABLES_CMD="$IPTABLES_CMD_V4; echo; $IPTABLES_CMD_V6" IPTABLES_DSP="iptables -L ; ip6tables -L" + IPTABLES_SAVE_CMD="iptables-save; echo; ip6tables-save" + IPTABLES_SAVE_DSP="iptables-save ; ip6tables-save" fi for host in $DBHOSTS @@ -589,6 +612,8 @@ do > $TESTRESULTDIR/${host}.ip.route 2>/dev/null ssh $SSHCONF $HOSTLOGIN $IPTABLES_CMD \ > $TESTRESULTDIR/${host}.iptables 2>/dev/null + ssh $SSHCONF $HOSTLOGIN $IPTABLES_SAVE_CMD \ + > $TESTRESULTDIR/${host}.iptables-save 2>/dev/null chmod a+r $TESTRESULTDIR/* if [ -n "$SWANCTL" ] @@ -612,6 +637,7 @@ do
  • swanctl --list-pools
  • swanctl --list-authorities
  • swanctl --stats|--list-algs
  • +
  • auth.log
  • daemon.log
  • @@ -621,7 +647,7 @@ do
  • ip -s xfrm state
  • $IPROUTE_DSP
  • $IPTABLES_DSP
  • -
  • auth.log
  • +
  • $IPTABLES_SAVE_DSP
  •   @@ -656,6 +682,7 @@ do
  • ip -s xfrm state
  • $IPROUTE_DSP
  • $IPTABLES_DSP
  • +
  • $IPTABLES_SAVE_DSP
  • @@ -746,7 +773,7 @@ do echo -e "\nPOST-TEST\n" >> $CONSOLE_LOG 2>&1 eval `awk -F "::" '{ - if ($2 != "") + if ($1 !~ /^#.*/ && $2 != "") { printf("echo \"%s# %s\"; ", $1, $2) printf("ssh \044SSHCONF root@\044ipv4_%s \"%s\"; ", $1, $2) @@ -773,6 +800,25 @@ do fi done + + ########################################################################## + # make sure there were no leaks + # + + for host in $STRONGSWANHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + LEAKS=`ssh $SSHCONF $HOSTLOGIN 'cat $LEAK_DETECTIVE_LOG 2>/dev/null | grep -v "No leaks detected.*"'` + if [ -n "$LEAKS" ] + then + echo -e "\n$host# cat $LEAK_DETECTIVE_LOG [NO]" >> $CONSOLE_LOG + echo "$LEAKS" >> $CONSOLE_LOG + echo "<<< $host $LEAK_DETECTIVE_LOG >>>" >> $CONSOLE_LOG + STATUS="failed" + fi + done + + ########################################################################## # get a copy of /var/log/auth.log # @@ -829,6 +875,18 @@ do $DIR/scripts/restore-defaults $testname + ########################################################################## + # set counters + # + + if [ $STATUS = "failed" ] + then + let "failed_cnt += 1" + else + let "passed_cnt += 1" + fi + + ########################################################################## # write test status to html file # @@ -873,6 +931,11 @@ do ssh $SSHCONF $HOSTLOGIN 'if [ -f /var/run/charon.pid ]; then rm /var/run/charon.pid; echo " removed charon.pid on `hostname`"; fi' done + if [ -n "$aborted" ] + then + break 2 + fi + done done @@ -900,6 +963,15 @@ cat >> $TESTRESULTSHTML << @EOF @EOF +if [ $subdir_cnt != 0 ] +then +cat >> $INDEX << @EOF + $subdir_cnt +   + +@EOF +fi + let "all_cnt = $passed_cnt + $failed_cnt" cat >> $INDEX << @EOF @@ -923,18 +995,7 @@ cat >> $INDEX << @EOF echo echo_ok "Passed : $passed_cnt" echo_failed "Failed : $failed_cnt" -echo - - -############################################################################## -# copy the test results to the apache server -# - -HTDOCS="/var/www" -ssh $SSHCONF root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1 -scp $SSHCONF -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1 -ssh $SSHCONF root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1 echo echo "The results are available in $TODAYDIR" echo "or via the link http://$ipv4_winnetou/testresults/$TESTDATE" diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config index ae2e4cc84..ecd7f4fd1 100644 --- a/testing/hosts/default/etc/ssh/sshd_config +++ b/testing/hosts/default/etc/ssh/sshd_config @@ -12,3 +12,4 @@ PermitEmptyPasswords yes PrintMotd no PrintLastLog no UsePAM no +AcceptEnv LEAK_DETECTIVE_LOG diff --git a/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf index 933589906..03f93ad2e 100644 --- a/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf +++ b/testing/hosts/winnetou/etc/apache2/sites-available/000-default.conf @@ -6,6 +6,9 @@ Options Indexes FollowSymLinks MultiViews + RewriteEngine on + RewriteRule "^/testresults/.+/images/(.*)" "/images/$1" [PT] + LogLevel warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index fd75ed0f3..1a375e051 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -31,6 +31,12 @@ cp index.html ${ROOT} # revoke moon's current CERT pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl cp strongswan_moon_revoked.crl ${ROOT} +# generate a base CRL +pki --signcrl --lastcrl strongswan.crl --cacert strongswanCert.der --cakey strongswanKey.pem --lifetime 30 --crluri http://crl.strongswan.org/strongswan_delta.crl --digest sha256 > strongswan_base.crl +cp strongswan_base.crl ${ROOT} +# generate a delta CRL revoking moon's current cert +pki --signcrl --basecrl strongswan_base.crl --reason key-compromise --cert newcerts/2B.pem --cacert strongswanCert.der --cakey strongswanKey.pem --lifetime 10 --digest sha256 > strongswan_delta.crl +cp strongswan_delta.crl ${ROOT} cd /etc/openssl/research openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem openssl crl -in crl.pem -outform der -out research.crl @@ -54,3 +60,6 @@ cp strongswan_rfc3779.crl ${ROOT} cd /etc/openssl/bliss pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha3_512 > strongswan_bliss.crl cp strongswan_bliss.crl ${ROOT} +cd /etc/openssl/sha3-rsa +pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl +cp strongswan-sha3-rsa.crl ${ROOT} diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt index db139d54c..586f9dda3 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt +++ b/testing/hosts/winnetou/etc/openssl/index.txt @@ -33,9 +33,9 @@ V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA R 150803083841Z 150804144912Z,superseded 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org R 151119165922Z 151126081658Z,superseded 23 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org -V 161015124507Z 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org -V 161015124759Z 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org -V 161015125030Z 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org +R 161015124507Z 161018152707Z,superseded 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org +R 161015124759Z 161018152711Z,superseded 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org +R 161015125030Z 161018152714Z,superseded 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org @@ -50,3 +50,6 @@ V 190826151202Z 31 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@stron V 191127201436Z 32 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org V 190906145531Z 33 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org V 190906082453Z 34 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org +V 190905153713Z 35 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org +V 190905154104Z 36 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org +V 190905154224Z 37 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old index a3385dba4..649ad9ff5 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/index.txt.old @@ -33,9 +33,9 @@ V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA R 150803083841Z 150804144912Z,superseded 22 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org R 151119165922Z 151126081658Z,superseded 23 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org -V 161015124507Z 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org -V 161015124759Z 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org -V 161015125030Z 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org +R 161015124507Z 161018152707Z,superseded 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org +R 161015124759Z 161018152711Z,superseded 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org +R 161015125030Z 161018152714Z,superseded 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org @@ -49,3 +49,6 @@ V 190826150536Z 30 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strong V 190826151202Z 31 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org V 191127201436Z 32 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org V 190906145531Z 33 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org +V 190906082453Z 34 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org +V 190905153713Z 35 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org +V 190905154104Z 36 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/35.pem b/testing/hosts/winnetou/etc/openssl/newcerts/35.pem new file mode 100644 index 000000000..20fd0249b --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/35.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHzCCAwegAwIBAgIBNTANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE2MTAxODE1MzcxM1oXDTE5MDkwNTE1MzcxM1owWDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y +MjQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDpZ9FM1s4VqqweOS24P5dVW4uTVrN4HgK2c70P+umh +u5+pr8cyPn/Kdor7SU9B/GdV6onZumgSUaeNqCSmGzLA77x/nR1xRWtiszWStJUQ +ICszEb8/WkPq68jlsmgIsfpTmABOBPYTvAqh7bZCTSoySG2fKt+E4UAd5S+BH1CH +YruIvrvuNxVMA/z8J+tMFZGqjQ6DopatYgSpccbSX5kuAgXCA9g9cemoPoKjjjLD +w0JBKCErtNKimY9pvf+SaRqoCc0YTIw6ydyna0e+tuPQImFjopZTyelnGHIZ/l62 +lnmrfB+sw2Younp7L9Fh9ki4wBOcXS/g4fQgyjKvLAG/AgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUwdMoB5LJvckJ8GY1vi2f +AiL8s5YwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz +dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu +Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDgUAA4IBAQCzWf9dGTbHy8B91uSR +BAR0K/Wi/j2AqqhDxIH7/PHh78ww9Zb1bBeCt5iFnpqGdTe17vmbga8QGK3W7NHm +hFYUJhXGyxT3uclUzsePLXKqDnoG9tbZMLoJLzle3j4uJ4PjWN0Wsu+76/QZudOt +zoJUZRyMvDfBByLOLqbdR7KOm0hNPsjCkzEfj2ql+IDQdNhulatpThqTRxZcYDP8 +bxpDIOaJQPGwpQFKIkZ34kZBPjUVY6Ad/mvoTna/ydWrPCGjfqcn/n14vxFS0nyh +FRtEpelFVKTX/JDXs/IZ0Bsn+lWar4lgUEs2PlmS5sMS8EZVOgiazT+rdVNWHrQh +cS9u +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/36.pem b/testing/hosts/winnetou/etc/openssl/newcerts/36.pem new file mode 100644 index 000000000..d786db30b --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/36.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCAwmgAwIBAgIBNjANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE2MTAxODE1NDEwNFoXDTE5MDkwNTE1NDEwNFowWTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z +ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA0021rEucwTZnd5pGxpWrXvn6Vkhd8ibwiyQ7ynpk +1Wi+WB0eWqW6ciU3BbA6L8DXUZoo0BzhIlH68X1n+CWiSBS8lBC21QJTAYywdQar +TVzUusbhX5S7c6JQrk9Oj+Tt+X5D0Q91SMfcB/i+G9IpZZz9DiceCIxpBd0HxoPJ +PRANjThQnqot4TYYUm45N05PixAD+K3P8Yik7BTRHPV4JhflPeOd0pTZL2b4sg7O +vZctotdF/riDvDeixMS/OlYxrKqVeP1wafsTE4MwADooRgaWa9zkRTxO4JwNE9M3 +LQ2s8AUq73kHxwJqhvom18lgMD056iZYqN7RKSaE+Zn40QIDAQABo4IBBjCCAQIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFONu1FifPZHQiluTzIlQ +02i3SSqWMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw +CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS +c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaCFGNhcm9sQHN0cm9uZ3N3 +YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v +cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAALEERUj19IbP7NL +fyNy+CRVZ9fT20jDjLhQ3yZpmYep2TEAAGIP2I550tc/eIXj4LCJJ3i5a/AdSQjW +09beMwXatszqrE+taY7tELSKGy5Pbnb32HIDPwKXs92Ivxt9FgwUaLrj3AtVUmxk +0bhGMSjkgtrxbeki9394+ISW0EdD9DZSheJSLKa6rykb7akQPU8J2hreVAFdNZnF +RDVpT/OI8ZoH0K12YvthC33fysmKyGNCjDRP/x4UsdrnRpHP7BMjVe1TJQBiu6cm +DWPvj6ZkKqRZ2P67GVZLSu7s3hHKu0O5p3oY0J3YLh6ZrCw53dfG0860vfAV78f3 +DhxaCpo= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/37.pem b/testing/hosts/winnetou/etc/openssl/newcerts/37.pem new file mode 100644 index 000000000..9c62f2132 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/37.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHzCCAwegAwIBAgIBNzANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE2MTAxODE1NDIyNFoXDTE5MDkwNTE1NDIyNFowWDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01 +MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDOTJOm4HBLbc0fCUHKOSYSAJj+dbWmXo+M+ViblRwU +iTij2wBchH2T3SUuj/OimtxloyVWyfATS7eTjCbqPbduVc2aE1QqwpBzTGnh8hd2 +1IQ2Hg/ruAS1t6XlGbQXbzOmA53tePh7iLMeW1UzIlq/i1isducIKSOusc5/225j +2C3OHbfpIlBzW9NgtDZZqAc6BsI2z6XsaA/U0S+4YYv8mImsSm71aoeesGLV2Fqm +7xQLxzH7eQQS1gg8+iWfPTU6pHL6AYR7HKKCdMiqDUOrP6VEleueinnzh8MbWwa3 +z3iIJ8pGD1jBLJ+Tlt+qKu5ZE0fGX2WCVntkf0IWc7HRAgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU4jVZk42tDoUyFnMs869u +69kHafUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz +dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITZGF2ZUBzdHJvbmdzd2Fu +Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQBvE869kmBTDlTm3LnK +Sj6tGRhE0rN/Ki3zHBTlVzGZvaggt9ZvPFcLypLZkC0BfPu5/z58ig/Z8dC/bITR +g6kr02wgpLlwOTrU2dNQ/ehKOKClG0gkNNlw4cdi5ayRFXVvYhWzZNPGvIY8O8EH +LY2oZ0LXBvttx+rSuFAYiOEXON5/oiiNpGxqGu2mYIeyAAIIcKa4PqvGu7DxEGtN +OKwJ+ez5bg4qpUVGgBYce1SbzShS+eAe87xLRL1QKxcBD0DVFb9c6hrPRIpdxHD3 +AEFEo87lj5npbvP9PExufP9mTl4Ko7mENhEYVo4/2eGsMmyD+FXUWUXr7bWY5Zrg +jSFJ +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial index 8f92bfdd4..e522732c7 100644 --- a/testing/hosts/winnetou/etc/openssl/serial +++ b/testing/hosts/winnetou/etc/openssl/serial @@ -1 +1 @@ -35 +38 diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old index a78736459..81b5c5d06 100644 --- a/testing/hosts/winnetou/etc/openssl/serial.old +++ b/testing/hosts/winnetou/etc/openssl/serial.old @@ -1 +1 @@ -34 +37 diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolCert.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolCert.pem new file mode 100644 index 000000000..94f2c0a19 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtTCCAx2gAwIBAgIBAzANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzYwMloXDTI2MDky +MjEwMzYwMlowWTELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw7ArNq1Cs5RMc1Mu +HO5BZAIAc9v04THLSpCs+zNQlyJCXaijsiTQUbATyhgB5O11HKh69J8PRITx+dqI +W/are3KGAKbvo8G5AgVOPhO+X3n7iOwTPqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9 +Js36gZegcm/w3d0QVOPUIEMWpSMIHCAmv6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8d +jDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH8akPB6NgNvFVUZPK4EQfr19JNAQp7KbP +A6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfuba +GkFE4AKxUEGcm0N4gHXo1PBj7hayJJSUIuAfoIfmkorqrPTp3bRoH2NWmMveBU6W +4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9xKPeiD232KeBZdpK4vs1ewkzftWmOVYUB +G0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7Z6iqH7hQ9gNGOe+NAgMBAAGjgYkwgYYw +HwYDVR0jBBgwFoAU5MnNjPKIbR2nLtdeeTGlZlU1zgIwHwYDVR0RBBgwFoEUY2Fy +b2xAc3Ryb25nc3dhbi5vcmcwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5z +dHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLXNoYTMtcnNhLmNybDANBglghkgBZQME +Aw4FAAOCAYEAHxkcN7plS2BvO/yXxE5WJ+2k9IP/IupuE6ChuFHDq5SrGNMsStsG +sGpV6/yxvLSHchNGnGMIOyLTMzKgWy5dnDy4YX2FqZkI8ZBa0FJ9iO2IxILCsmyw +ouShOv47YkNuAzJWIZjRz3+7mNhfX3TsdEr26cNKf1JqawTyFCDq0t/UYS6K/8O+ ++6Q1kmy2mRgR19XkxA0ts3xno+eeB0NelnVEjJwqZPFgmVYK/2T4fUKraJyQzwhp +xghLtlmwNuN6jetB4Z9k3hQQaPlUy2wxrqdsNfV9Ysgy+3LcI2ynoFMYShrS4avW +FI2z0hb8sDkvS4Knif4UCv14Gycb/8nSgiingEMU+UmPOxwUl79/99e4LvIaslp4 +S0AiLwe0Tz2NqQ6uhvVppw3lYptIt+EK042cYpm/CPTMlMhT+Pi8l/POWIdquNLp +85NuiVBbt3wMff+qTu+/ppyQsytTfDMD6XLggorLni/Owf9PoBakcdGuPW9MAUTf +6Idv0tl5T0qX +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolKey.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolKey.pem new file mode 100644 index 000000000..db6c98d89 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/carolKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAw7ArNq1Cs5RMc1MuHO5BZAIAc9v04THLSpCs+zNQlyJCXaij +siTQUbATyhgB5O11HKh69J8PRITx+dqIW/are3KGAKbvo8G5AgVOPhO+X3n7iOwT +PqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9Js36gZegcm/w3d0QVOPUIEMWpSMIHCAm +v6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8djDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH +8akPB6NgNvFVUZPK4EQfr19JNAQp7KbPA6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj +4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfubaGkFE4AKxUEGcm0N4gHXo1PBj7hayJJSU +IuAfoIfmkorqrPTp3bRoH2NWmMveBU6W4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9x +KPeiD232KeBZdpK4vs1ewkzftWmOVYUBG0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7 +Z6iqH7hQ9gNGOe+NAgMBAAECggGAKuC3F0vviZm9Bqf7OquZ+GfX4YsYpR9cBAKf +ZIth5TvEfvEsrSQT4VJLg8Su5ZKCTr07883GcqUOwEh6CGyMNohphEsPxznzZ9Xx +xvhchl8cFmxj6x9woYEb40hRQp4gUO7f+nW1DfpssYKIlbAca7jlly2gAX0mzvL8 +z/TjSVvbsw34b5UNS5LZmCrfVLkSEscQbvWM/cECgnIJ72fxmC8NvAIZ9ZNSLpyk +lDuEeNU+2zBQtUrt2CacNm263B0dvHrW9QSTdi1GvIjxhc3ab8OT0ZDNzo/S2eRJ +InN77gwkYgEu1jeloBsicG4ZAAdbQU5/X4prnJIy2novnA/2C+hrmpYDhxqOT4Uk +AhoMiyvrJF6rxPZj+R5qzc4RUzZapcXUNzH0lCwtwd19Ogfw38LUkHCtqQQpleme +AL7FeVDXDu9oe6c5YrZihehT7p8ExKwlwiWy4u2bnoip77wOCuLo+D6eZpt64w4e +XiHpWtmkADqhfzMgt/WUMpD/+gcBAoHBAPTa6zMClhGP6su624Rv9HSVClacXR7d +zJNo5stnPierfcIZs8loWthR6AgGx36q9bOqtfIdFRc/PajF7oggnTcxMBZdCoU8 +Oi3vWEH+aIzIX3KICUjRYjj1kpm9xcy7XPGc6bEit+PM1DJ1jXCTiC30uQpavNxr +klV4+ROIt9MYsb3tQw7CO1mGNR37jAEUqbJ7sK2OnvmjZPJlwJs0AyN1j7ZUihDO +VT5UhjwB4KUH6BEirXTkoaDxZwsRfR5SaQKBwQDMmFm2M8J9AOxgrYTY80YIRQpy +vrcX7Xrzn4Lu8M8Xr6RlS5bbXApAH7WtRHGlIj14lItmvZpRSOTzawtn65AzeIUF +82/EMxLJaGjMBviTyNy+ta9wn8Qdy5c2ZZ5dKgsQ4PprSkAvNOnpd1wG48pbGg7/ +n3tVs9zdD2wa35KVjoyueu9Ls9BbND8v7OYmkmSNqFlA5KuLIeQkuLNxjxQsV5Vg +S8pyg1jlYs7KmYs9GIFHAVEf5LG6a/3huWfuR4UCgcAGWfdn51VFN1p71mkDUnQg +4gzWmk/AETjRShNSi2cNWGF2u3vyaYaRve4q5yIdowmkk3UMxrxZUgajbh714QKy +/8+jhN5U/m7z6hV8AMFthXUUX3r+LJBDsfsPieCrouCSU+Or+J6Uhieq92mn1eve +ZU63egsUHKY7GVw8qXs7OpTBvHnU1Cz98YFHOdMz4/lS6+p1VhHBn/9qWkFYxUyf +itkjfaXnMbL8XuzseY/+N+pJJ4EgWx3mMtzdaKK6OqECgcAttOdt1fhgFsG4A2vH +T+nYVRw1cDfVJ5+tJ3iHytJpFzshyhZEoTZFBxB+SekdnB2hf4X5COiduiwz2Tku +GSkY5pbJMo5IhaRvzFyFIBWOZnQyQsKT5Y1Znq8EXwVXCNp6BdjL+UWHhkmvd5Pe +kisV2Sd6ofVauxjfZd+fzUyhDryNCjfFcMFebrijC0iLW28NWou9/Jf6ODMQpRap +iu5Vzac4YRY0KPXGISHTjyPVHVFcPIYUGvI9lHyeXd5DFEUCgcA9s3ei/H000sC6 +3q5iELW8kxFCpwvu7uKCFfakAqQn8nponHEUgRS7eLjzS1NB0qysIiOMtZPAVMCz +puETLsi9PxD8de4RyEyZC2yd973j+TqFQmPyiWF3QNW55zM2iELW5sGeEVk/Z15c +nlItcy7KOJOJU0TAKvUUjr4ug5N7sVSN1aeF4tiaFz0GFIqV3qAkcTMfpaOKfuSc +huiHBdBaY7m4uNK4/ZOi1JitocO7wpRsX/eRJ4AuNrro8EHHAe0= +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveCert.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveCert.pem new file mode 100644 index 000000000..c5c769cb5 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIBBDANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzcwN1oXDTI2MDky +MjEwMzcwN1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDa0Mg8XicEZYIYmuet +XWekjDifPbi7WyIOUPV5LajXuxhMGd/NAaRrJb13D+GHLdsY2uwaa7Cv+VMyfWDc +qD5RDQw0hYY+zdRYt4Hk4GNDiZZOYcqXQCi/ZCcU7k9Prd/nurBk4FcwsnMh06UE +mS7mTEG7SphP8WxfjQpHRBLOXlq3tAfm0nzV4Ee5VosQmuDmFiSpoOW0a+KxR5Sj +OjmyKMx828lRvBhC0vtRCsAzIUMAeoeTH9Fo6Q4/nwV2bNOKGpFcs5tVWs4xarql +MBEKyx0OFwD/LZC1xDN+0JsgP3/6EzHzJHIPQVs9wMLoK+vFXNRPKoE2Nb1mesN8 +jGuqJGdrsWeN+r2ANjFi0NcaO/HU90inVmCKKJDQEtZBXzD66MqAznbDLxgx2cJM +N1whWat6jTZqa7i3FffB/1gB4a1DmA1CQlKihkSPA6epWGKo0MSPEOCgSywAn9VC +1LCPftSDUAVn1sHbH5g20Llv8yPRjiiTuY74G60OJPOTDncCAwEAAaOBiDCBhTAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVgRNkYXZl +QHN0cm9uZ3N3YW4ub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwuc3Ry +b25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEzLXJzYS5jcmwwDQYJYIZIAWUDBAMO +BQADggGBAISXAxemOSUmXqkf7cgTQHpreMH1Y9LPJxZUUq5GVErmPzhLaZDSqZSy +ZXcu3EWPA0RElaYBd9CSgFx0I89tw41dIYOLDyLnrEDHmcsgcJl74YYBSzebB/TJ +OGXtV3S9M9OF1vSdugaXI1hDXck7cODUR6nyZAWOp5kBSItAH5bglCRtaQlAuSxM +wRWYhBErUR5tZvu0loCN+11hVg/ddQ3r+FeHUt35KNenxkd6hWlHljbPv/eTtqgc +/5VGEC96I2rD6WNcszj/SKK40zA9GuF1mIwNKEdcYnPRxoszlD6C7cdGJZ8VpJLc +d7sO0QJur5HNtj6oUbM3HuHAaZBjg7uh5GDj+RehhKCybYyJQ1fu4iRaNYKdPwZh +/F6hBRLytkt1qjJhngmBmQU4Ent8GL0Zn6Q8/HvbTP/xw4VXkY9JHdMIkzH8zokd +TVjkunPPt+zdzeMq4hOewYR8HfiKcAnNUG7eO6PnUvC2NKsqX8a7/z0OV68XybZs +gjC1FqvMvg== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveKey.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveKey.pem new file mode 100644 index 000000000..85ad0d826 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/daveKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEA2tDIPF4nBGWCGJrnrV1npIw4nz24u1siDlD1eS2o17sYTBnf +zQGkayW9dw/hhy3bGNrsGmuwr/lTMn1g3Kg+UQ0MNIWGPs3UWLeB5OBjQ4mWTmHK +l0Aov2QnFO5PT63f57qwZOBXMLJzIdOlBJku5kxBu0qYT/FsX40KR0QSzl5at7QH +5tJ81eBHuVaLEJrg5hYkqaDltGvisUeUozo5sijMfNvJUbwYQtL7UQrAMyFDAHqH +kx/RaOkOP58FdmzTihqRXLObVVrOMWq6pTARCssdDhcA/y2QtcQzftCbID9/+hMx +8yRyD0FbPcDC6CvrxVzUTyqBNjW9ZnrDfIxrqiRna7Fnjfq9gDYxYtDXGjvx1PdI +p1ZgiiiQ0BLWQV8w+ujKgM52wy8YMdnCTDdcIVmreo02amu4txX3wf9YAeGtQ5gN +QkJSooZEjwOnqVhiqNDEjxDgoEssAJ/VQtSwj37Ug1AFZ9bB2x+YNtC5b/Mj0Y4o +k7mO+ButDiTzkw53AgMBAAECggGACY1lwGTn1SRNSp+wj3vtY1yPuDvsjZlL4k4c +eT7KCSjsxZ23jG6O6/KI0+LImKsiznH4LqsW2ofK3wBkMx3RIp6sMrrFgoZfx8Oz +EvfMvY0LF77jJjkxzjEkF6DTq4nOpYIb4zt78u9HYWmo4YuCZaFcmT2Haq4CaiVx +Fm1dWM77rNtaIPR9aKTS3L9vcLkiKkk7LoCMppSzH8QdNAb9r85iJu09W6kXcgtd +10rd2x2PnDy9IGoaLTdHXPWnOmVDviFgCp9zxBk4g/SWDR2AdHOgg3D2mvOmFkVK +SLxr8RKhzzQfbRQuV4F3so9QVfkKyH8xsOpjAqjQwJC1LIWMJipzmc8o/AnUw0Rj +UvU1sDYV8MHimgoftG000vB72hws8tv/XQHl13Tig8y46lSOYxavBJZuHjPPhkQF +YlsfyUV5B11EmlyZ+KsNCHj9vXGRL6bw3Hu1UeG5cnXBXNkPq7ssNpgwdJrpqcW3 +8KWtl7w/b68ZLwyMpxKbmUNIyNkJAoHBAP9KBnqa91RA8gg0/Kp91NLiNXT9ibN3 +cQ6Y6HXuCWrKIKVKMmxRkhM9lMzOVfVVw5ydWZ3B5tzMiIfVCnyzs357vxBGsQEk +TQ9I/kdFuR1gSMZVbXSH1Cbf/Ealg7j/w5/3WpQSaszUN2dmkJ64I3iEWELjT/VV +RaxEhdNmZiRieOglkpvt+4X2Cr5oKXUofb11QX8bBmPnZklWUTuEfQu2KFc7T2im +2ZonJKdxRMMFcnHqS3StX8OYqK8qqTC9hQKBwQDbbMIAp2omxd+iiN4hCIgZ1mK3 +HzBBwam6A/ZLqbByB4Ch1TNRK959xtJW6FLibZPYCi12b1ILwjOVO7aQHKnhKItX +rhwAdhaBd3tJTxu2jDB0Bx1UkKbTDQ3bipnLY+VX/r/rMKbRsWgzejLs/CjafOj7 +OaFSpQOiQfOkpGKpwTab2H0CYqCMxK/4VYBP/NWwM0o0gaL5dJCjZ5i72CnHtmx7 +3D69TCieFY7RiDyf4Pix0tonwD5FfVHfH1SpjssCgcEAxJIcYQW4EhEcDIO4VhMj +7+msndOn1x/OVx4YSM4sRCU1c/Co2M0KfHQ7gmQSviD2yT5DxfyLJlL7ghPhylmY +iXkBiqfUHXv1NiLPYNPoER2Vi9o1uLfp/LEVkNRbk/SkjiUpgsCXqfZyXtUT4JML +BP5q874SUGcDif0NStUbK0MDtEVSGWzq8qCcbzbHTWYLQ/non9WQWxbPpQKo8/o1 +SvJNJ7YMlBl9jnw7dg76kmw8TkjJJyNkjLickpx3wIb9AoHBAIx01s6SW9nL6fZh +xEbC7lQTrobn2P0OmbWv2ZXfXknv0YBGOB4qhbZfcb8d4gh8+hldknJwmcVbH6fU +XG1tW7T8Pg33LoeBD7D6KZnooKW+oTl0YGsEWTVZ8tfopb/TBzjHolRLhU1PUZM6 +EqUuWHxbXsuJvWForaXMr8hhTaK6QlmKP6MqPPk+4iGFoagSATtT6Zkorokd+4QN +yW/c1Am6FUFH34VO3eUriYtIuP3ihW9WuDyfy3yx1pmLtab/9wKBwQDbBXYm9ugE +wRSIxCywJ+aPNRQKanCKORwQMNJZ80rrXIs7saomY4Os+utJpOhoksTJB7mAn3ij +kopmXn6NOsXdOlp9Ty55YRylGmOIQpsO7kSfylE1NFioHqksuQndbUwZFbskI0cN +egyoihqnbfoLyxGu1/M521IseW3AwFIc0gAGdQ7i4ZXVlXOXWvdZFxnpd6PAfFMb +J9mOicxHQ6Yv5b30RUvSIN+LHnUNGGk9XAxCH/jKtU7886jD6f34ru8= +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonCert.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonCert.pem new file mode 100644 index 000000000..bea7e81f8 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyDCCAzCgAwIBAgIBAjANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzU0N1oXDTI2MDky +MjEwMzU0N1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcPfHpuwuPBQ/0FTT6 +ENKjbxcGfVozz5Q7mfleee5DwIMH4yqkQeA297vUUEPwap/Z2Frmt9HHkeFdvDoF +kwJN1SzmjEexo6XksbCnxbgbUFLGh9VPvLN+eZb/6U8RHbMmdds6VV9bxSgRuwB9 +ekKv950m8G7XSSTVUeOucwkgMaU1zg1F7ToNxhJv/sCBE3q6Y9Cv65HOfmMVcnJE +6PHTSAfz0bNkho1yLKJjBoJkUF24HK1SFovxEowD4zFasHUgJCATuEhNle8kmDZS +4R763eVcxJ8qhkfJTaxMG1y1dqfqt/9eYLQ7cF/tFPCgWYO8mUCmB+kvVAh7yAfW +GL826RNiySb7NZg+QkDNzALIybKFkVi/SvSnJstYjWFnzF5OvsxJu0iay/GXybHA +bvBG1ZLkEp3SSR7+CisIQjwBhmPfc0AbnyJfj7PvjnPhQ01MODVueMHZ9PDhzQAP +tM4hTvpmySEYqPgntkzN5DlhcswVGamqfSn2htKpfCDrZ1cCAwEAAaOBnTCBmjAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVghNtb29u +LnN0cm9uZ3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdHwQ7MDkw +N6A1oDOGMWh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEz +LXJzYS5jcmwwDQYJYIZIAWUDBAMOBQADggGBAAHZATrdzGmUIq+0+EdA1AbPdcaT +UDKJvDS30JyOkUnAv5jr63PHyfw+RS92zgE2UyB4+u43BiggBNmTNCjpaEUmViAo +tdywkzIKm7q3dr0078IZ8LU8Wo+hoeRNkBJOxdgflsSislQYDeTd7syoQ4BW7whs +jjFK2Lbthd+/33Iw3LMekYuZF7ZUbHY7D3nlBidrmTIQQCvOnsW2lJi/S83FEYzl +noK+of3eo4Ryg1/428FHts26PxSmnHv+ckj9R4Jf5kH8kd1WhrgDyHQMnihWlUJ2 +pintDBgislbZytqiBOGeYpbpxKl57zHs421wmUs329asu7zgfJFnCynkUgvuRXdc +gDJ+DAiVaXCJlYnk36P87028SR9/C0JLzHA3O5CcfUdFEUs0BvVe1D3b9kC28rdA +5V86DFCL+gp6rB+wDtq6YnCddaNk+ZCs/QAPidqOFAytaBBKaagMIFk+wlsFge79 +ZssIfKy33Frluw0HCj0LNs2tjWvG4Ku8xkFO1Q== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonKey.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonKey.pem new file mode 100644 index 000000000..f24b3ebf3 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/moonKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAnD3x6bsLjwUP9BU0+hDSo28XBn1aM8+UO5n5XnnuQ8CDB+Mq +pEHgNve71FBD8Gqf2dha5rfRx5HhXbw6BZMCTdUs5oxHsaOl5LGwp8W4G1BSxofV +T7yzfnmW/+lPER2zJnXbOlVfW8UoEbsAfXpCr/edJvBu10kk1VHjrnMJIDGlNc4N +Re06DcYSb/7AgRN6umPQr+uRzn5jFXJyROjx00gH89GzZIaNciyiYwaCZFBduByt +UhaL8RKMA+MxWrB1ICQgE7hITZXvJJg2UuEe+t3lXMSfKoZHyU2sTBtctXan6rf/ +XmC0O3Bf7RTwoFmDvJlApgfpL1QIe8gH1hi/NukTYskm+zWYPkJAzcwCyMmyhZFY +v0r0pybLWI1hZ8xeTr7MSbtImsvxl8mxwG7wRtWS5BKd0kke/gorCEI8AYZj33NA +G58iX4+z745z4UNNTDg1bnjB2fTw4c0AD7TOIU76ZskhGKj4J7ZMzeQ5YXLMFRmp +qn0p9obSqXwg62dXAgMBAAECggGAHb2g3efv5FKHXePniK5JGjkcPe0AjZo20j2V +/UjidN0hVBAG3ut3PZ9cjqaUuB/ju7j2XLKi6QU4y/n3ZXY9Wwl4GY6cWxEWk/jK +8rStPe3FQ+s5TItT84A7oQ0NMunfXzPR/kGf/D0ESpO5HSl3pj1RGcdsoehXbY+/ +8kYNd6Zbl2lYl3X3tgV9Hvp0NF2739z+LW5++7qNK9j0LW/WEGzGrr+9ESaXqCMc +6hKkIWo23MQArf6Ctunb4yWNEIFEDi1r9DzMbZN/lVhDx77Q0KYLH1P31R5rOc1G +NYXPF4F3CSfUsgd48dB2/1FCTnDJ4PmOU/R1L8jAgnSOroTAYDVzY4DJ7vyKGvIE +DL7eKlbwOfS5swyANUKgHO6QiHt9WzcNUGpeinTa3wJ4KoAdG+lzDMuiwRFdSRRU +z7t1ptTf2LuCAtva2daP2SPed+ITg2QB6X4BSQkqR0vPYBQIZAtFjMWH78E2PLrD +01+LpOj8TBRerd834etDODg4ddiRAoHBAMiYg7hWfChw3SdnmAmkhDAZN80pvsUU +bzzAiQ5EI59JYMoi/amYyLd6hUK4Z8g4gcdXzBYw9iwJuj8LMpPBZlplAxVnFdId +23I+GNDmcX2ovOpl6skKy1grNhBigxRUQUGsS9oxrYeuy2VymDzeZPCQmrrhsXk/ +Mac237nncJj2n8I5RtDOoSOFD0+grs7MXs4P+W2HHzWgkN7mBgKeFfUPLI3Kyy3p +F7tXegtJqIJsXlfZ/fzR40QTy7/VbwAW/wKBwQDHZVDYtYe4YoHKdwtAqs/J08QA +29fGkM4ZawLNTY4jz9rdtOuBWg0FPAo82x21xlbRQLsaTKzy9O6a3cQ5oaKtKCh/ +XmKCssrnzJsYZYnhkP4f4VXK8nai/9LFo8TWhB8hNy62GGmfXffsqhAIqIqZA02F +/mOfR6Wrqs7yfzYnJnVsjbR1B2zSiNAYKtk1VtQdGjuagSn/dEyhSCaQRXotXUKX +SJDzPf/H2mj97Cg+3bCtdE/h//N1/cmV/5QEx6kCgcEAh1ua7oW1bBiUsuVNi5wu +8sHhjJiRuS0LzsPg9/Z0zyRVorCv2IRXVK/hQl9q8Ilo0VnmRkctphO+UJI+w8Nq +TK8CwKt55vnsvY83cac+h9uX9tdk8dpN0qX96lp/NvWPv0ADQy3oebkyWLdWESTE +miwJrPdkqXtCByKZHzoUGbO5o/bAWWBFDdHYvhOgQb1Yb9YJqqXWInrBpxcykQuZ +p25g0yE3rzgtomXp3boLck6r7r4TjEkZATQWddERAM+DAoHAEW4w6BDOYXbzA6Du +ceO8sFb7vlt5fFkyOxSYtRu/fi/wYQssvy0BEGEUQAejjD1fX4F6Ga10PPTeWtli +CuuvTdXB3IiCsgwxIpxHPpW5vOcw39aR6mDRsCQO58oOLfZ0xjGNustdiFntj1m6 +dxdMrl2UjE8VpFneCKiw2I/4SunYv/mPOd/BSpI9Jq+wNzJ07mpZpYL/Cd6/yCWH +gXshWA/b/1+PlEPqNS1JmlDnn78/b5pIVWhLfxgFZEBoTxapAoHAY/58nLcWpvpY +3IZC0fBuR7usTACbxr9Z4okHzJUNnoJe+MSE+wQwuE3nP+vc1CrmBSwCjN2wyVLc +gy3idN77NthU9l0oElrPbGFKdFEaa85IcKtnfnspzmvo9AJn2wveZUAlZAzu2zBN +vKI8ubXgoS56uHQnNsWOIugTW/P1I8FnlD4jPItaACGJ3yZWolh9g/WOGS29qJvV +E/6hT4QPPXPZFEnOKO0/3YsMXBwcnEqm2mQ+c4rGMKrTcynk4KaE +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanCert.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanKey.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanKey.pem new file mode 100644 index 000000000..acf3199c7 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/strongswanKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAmkcag4IlKJmgmE9ceoVda+tjzPIbCVQKLCmE6hurieGqjYRy +FO4p0+8JyTG1en+kXkgmxemm1syY1SaA3spUwj/OYj16y0VRmDyGfktIwBuebXTZ +bfEvMzoVElYxzB7aBqOD80LDDTaY+yiE40JHic0xSBg5l16w8Oa1hQqTeyvlk12k +EvqERIEzMViZgsHNqh6x67OtrtTznS0X0lRh+klK0Fc0PPyJU8Ko6SAp/WEWs803 +G2awFbrxXYBGZg3Oqdo/ecuz9TjfNlCJPq1v7NwATWHpEaBVeMXVvUobrgnXnefR +gQusLZOloXYkAZBW/NCDGhluCJYIq3SbvDFBvs/d67LwzGwwaaocMy3O2uDoADNE +qgk3nqoep0/aoTFzfa678HB+ZsW/swvEpDCDRXKR9YFI3LH/YcwMfDv2J2AWnMev +aePgIOoHpAta1EwJa2VPxHuuXPkmVywljVTtGXCiSN70K2P/mBOhdy2ctuj6PbnT +oYu1uHE05ofWzsazAgMBAAECggGATQJoHDP3K2yAKvcWYPw4VVni79b8IuxlxYSW +GavlNQbFtS1jKsp1a5p65oifH34ehId8fzcx9i+brG4zTsJti6cA9K3eoR/Ban3v +3pPixS4kJ1v3+ra1CluYUBZhdhQCXeT6RQ/SwEI8G8auiqg3gHRCAMxC1ynHpgBr +pHTSiF2xk51e/LA7HNznOl8RBaGK8TuwMUj3zfjzf8YWCYHghGhYZWXaKAUg4YQd +/3x0KUvw4qBxvQZFqBswRy10NpX2CAe/ha+AFSK5KlcjXBybvllOnrE8wnInfcC2 +Aef0kbGsMvulRuiNDR+HWIava1vHhYHqQ6rFIiOqN8Eq2bREuZFQrvbZJleztSOv +n23uiRr0E1LpHCC8lnsa4nLOP7T7k+P0q+/vDyef+ZXCEI7enFyLeyaeYWPdgnZX +1xGVtn079t6OkoU60GuDOmfZaix4Sx7WfDHD70iTImAgW+ysqgI9JHCwC4wEJAE5 +azkUZOiCszv3QEBddAuuRvpHCxsxAoHBAMqAju3lV7VylfC+DPaQp2vgbxYkPeLi ++nLiA4f3KQ4yGrKul6tQGnV/L1i48RPTVFq0nz4dZ/FQ84J3DLhb8QajoReJtpEm +rzxzvKDgg8gf66BQVUCxJHzfOLDAUylqrHZ8hPbFT+JEg6A8N4cI7TfuqdG2FPZf +jHzQEcz3ZpV0UM+z6JWQCxGaphvf4OH4GHZbl+cIl7Ifsauv07DrAELZfFX5Y6Au +3QGgzPDfUyiqHT/Qr1ChmE11gR8tSfvIgwKBwQDDCRMeAIXaN27YcWnMvlGSbeT0 +5bTTeqvBc0bEuBO7pBckU9mmq+AeHL7fiVf1auHnmZrXuyTdjel0ivUChIR1h8hN +/QkwAgFWGP6JwYukK+yLl5J0sDY6TPKa1hgeVzv3PVqYDGfrxNWYwh4YQKFg4Ba0 +OoA5zYB9HgyWEPsLiKixeft2lVBFeMndwcNLgyUfEVnnYNCg7jasMBjwEzq/ZXd+ +Qj4Im2fB25VHe4qW9cOmoaXnqBDi03X/u3IJ0hECgcAb8R9HvjSbCeOco2zAfPdN +EFvjrz6G1xD91yfrk/QrTEiYzTSKY/QysEkFMge515g1J+UtOfuEtcnT/79WlQEu +DFgHGm6BmtflPIcTn8cvTxBBP7Rzx72kKVz2LqOK/HgtpULnlhROwWt0KbrzvAyX +giwWjsxXrpmBA2jhYmXaS4F3F3kJYiXU2QUApaSvKX+enUbZjzr3Th5C9XD9YX/Y +uY/JgS75BF5kgh6lQfuEieydSJtYQeP1FDir56DkyCcCgcAVt/L7Ck/dhwK+85I2 +jJME3Vv7sYC7dBOgTTf6PA1mfdVd5EB+gPFKKSVQOzkiSS6y3bYSg/KNAXqX0cmK +6Drf46j4lk7pm6+OaOYfbQAh3gpPWSej+uNvBpaVi3XQGyLAW4K1H9yKsraedi9n +v/q4kPu2QjV5Olsuk6QPKgDqveMbMFxCTkpMEjFYknUu+YGuvf3m+C8DXMOV1R1R +zrJiEeiGlNXXm4aoXc130lgSi3eoHKQe8eY/fBDN04/VbCECgcEAtXL9CAd7L7rD +yIdFrEt36FhQF8PovFb4pokhZ/sI0uN0kCcwl5OCmeqaiq5ecxHTb9ACVWbe5YIC +J1cGvNd1k0yJieXk7DUuguCIJ/PpaTEuaLEaZtdtcqrGsljgFgkrKXhIL0SfVMda +CTgHD+CawFG5ZV7m7RpuQg5Q5Lz0/1tMgvbMSZOWZnolwXLKmLZ2VGEJYoHY+7ua +DMVScCE8kdgXXxxKodQz0x4fVPArKULS+dt1QSK3SPoI1JpZdgkl +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunCert.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunCert.pem new file mode 100644 index 000000000..f1c086ee9 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBATANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzUzMFoXDTI2MDky +MjEwMzUzMFowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2FuLm9y +ZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALqBhFVeobbsy2Xe6HmR +2M5zGwS33zs9pfrdF6h01AOOHjOeymWTAwHHNIGb2VlRTQ5jlqV6cW0kKMwPA4G/ +W/QWJDVhyltda8Eh6uZs5owTBN/eKQ783Vd7TJkhq4UtNBMhVly56aq75DU7YiJu +pzR4na6jOIsW14nmzow4t2dbyCRzrjIlAXvCr2e6fKuDKUQA6RAeeuTVnfuf2MuA +xAnqQXJkJ/vT5/+hb3WH6HQYp/UMjvu8bIEJZ8elyNR3ojHQehBPK+ADlW2VrHhC +ZFKP2YbEJObSGCmQdfL6P/J5wB5+q3s/m3pZqOJf94XLUZ/LdPC6e00cZyFMBi/G +/AcbQJEfU9PXbsBNSkbeIfz7AkcdR1ijfYPyrDovGT6wYs/oaB4SL/qb0OHIhLgt +WX+gHpRFJyP0YekbiJBI7orDZOsy+hYvSdkVg012ObyXVE25kIaEKW5l98lnSci5 +/by2ivyA4WoLmDrolBymOe41l2cFv2w92ucItPCSwm9GoQIDAQABo4GcMIGZMB8G +A1UdIwQYMBaAFOTJzYzyiG0dpy7XXnkxpWZVNc4CMB0GA1UdEQQWMBSCEnN1bi5z +dHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBCBgNVHR8EOzA5MDeg +NaAzhjFodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tc2hhMy1y +c2EuY3JsMA0GCWCGSAFlAwQDDgUAA4IBgQACXiUqwisoOZUH3CPfi+aGaluK3mO7 +nj/gX5X9oE2JC3haWjbnC9fsKai72U8makp12xCpWjHsuiytVlXiiSCRxBGAaFm0 +cy2AI4Ttj+4+GAaI4BkqYBTApdSSXXUH3X4Lwb4LReX+16TsJ4E+d2U/j70gyGRK +F/KgkKj/Bi4F//4/uXHPbgp2istKmkQ4wlcUb5EdM0tUiAUwYGMhdUhSryq4+7y8 +1QaPGg0Zv3nvGgoj332BOczflmNzoonXcihZk97iMRc/TvBOoizvuH9COCSbw/AB +hnVG1lyTQjBAcE2U4MP5yUVuIqBgPnKtbyN3gf30Iq3g/ThVekchrYGO3PWMWAzS +ecfr2yN11BC6nDca039Yub41AuzQqBQR1gY5sHouXNTx4Bs0g4xk+3rGa8MMgI0+ +jXhDVAorQFYuACDuto6skRtkcmXJ/1psvVEv5dcKAHdZCNKkgtXe2XoVvrjNxnPw +MTVros8o+8Bz2R4qArLjwrZtvYI+czZx6dk= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem b/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem new file mode 100644 index 000000000..a694bbb8f --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAuoGEVV6htuzLZd7oeZHYznMbBLffOz2l+t0XqHTUA44eM57K +ZZMDAcc0gZvZWVFNDmOWpXpxbSQozA8Dgb9b9BYkNWHKW11rwSHq5mzmjBME394p +DvzdV3tMmSGrhS00EyFWXLnpqrvkNTtiIm6nNHidrqM4ixbXiebOjDi3Z1vIJHOu +MiUBe8KvZ7p8q4MpRADpEB565NWd+5/Yy4DECepBcmQn+9Pn/6FvdYfodBin9QyO ++7xsgQlnx6XI1HeiMdB6EE8r4AOVbZWseEJkUo/ZhsQk5tIYKZB18vo/8nnAHn6r +ez+belmo4l/3hctRn8t08Lp7TRxnIUwGL8b8BxtAkR9T09duwE1KRt4h/PsCRx1H +WKN9g/KsOi8ZPrBiz+hoHhIv+pvQ4ciEuC1Zf6AelEUnI/Rh6RuIkEjuisNk6zL6 +Fi9J2RWDTXY5vJdUTbmQhoQpbmX3yWdJyLn9vLaK/IDhaguYOuiUHKY57jWXZwW/ +bD3a5wi08JLCb0ahAgMBAAECggGALeWxq1Cee2XKqEcy7rf1otiwzXhydyG0twex +ysL1aeqPhCSPqm+DTey3/y1bT5+yVtgrOo3nW/SKFa2cL1HoTykjv/9QzSswWVb/ +d7VVByOnD3CcqhOQZPby4rxmeV+mcQ7DMg6OcnXKs07p149jloYYR+HjCFeWs1kZ +e2h5ufXcSxwswipZMxu2DtDV3V9pyFJxCIZ3t9jaCBJOR8ZoeAguEviS3mZHsaEI +zOOlUOzAaI2uokS8bwThhUBHLAJEe5hglKtu5N1QGUo5x62wIK1+4McKqX5cphvW +63N5P7yB30hfc1xM9VP/fi5UzmgccNmHl3ErJX6EbHbVNUv0a/wI6cp+s/DQRZMc +Injr5BJIIFbzmqYST+UxEwtxUL7uV1s/eTXwsFxfQPJnx8rWbeyvGJHU6VykWJ2n +vHmOItgaw4Lm0iw5XH2g0QC7nYFW6qC5sk7LIS3xUzN73JWjV2Z1E5nLfKxZ9sXz +aA8WNrMSHUM/KkFaUri1xoH6gdABAoHBAPfA/gcZaoMemP06BIWKwgb/91GRsvc+ +slrmyZy+nq2bQaJw8oYyUmgWfh9X8pD6eVQN7jJBuA3BMg3L4Vn/R65rcwwYKA20 +pHgZF2MbwRlbBDtFQJe8kmwFu+TkHpGcoo94V6MdpbqoRKwQs66WOcjp4vzRLOL0 +ueynDrAPxpOaNIsr66s7xjd01VwEXYlfOfNBpOF/+3vN+O++k45/rnlEWgLeq6ie +1xkv9vZp4FuNf6gnBXcNhu8aDJvJEMfxnQKBwQDAtqgE9K7Rhq9ht8w8P+QZUGYL +c8mL4IGsPgmucuuheeWpmvLuAhsTxWBQhrO8/eEK4je+li6R/x0HYqgytsnOxlQH +xH8ZsvouPtacUF9pv8x7GLnGlvdxdQzmnjYqR5MzFEX/L8+8skiyY95V/kNiWE/T +X/Q8JgqyQ7VlykHtaToYchEhgY2m2Zxw6YhrI/ghtlP6NwOJDYsFxe7cfVvBQj9K +qtwAidr8pKSLyJFaot+dAdSqAYZxiO90aSt/i9UCgcEAjzv7YR1Xj+CjsFrXfGFB +VYysbnMelYSg1p7w1nb6BAJrir9j5yO2ssi2N+a/rQOyG19GY7XM897K0mEZss88 +oOEsDUT1+x6Bq5FODRVhqQgOxTl/Y3o46MzT2TvtVF/LN8jqWbptMyHPOe8aAoiF +dduKSIGiQsAbsW7PtggY1QLk98T3pfKT4UHhjCZV8XKlbTZ5XYmBWg01q11xr4Ov +2hojM9+KPJ1AXCZ3z/RcKnH+6LdOmIqwhRF5UqOG2SGdAoHAEA+pFTCnWUMWXtiI +pwTUJ9/xgUbXJ1dAt3A8MlPVm5GjOG13jaqTQySSEGQJmti15shPyQyPOQ/ABZuN +VRyy2Q7idftEdIncG/qUvFZefVvE2QWIhiqS2NvehWHuNbvdYsZvxwLfF2TsdiGo +qBYW251smbtHibPJ9G18Ms2WjQjWFK99CgPYIG3GggqUmglXZsfhW9s16jg8u/Bx +JeM0wHia+cgfqdPTcnbuV9ARfTJR3K4IYVrbL58wBc22GF05AoHAQvhfvtieWCJ8 +ATqOBjOcUHJ2WLiOslWsYOoqXy7v2YuVt8XFWAWZmLlzcC+8Tv79lCLpOmpiseQw +kP9Mihi+8T15AmRUUsPREeGb7wCDNbd/KixPimhnelNGPNAV+6DPonSa4WcF9jZk +nDa51PBPWCEPB5GHdbg/E5yiWMbr63bcTQNZxlRDaljNSRPp8xprs+JT1AIZI2wq +hEyK6IMjYIj80jB8JZIM7nNgRhzCKCo7RdR3JMb5tduOgzvEheC3 +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/strongswan.conf b/testing/hosts/winnetou/etc/strongswan.conf new file mode 100644 index 000000000..dfb9dbc5b --- /dev/null +++ b/testing/hosts/winnetou/etc/strongswan.conf @@ -0,0 +1,5 @@ +# strongswan.conf - strongSwan configuration file + +pki { + load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509 +} diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages index e2ec422b1..43a71b921 100755 --- a/testing/scripts/build-guestimages +++ b/testing/scripts/build-guestimages @@ -60,7 +60,11 @@ do then execute "mkdir $LOOPDIR/var/log/apache2/ocsp" 0 execute "cp -rf $DIR/../images $LOOPDIR/var/www/" 0 + execute "mkdir $LOOPDIR/var/www/testresults" 0 + echo "echo /testresults ... >> $LOOPDIR/etc/fstab" >>$LOGFILE 2>&1 + echo "/testresults /var/www/testresults 9p trans=virtio,version=9p2000.L 0 0" >> $LOOPDIR/etc/fstab execute_chroot "a2enmod -q cgid" 0 + execute_chroot "a2enmod -q rewrite" 0 execute_chroot "ln -s /etc/openssl/certs /var/www/certs" 0 execute_chroot "/etc/openssl/generate-crl" 0 execute_chroot "rm -rf /var/lib/ldap/*" 0 diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index f205df33b..5c4fdd829 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -99,7 +99,8 @@ CONFIG_OPTS = \ --enable-ntru \ --enable-lookip \ --enable-bliss \ - --enable-sha3 + --enable-sha3 \ + --enable-newhope export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat diff --git a/testing/ssh_config b/testing/ssh_config index 831b9dc1a..367683018 100644 --- a/testing/ssh_config +++ b/testing/ssh_config @@ -1,6 +1,7 @@ Host * # debian default SendEnv LANG LC_* + SendEnv LEAK_DETECTIVE_LOG StrictHostKeyChecking no UserKnownHostsFile /dev/null GSSAPIAuthentication yes diff --git a/testing/start-testing b/testing/start-testing index d339ac025..7ef35f9e4 100755 --- a/testing/start-testing +++ b/testing/start-testing @@ -9,6 +9,7 @@ CONFDIR=$DIR/config/kvm KNLSRC=$BUILDDIR/$KERNEL/arch/x86/boot/bzImage KNLTARGET=/var/run/kvm-swan-kernel HOSTFSTARGET=/var/run/kvm-swan-hostfs +TESTRESTULSTARGET=/var/run/kvm-swan-testresults MCASTBRS="test-br0 test-br1" echo "Starting test environment" @@ -26,6 +27,10 @@ log_action "Deploying $SHAREDDIR as hostfs" execute "chown -R $KVMUSER:$KVMGROUP $SHAREDDIR" 0 execute "ln -Tfs $SHAREDDIR $HOSTFSTARGET" +[ -d $TESTRESULTSDIR ] || mkdir $TESTRESULTSDIR +log_action "Deploying $TESTRESULTSDIR as hostfs" +execute "ln -Tfs $TESTRESULTSDIR $TESTRESTULSTARGET" + for net in $NETWORKS do log_action "Network $net" diff --git a/testing/stop-testing b/testing/stop-testing index 704ae6667..8abf5f223 100755 --- a/testing/stop-testing +++ b/testing/stop-testing @@ -9,6 +9,7 @@ echo "Stopping test environment" NETWORKS="vnet1 vnet2 vnet3" KNLTARGET=/var/run/kvm-swan-kernel HOSTFSTARGET=/var/run/kvm-swan-hostfs +TESTRESULTSTARGET=/var/run/kvm-swan-testresults [ `id -u` -eq 0 ] || die "You must be root to run $0" @@ -32,3 +33,6 @@ execute "rm $KNLTARGET" log_action "Removing link to hostfs" execute "rm $HOSTFSTARGET" + +log_action "Removing link to testresults" +execute "rm $TESTRESULTSTARGET" diff --git a/testing/testing.conf b/testing/testing.conf index ee403435a..5f85dd592 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,14 +24,14 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.6.4} +: ${KERNELVERSION=4.8.3} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} -: ${KERNELCONFIG=$DIR/../config/kernel/config-4.6} +: ${KERNELCONFIG=$DIR/../config/kernel/config-4.8} : ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.5.0} +: ${SWANVERSION=5.5.1} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 978b276d6..3925d92a4 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index c52a325ad..fafe267a6 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no send_vendor_id = yes } diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf index 9e655eaa9..278f98ec3 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce chapoly aes sha1 sha2 md5 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf index 964c520d3..7d030517a 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce chapoly aes sha1 sha2 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf index 3314f7538..d2137d969 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf @@ -2,7 +2,6 @@ config setup strictcrlpolicy=yes - cachecrls=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index 7014c369e..ea1b90593 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -2,4 +2,6 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + + cache_crls = yes } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf index 3314f7538..d2137d969 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf @@ -2,7 +2,6 @@ config setup strictcrlpolicy=yes - cachecrls=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index 7014c369e..ea1b90593 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -2,4 +2,6 @@ charon { load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + + cache_crls = yes } diff --git a/testing/tests/ikev2/default-keys/description.txt b/testing/tests/ikev2/default-keys/description.txt deleted file mode 100644 index 889f8297a..000000000 --- a/testing/tests/ikev2/default-keys/description.txt +++ /dev/null @@ -1,8 +0,0 @@ -Because of the missing /etc/ipsec.secrets file, roadwarrior carol -and gateway moon each automatically generate a PKCS#1 RSA private key -and a self-signed X.509 certificate. Because the virtual testing environment -does not offer enough entropy, the non-blocking /dev/urandom device is used in -place of /dev/random for generating the random primes. -

    -The self-signed certificates are then distributed to the peers via scp -and are used to set up a road warrior connection initiated by carol diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat deleted file mode 100644 index 43d85d06f..000000000 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -carol::cat /var/log/auth.log::scepclient::YES -moon:: cat /var/log/auth.log::scepclient::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES -moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 15aba18e5..000000000 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_CAROL - leftcert=selfCert.der - leftsendcert=never - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightcert=peerCert.der - rightsendcert=never - auto=add diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b..000000000 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 278943d28..000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn carol - left=PH_IP_MOON - leftcert=selfCert.der - leftsendcert=never - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - rightcert=peerCert.der - rightsendcert=never - auto=add diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules deleted file mode 100644 index 72a1c17c3..000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,30 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --sport 22 -j ACCEPT --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT --A OUTPUT -p tcp --dport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -COMMIT diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b..000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/posttest.dat b/testing/tests/ikev2/default-keys/posttest.dat deleted file mode 100644 index 25f737ecc..000000000 --- a/testing/tests/ikev2/default-keys/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat deleted file mode 100644 index 8ae506253..000000000 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ /dev/null @@ -1,20 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -carol::rm /etc/ipsec.secrets -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -carol::rm /etc/ipsec.d/cacerts/* -carol::ipsec start -moon::rm /etc/ipsec.secrets -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/cacerts/* -moon::ipsec start -moon::expect-connection carol -moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der -moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der -moon::ipsec reload -carol::ipsec reload -moon::expect-connection carol -carol::expect-connection home -carol::ipsec up home diff --git a/testing/tests/ikev2/default-keys/test.conf b/testing/tests/ikev2/default-keys/test.conf deleted file mode 100644 index ce84ce41a..000000000 --- a/testing/tests/ikev2/default-keys/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice moon carol" - -# Corresponding block diagram -# -DIAGRAM="a-m-c.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat index 91451e9e6..61adcd2d0 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert-sha2/evaltest.dat @@ -1,6 +1,6 @@ -moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA512 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_512 successful::YES moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA384 successful::YES +sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_384 successful::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/net2net-multicast/description.txt b/testing/tests/ikev2/net2net-multicast/description.txt new file mode 100644 index 000000000..82874321b --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/description.txt @@ -0,0 +1,7 @@ +A connection between the subnets behind the gateways moon and sun is set up. +Using the forecast plugin additionally all 224.0.0.251 mDNS multicasts are going +to be tunneled. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnel, mDNS multicasts sent by alice are +received by bob and vice versa whereas unfortunately multicasts originating +from the gateways moon and sun themselves are not tunneled. diff --git a/testing/tests/ikev2/net2net-multicast/evaltest.dat b/testing/tests/ikev2/net2net-multicast/evaltest.dat new file mode 100644 index 000000000..7649abc5b --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/evaltest.dat @@ -0,0 +1,16 @@ +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +alice::traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +bob:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +moon:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +sun:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +alice::tcpdump::IP bob.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP moon1.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP sun1.strongswan.org.*224.0.0.251::NO +bob::tcpdump::IP alice.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP sun1.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP moon1.strongswan.org.*224.0.0.251::NO diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..47cd53afe --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16,224.0.0.251/32 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16,224.0.0.251/32 + mark=%unique + auto=add diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..db2698dbf --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..65a8ced3d --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16,224.0.0.251/32 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16,224.0.0.251/32 + mark=%unique + auto=add diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..db2698dbf --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/ikev2/net2net-multicast/posttest.dat b/testing/tests/ikev2/net2net-multicast/posttest.dat new file mode 100644 index 000000000..dff181797 --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +sun::ipsec stop diff --git a/testing/tests/ikev2/net2net-multicast/pretest.dat b/testing/tests/ikev2/net2net-multicast/pretest.dat new file mode 100644 index 000000000..e777dba06 --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/pretest.dat @@ -0,0 +1,7 @@ +moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-multicast/test.conf b/testing/tests/ikev2/net2net-multicast/test.conf new file mode 100644 index 000000000..48597379a --- /dev/null +++ b/testing/tests/ikev2/net2net-multicast/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="alice sun bob" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf index 577d74e67..867949da4 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf index 9f1d9c41b..e39c9222e 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 978b276d6..3925d92a4 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index c52a325ad..a4cfc6168 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 646bcee1a..6a6d39899 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-newhope-bliss/description.txt b/testing/tests/ikev2/rw-newhope-bliss/description.txt new file mode 100644 index 000000000..eb7678496 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/description.txt @@ -0,0 +1,15 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +The IKEv2 key exchange is based on the NewHope lattice-based post-quantum algorithm +with a cryptographical strength of 128 bits. Authentication is based on the BLISS +algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for +carol, dave and moon, respectively. +

    +Both carol and dave request a virtual IP via the IKEv2 configuration payload +by using the leftsourceip=%config parameter. The gateway moon assigns virtual +IP addresses from a simple pool defined by rightsourceip=10.3.0.0/28 in a monotonously +increasing order. +

    +leftfirewall=yes automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnels, carol and dave then ping +the client alice behind the gateway moon. The source IP addresses of the two +pings will be the virtual IPs carol1 and dave1, respectively. diff --git a/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat b/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat new file mode 100644 index 000000000..a2df0a3c0 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/evaltest.dat @@ -0,0 +1,26 @@ +carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES +dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES +moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf new file mode 100644 index 000000000..6f561ab50 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.der + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der new file mode 100644 index 000000000..8a520c0b4 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der new file mode 100644 index 000000000..b2831a8ed Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..c2225646d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS carolKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf new file mode 100644 index 000000000..caf99ddf0 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.der + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der new file mode 100644 index 000000000..75a114339 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der new file mode 100644 index 000000000..0ec528ddf Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..fe2643204 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS daveKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..0ec0ac826 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=yes + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha256-newhope128! + esp=aes256-sha256! + authby=pubkey + fragmentation=yes + +conn rw + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.der + leftauth=bliss-sha512 + leftid=moon.strongswan.org + leftfirewall=yes + right=%any + rightsourceip=10.3.0.0/28 + auto=add diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der new file mode 100644 index 000000000..d0ea364b0 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der new file mode 100644 index 000000000..c989f91e5 Binary files /dev/null and b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der differ diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..b4a9ee68d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: BLISS moonKey.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..1d9f6e235 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + send_vendor_id = yes + fragment_size = 1500 +} diff --git a/testing/tests/ikev2/rw-newhope-bliss/posttest.dat b/testing/tests/ikev2/rw-newhope-bliss/posttest.dat new file mode 100644 index 000000000..9ba8c5f55 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/posttest.dat @@ -0,0 +1,9 @@ +carol::ipsec stop +dave::ipsec stop +moon::ipsec stop +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush +moon::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der +carol::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der +dave::rm /etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-newhope-bliss/pretest.dat b/testing/tests/ikev2/rw-newhope-bliss/pretest.dat new file mode 100644 index 000000000..058b3c33d --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/pretest.dat @@ -0,0 +1,14 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem +carol::rm /etc/ipsec.d/cacerts/strongswanCert.pem +dave::rm /etc/ipsec.d/cacerts/strongswanCert.pem +moon::ipsec start +carol::ipsec start +dave::ipsec start +moon::expect-connection rw +carol::expect-connection home +carol::ipsec up home +dave::expect-connection home +dave::ipsec up home diff --git a/testing/tests/ikev2/rw-newhope-bliss/test.conf b/testing/tests/ikev2/rw-newhope-bliss/test.conf new file mode 100644 index 000000000..164b07ff9 --- /dev/null +++ b/testing/tests/ikev2/rw-newhope-bliss/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf index c47ca8027..028dd8e23 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf index 079ea723e..e7364f6ea 100644 --- a/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-sig-auth/evaltest.dat b/testing/tests/ikev2/rw-sig-auth/evaltest.dat index 5e264c5ab..20849de1a 100644 --- a/testing/tests/ikev2/rw-sig-auth/evaltest.dat +++ b/testing/tests/ikev2/rw-sig-auth/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES -moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA384 successful::YES +moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_384 successful::YES moon ::ipsec status 2> /dev/null::research.*ESTABLISHED.*moon.strongswan.org.*PH_IP_CAROL::YES carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_CAROL.*moon.strongswan.org::YES moon ::ipsec status 2> /dev/null::research.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::NO dave ::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES -moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA512 successful::YES +moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_512 successful::YES moon ::ipsec status 2> /dev/null::accounting.*ESTABLISHED.*moon.strongswan.org.*PH_IP_DAVE::YES dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan.org::YES moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem index 929f737c8..d786db30b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEITCCAwmgAwIBAgIBJTANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ +MIIEITCCAwmgAwIBAgIBNjANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNDc1OVoXDTE2MTAxNTEyNDc1OVowWTELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1NDEwNFoXDTE5MDkwNTE1NDEwNFowWTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAuByYUPGv67XSQHjpfFjhuH/l/sMIQGhsFcO4ebYv -7otSsjbH4gasmAOvEFxoIxkOG9IWFAHP1WyiqG3sOsyyfUg6wHl1FTe4Y3kHWZp0 -DvtT6CWnnxQwKibIhXfB3IPHRTcRG1zGN4J3Vl6IofIRlrl0K3NYUUofn0xMKAoS -hLjwuqq2eviX5NIQDOTnoga2C5Ed58hIc6/YWXzfg9EpB194tcCWmSj7yfq6ruD9 -xAh32ywd10fsi4tt3F/BWzXjySxBlBhvvh6kL/Nqa6OSWaXsvZqXmrYm+hm4LKkO -ZLZYzBqJRpRm1rEhYqMg2u0SSSTXsNFuw+027n7Vt8+DzwIDAQABo4IBBjCCAQIw -CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFPk6ATSleHErWFAYkCZD -BhDo8X1qMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw +AQEFAAOCAQ8AMIIBCgKCAQEA0021rEucwTZnd5pGxpWrXvn6Vkhd8ibwiyQ7ynpk +1Wi+WB0eWqW6ciU3BbA6L8DXUZoo0BzhIlH68X1n+CWiSBS8lBC21QJTAYywdQar +TVzUusbhX5S7c6JQrk9Oj+Tt+X5D0Q91SMfcB/i+G9IpZZz9DiceCIxpBd0HxoPJ +PRANjThQnqot4TYYUm45N05PixAD+K3P8Yik7BTRHPV4JhflPeOd0pTZL2b4sg7O +vZctotdF/riDvDeixMS/OlYxrKqVeP1wafsTE4MwADooRgaWa9zkRTxO4JwNE9M3 +LQ2s8AUq73kHxwJqhvom18lgMD056iZYqN7RKSaE+Zn40QIDAQABo4IBBjCCAQIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFONu1FifPZHQiluTzIlQ +02i3SSqWMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS -c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3 +c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaCFGNhcm9sQHN0cm9uZ3N3 YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHiE/MMyXJXuMuhw -/lu/UwjCHbbJMA9QrBJe++34OwAV0siM98loVLs23vHXk/52QHRIwZgMLO2FF9Pk -4JkFOvTXCgNPZKrUL28UhHsnJe8EZVOuir5o6yTSti+J/tR4M2YoY67JjW/KeTwU -BVBtBVH88gf/xm2mSlIrkHxG3/GWqyEdeY7BOaft1sFTTZ1gKKXQlARtWidho1mf -5Y1lZ//kOuvMjnk+hEWPWESq8lBzLOmQGBk65vaEH3LVZxSQVJbfG2E0dHgPZNgc -hFOS8Oc6L6AfKlWHAT0ZCR5+1YsxxnlsftHzxiA0ayGCgpn2qcN+OPjfzPCtC80N -6oXDLZM= +cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAALEERUj19IbP7NL +fyNy+CRVZ9fT20jDjLhQ3yZpmYep2TEAAGIP2I550tc/eIXj4LCJJ3i5a/AdSQjW +09beMwXatszqrE+taY7tELSKGy5Pbnb32HIDPwKXs92Ivxt9FgwUaLrj3AtVUmxk +0bhGMSjkgtrxbeki9394+ISW0EdD9DZSheJSLKa6rykb7akQPU8J2hreVAFdNZnF +RDVpT/OI8ZoH0K12YvthC33fysmKyGNCjDRP/x4UsdrnRpHP7BMjVe1TJQBiu6cm +DWPvj6ZkKqRZ2P67GVZLSu7s3hHKu0O5p3oY0J3YLh6ZrCw53dfG0860vfAV78f3 +DhxaCpo= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem index 497d957e3..cb9c85a81 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,0BFCA887A0607C7629452B14E865F782 +DEK-Info: AES-192-CBC,3B3CC0EC06DA44CAF42AF63116EA300A -NG0IHVWcpgMabsPpHUOQeWi5pbAaXeQMkBMAJt2v5UIkB8oKojx4tFt98IKxlkPX -oUNYiw5Ku5Iz61EgO2Lk7NKYB1RPVYSvqnNOtqOdnbU6mb+rZD8dP42wLmVU91SP -VkBGCutAV3jP+lP5WYxTqUJI+MHaWaQxxDABgVYwpOgRdri1hqvcqVU0+BIEgnq0 -PzjOGF34zOyProCo3T8R4Y3QkuFy9KJAKfBRVQVyx2Mmu/3cGB6k+7YiU614WBxM -MlG7gMWx054QrYte5G9RvLCv98katprqbxSFF9Co1aOkLMxdY8vdyEn0I+oUfZuB -bZ8e5cdWEzdkz34rquh7cty+WyMfwboYgndXtnke33k2nltoP4Nhvgehyo3hQcio -4elGTyYTlzzSR+bcAtF2otcPL3idTlcCJQ/8gcydotY3oBI44lUhPbIYONKQYYUX -wYrKdZDHa2zxKRyWLEgbEqfN3S20iITREUu5pTAB4nzNtNf7Af6R81bS5/WsfdDk -VfJJC+ICX2GWxNefUPR+/wMtHLv2lIDzuBFFborF7v5YYHbQpXpjWbpFVaw7/0Gf -d5XuHG3OBMmZL0q0rLbSrOfWISJ2QnPmC9bqp6OgncTMDuMXkmyXTDu1F+oT8gZ2 -IBRL94gPvG5hJYaAIZXxxElbxhzmNb4E1nnYikYJXJDvjOk2+yPVZkVOCBGqP5Mn -p2ieW5ZBBlUtnVcRAalJKxU9l/vPjtQjE1/aeH2Z/B01Rjn65kiVXwyLQxnxBtDA -ed7Rpdc+wcnlleMLkIg8FntXpb7CIxqNx3eC8yaq7kHDCaWHL+6/4bexb/Q7Nzxi -H70ITSHu7L4p1KpLJIyaYHRYG0AKjr+vezK5SjREjZMpH+w805QLz5d0QpJSDTWI -XOkPW/vKvnacvUlPIlQrAS5fxMCQJgQmTGvbKnC+qE1Tbkc4Bz19cZn6Fseq1tPa -i8w2AKno1t+pRfXXrh7p8A0YxEBA0atf1O7gnyg6aMcMHfm3kSxq6xuPhNI4gG9z -v3yLNBd/08GGEtHNa6jG3cvankHpG6VUjFd5jwaHpvLZCh8U4sA7r4soXXag49LC -Y5UkHcjFkcbacBKX39x/AnGUCmP/bq+PLJQ7z35XQ360rqFTlGPISGzLaDiBKFxc -53xtkkgTqcrZq5Tv9xOIT+EhH7Z7ndAtA4hIs4rSc0d6zde206w3hzqzUwooPppj -qEd+FSb/lPnKQ5Q9z8pod28+CxCaxqxFBqfDT6ORlegdlvIWDvw4HS6BVWK9ZVy+ -xODJ4t1hTuTNEZUiyG6DMkhuQ41L39mnHxcSjWicS6BLYql+BAxM+Yp62VC5q3p6 -qIG17JjTSOm4FuyO2R9l2/jXjj4l4adPDtCmpJfI6PXjXdptWBITl1YrgHgeEme5 -H+Ag9HQgqbuP8REc4TwwCoMOV38KLsvlxK2oa1o2dJPF3Tck1rQNVM5mY8TnxSN2 -ozygG/ECyMoCyBDJYELfh1SN4OmX8kbsl4t6YxqydmRy9AqaLOwwSCKIWLH0graF -HwDujb3VkM9nhplw8aNeLZef4M1EpCwVVW+i6h9ADfWClePjJlJ9XTtgZku1TPEA ++1iflM4ExvjvCHQdk8C4nTd3DdND8KXrEHgcfUBlMasBSRca7++2i//FKNbs7wTe +M5X9JsHiL8ySsioCsRC778726Un48IRIrioBj4B3EsZ+vQL/E1JoIUA+Qm5WkjNT +Rd9o5z+C4GreHRWYP8Io4j+kDXPDTz1Ga7EcNFqoQybjwca6Yn8elZQ+ZfntZxTI +jVY37X1p9WmFv5ySkw5NyHzLgRGaPiTPg+MB39gOWzvZoZ6qQbY0lAyi+zJ1Xu+q +m4XeqNxYs0hLjEujTZ5+7StMThoTJUGiA5DbjQb07c1n3G9HytgyTnihEYWVCPq8 +Rb4f2/grVWj4DHGOXC7D5LNvvvrDHZZRIn3DjT73vveAUJcVawXCpx9TBZIvgsP8 +AbLr7PUUUmnngSkCRpmWphJjEEU28ocW9nP9qs7kLCk4FlW9vDXru37KsjiiN+96 +Puzczv6M9SLdvCKVfAYoKRNrmmfHO/HzvDBQfGhixs5B6HqW2RZ4TV1kUuqREhw+ +5ZbjROPbcXw6M0S2WWed81YxyFmM3OKxtFw5m4PUzQgG0uPAO2ttJMWjY8MWGxin +QYBOldvlXNkJOJOMJb1xYJ2OR5idDBvuhac5vJPMVJ53EMsJUviBf95HMZgCT4e9 +bcWbd1t5zV/xEyJRX+OlMjN9ket1/4m6faXTbcuEkhGGFiHTCv/wyPjBEtHQ6Lav +EU8zdtRHU4BA15qOwWvWYDyIya7LQfpcp3CuTwwQoOr47RIya5wz1WJvfrciuJUT +ZUflT88FSkfi401GRwFANArG0pdujuer9eHCzR39kQ1v+9goI7LF+mMElZb2Wugt +ccrX6RxvtBzAQBMaakMWQI048vibWjVGEmXxEVx4rgB/ze7WStVX+36/UE7JVw8P +zp0ygt63t1DgqTwwRGvkq/nvbOw6rgSuX7RWuOFSn2flsgEejJt1dmrg+/Iyb7Dm +/pw4d2+66DqfXDMBrj8+mwTPZolJy71aXv3xOY3rOB6Dj0K6X7WZVEiJMFbBdsJe +xS8OrRausahEno5KSqA7O/EXm4eGWl62OvMtixUV3Gg7Mz+nTsHbU6pzdMpa4QM/ +eLCPfUpyIFCk7heSh/k3fc9qG9L9kAn6qx+FoiZ09R153oRhIqGb5/P+4iXBFLR+ +OlsrSPJvXo/JpJHQh52SQe6mCnwAYIMS7KxF3sDFAFQKPzzXQaaqXUQkOLeO4Rvm +GKeRDpnfZ4RcdVu6gWz0stxnK0W32T0ZZj8RXlVJOJJdcfZ/gfmt4wODkqVCewF6 +/6JFneSz34qUHreHrX0fmQnpOTo1V3t2/iuliFH05q5ZuSRkFekt8qBlHm5bomYR +Xn9DwOUjFvIUoRj9qDO4L4H2wT4FuJjWL6WRzYtk/Z2aZzLcpGN03r8X7EOTbqiC +tAgb0+7HPOSiTQ32DG2mJVjqcCCd1zWGY+IYSbZfFxWsKUqhGa9gAQQpaowoR7nc +7Mqf/Fygjlu3YKPLHu5x179sl+cM+oYqN5ekv/O4Vc0f37jlq9/QN/MNpe724DMy +BOdwY6u3T1srykxtu2w7F6E1Yjf+y0iW6mdHvfzNWoOUFNlQwmqHq1Vw1XOfk8YU -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem index fc769c1c9..9c62f2132 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBJjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ +MIIEHzCCAwegAwIBAgIBNzANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNTAzMFoXDTE2MTAxNTEyNTAzMFowWDELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1NDIyNFoXDTE5MDkwNTE1NDIyNFowWDELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01 MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCs5SBCzV3Is/w7CIzfBXRGv6uXwyDivRXXYsczeSRf -5mw/slRVAEtNbX8rQ8BWLIqiJPCLDek5ODkqKI+hArZVpJqMzZyql2Teosrtnokb -h/yA8EWtEr0jII2RxQ0xb8r25h+DwBosAM15B1rCAMmJOjbEMMBGmAb7y7N0K8nr -Z8RctwrRdCGVcg+f+LFrklF1tBLs0zGIrJsk1eB0XbrB+fEPar9Lmn+/q2QHGPCt -aOlR2ZxRsjqsYJW9yI8r33PVVm2aGmS/19UguEG8FC3owud0boHfP91/NvSIWfhP -iIuDPjJOBPEJ/I6OYjYXXQuOZYwFGau2WrpNDQioPgedAgMBAAGjggEFMIIBATAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU5re6olyWAt1HfN2l92Rb -7DDCnxMwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +AQUAA4IBDwAwggEKAoIBAQDOTJOm4HBLbc0fCUHKOSYSAJj+dbWmXo+M+ViblRwU +iTij2wBchH2T3SUuj/OimtxloyVWyfATS7eTjCbqPbduVc2aE1QqwpBzTGnh8hd2 +1IQ2Hg/ruAS1t6XlGbQXbzOmA53tePh7iLMeW1UzIlq/i1isducIKSOusc5/225j +2C3OHbfpIlBzW9NgtDZZqAc6BsI2z6XsaA/U0S+4YYv8mImsSm71aoeesGLV2Fqm +7xQLxzH7eQQS1gg8+iWfPTU6pHL6AYR7HKKCdMiqDUOrP6VEleueinnzh8MbWwa3 +z3iIJ8pGD1jBLJ+Tlt+qKu5ZE0fGX2WCVntkf0IWc7HRAgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU4jVZk42tDoUyFnMs869u +69kHafUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz -dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu +dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITZGF2ZUBzdHJvbmdzd2Fu Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQAtRPFMSuEnPmqeC2mF -OE5N26r2p8HfB4FAPwarlg66IIvKvkk1zqn5YfZIXfMU/x5q+85aO31iQmjlAPpo -KXqRq7V0a0ldjXEr+Tz7xG3jno989dBrD3kQZnwXR57xGt1qTVGY7uQdbgXWzVHM -GYS6gjUw7Df9vAQcTfUxUpZc5wlDoiRrFkyPc1raFCZF3//Ig9agjO4r1SzPHYw7 -LrHJR1xkd0IWVTW8Z6xB14j452IiimhyK1zAR3zmh1vH9VuHDLHMhyjSl1R+gk5U -KzDPaqXd4NA7eIQNiAhysYTXfmUYytbFNZw9bamxTxlCmca1snuTIcFM5OYOfxRT -iKMh +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQBvE869kmBTDlTm3LnK +Sj6tGRhE0rN/Ki3zHBTlVzGZvaggt9ZvPFcLypLZkC0BfPu5/z58ig/Z8dC/bITR +g6kr02wgpLlwOTrU2dNQ/ehKOKClG0gkNNlw4cdi5ayRFXVvYhWzZNPGvIY8O8EH +LY2oZ0LXBvttx+rSuFAYiOEXON5/oiiNpGxqGu2mYIeyAAIIcKa4PqvGu7DxEGtN +OKwJ+ez5bg4qpUVGgBYce1SbzShS+eAe87xLRL1QKxcBD0DVFb9c6hrPRIpdxHD3 +AEFEo87lj5npbvP9PExufP9mTl4Ko7mENhEYVo4/2eGsMmyD+FXUWUXr7bWY5Zrg +jSFJ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem index 3223c1dfc..8fcd41063 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,8AF4F2ED0B6D096AD675CFDC4F41083B +DEK-Info: AES-256-CBC,5AB0B0B04BC2FBE873B5D35BF5A6082A -2ezZg1fOw6Wcvk2ei1VLqpA1Z5lxroSsibmDu5+UuyJyTtdbPPY0iWxnryVoaXBq -9VK4AD7lkoJOX/CymbzSSOkBL4t9fN6akefTN6rEY6g8zN2q4al3xxIvZv0WgCDg -XxqJ8ZsdZmUoe12RbJ6HvMw9UR2m2XZYvwcD9+hzT8Agsy5JBV5Nkgxc52ZVYoIh -O5E+PI3w1yrXrzIPx9H8nj3VKRGguZCVFtae7ChSSxotoaIQxM6weVkEDUQXtSs9 -CmtXrn/o6uiafzfHx2pPELdsARlnuyvbKATrOr5lwnM4kwUl+bBvoRI7YaUsg/A5 -48gy82PQRZoWH3ofQv1d24sGc6ZctrzRRrCLzDAGDd3fw8bJkV2b/9D1u9O5Df7+ -Vs0fdrRoP8ooa9d131zBy1brDUckTsTIQZ3Sn4FdBI610MX7l5gJ+7vXYqp/rMOt -Rq8LZoKggzeklwYjum77YFdtbv4m4ihI4DUYHY0xWgMDUMQTFLEUgvAeNrPNRRwI -Ep1JmV9I7it6DHrCD9QmVWUoxSgRqodQDV4p3npH8WlrJMlL0ReiOJZ45PWOsmvI -AAjdsKLwqQEfXkckCvtCM7Nuu8pNA7UUm9TqNLFOFR3HWtm0si1IE8iXu3v/o/tx -OzzRl5pxc1tg8TFiFrNT2+6+HcAJOnWboYJRJzkcW2UzVpSZ04BLiXHPfGue1gG7 -uPZ+pp3k4iQrRRC45I1I0MwE2gOpppt/MUmNVPGqvL/Uu4RGzOjPk6Re4mm3GvIs -JOD1Pqsg01OUqKTNqsTPEld8vLwFPlOgXwmPLr5cpC/hGo0YUx3ysJ8Hw3FN20V6 -+nm9xWpPytNqfaY7jaxhMYZPgz81WOuGrlCv48VkoJiWlrTxbaq2t4IzR2SdyXKd -HNu6ryFn0WVw6hVm2aE8Al9mLxmaiMhg6HaonPoQSVoHRCCM8/GoJQRx9I6lonTC -ZY04BuAUT+nmMlEa0vlLI+tbS7gNkSNG/UyUFGRN++vzQE6s2LPfe9FRsdOfnhaO -W2VqbFbiKkPK+pKXjh7ln+NMrXIGxYVtuKWFEUEp9drh5MQCUFNLTn2Jblb6u0kQ -WdBP9Ku+ea9VprmUVnTYhaRZbuMwQFlfx9eImZ1UQPs8MWSUWI0t4RB+9kdN66n2 -+H3aJTpGv4BGNdSohSCbKKe/VttflnkMQHZmSY1iTDQJhZqbMSAuNv/H3DV1ZBWv -pR1MYwG/kXbaKaFRTctPE8tLxTvO8GG9JmOPuMgldYD2wq4zAu4Fr+Ve0jjznQGN -nGDtG7NoUJxJBbcFFPY4pRH3wtLWXlc1WUnPAxen17ZjbYHrvA3WJqTNCdtQ9tan -StaDqbhDTwSS9HDAvdH7tXLk+lQ+xlaeKFDRd/6K3Tngtjwly+kJjTH1bWR9BXyc -rHeDSpexPdMgVccuDTGDloebjZ/lZVKqkyL0f4/gDOtw7/0kjTZZXkkoVeVKqQyW -aHREhiszCHhJzW2c+Uw7mPrd4tfolPsI6mneNtt/6CCf0kl5Nkx1rg7Anzo0YSvK -vHj7ciRZLri/B4fOFhfZvk4Qgjoq2t7cBKnuAcZuN7pNM8DRruDekrHKY2+uHJnU +M9GcjSK3WP68ZJ2KcFTfqU+vcqft81ypCMkRFJzT7RIgx8Z8dKUYUZtJLX7IkoSL +gFbux1Jm7eeQl+Lj73Vkz3JjQDHPz7jeh0MjbPz93IOqwo14NnEiVQylt/cuPgHO +/VkRr/rd24nObyEVMZR2rfQW+fHDn64EoJ44RCkK8M8s0edLzl942SnyZbOTKpNt +2V3G6v40e0TgmgCBQrJIAW69GFQNOndRMCQwtPojkX5QO8yeqz1m8QXhNAoGR8Ei +iJjy3u24dzmkMBSeL+1tlbQoMsR8dcNxroDBxWQerFbhfWq8yLHey5FyTR8mumqv +PFuEA+MJNOwj+WozaeMZcWdCB8UDadtYfNbWRRGOWQaEC/hjySmiegxr/XfGJRhO +QYUze4F2BbA7sY5E0YWMm6ENfbKXkl82sW6K+tFZrEQQXh0zaeeuOJvTxWrCKxMn +4lnIdczwhnegn/O8xRZ4GNHZi2nJrojkIBj2J6quzE0KcmK1cwmv1Gt+QJqa42pD +LL7HXl446oAcC+/8h+euwHubZwAv8fZn09j9lA3YFd/Klw9hRg+M4iesNLc8W80h +FW/W8InQwa/BfA4o0IeMMkewVi4EbSIhPcQkz+rUHgS8bjhvX0/E3jFdzZnatzTF +04pHtxSHRnIp/L/70oGs5yk//Rn+KjYeZxAIHJgf4J7gfYhjQMi9DzD2Dpan7Dlw +N3VtNeHb3wyDhYK9vsNiLdFBHU2oNXrZDtYYUDJWYVuzEk6X9twROnHBPPlea0xJ +2nfpTChtBkv8pSIadvsvkORTz7fKjvco8f6zndMyzKQ8xyAVSifPZQDWGmRREt7m +HTb/XlB9pz/KNQCgNrgz0fN4OLkQKyqYhMMsPCbUja/NnTOvdhMF5aDEmB0whokM +XhRPKFLHMjaqbHzBFXYLmCODkdCrG2wkbLHTtMmOc2zNBFNO7ApeaPqggXcC8Y09 +VpUsda5q6GMUpDVveY+ZHiSSGBYBNPHARX+aryNzY5KEaItjPD9aO9AcZoT55NCC +iSD62CKlOqm2MSy7VbXedyrwlUtFHxg40XAsMO0chPc2OxB0QDeCmaAi+T4RQgZn +O5W5b5DJNO4NbTjJ3ivmcl3QFKgJFZN3S6mUbKmlS/BGRMDSykRUtooI4ULSELMC +r1Z7uTMl3nL4Wf7sjS66iUd4zGjF3BEzFsEtbk278A9jdO6wpFZNdb9hYrISzI0z +1nezvZBFL7hKjHnTRaylr83d4o6qoPG07JmgzIY+UVFr738CTsoh/rq6AM8hWUek +tjst81PFqLKqsV121022epxfQSe8sz5KqzehTBWYo1ZbzlD9B8LkzXXIkVpOBPDY +nFpQYiwu/V12MGVTmAb2CE+F/j37KAbsdF5pi23eAYvp/miz9SqkcsD/Ucyg8AvN +/yfv8EX7sf7tPsknckExorQqVPOZs1XITUx1Zsmv+hOKRMdtyrVi7mn8wWPbP36G +uTL6glQVlGJXf706IcvG3tgKgXnG7DHK+txbhNFIivNd69C4ykoVYhSXpmHj2HBq +fkuAPRwAdSd6xeWDlZ49u9l/Q2Je7JO9r1yZTrC7KDIFbEZkpbWPObYjyyYYB2sq -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem index bda4f528e..20fd0249b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIENDCCAxygAwIBAgIBJDANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ +MIIEHzCCAwegAwIBAgIBNTANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTExMTAxNzEyNDUwN1oXDTE2MTAxNTEyNDUwN1owWDELMAkGA1UE +b290IENBMB4XDTE2MTAxODE1MzcxM1oXDTE5MDkwNTE1MzcxM1owWDELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y MjQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDEPYW1tmcbkgNMcnOHXAKHlgL2k7r1+rVWJ/8NF9vI -7MpQ8qomHPV3G00CYSQsCDgBVvK71pasiz+dsYdHAY28ihb2m/lsaSquwsb0Fexj -hJiqaohcLJk0MjTDUdArh6iddvDAYMDkfApM49TaXNxdz0sffV5KOIH0hrQe0wsw -P2p/SHTATNh3ebTLr8Y7dMKecxFrKQswZc+d7gvIftZXRvjsUprc77dDURGByPw3 -N+/23chuDXNNaxMylWQhmiTUne8tIyg0vtur3do5Dq1IqQKqvxSfBjRL6ZJU0/6l -KuhChV0cSVd2H2zzovuke5XzHzUsoESWXWYK9qIEj2HRAgMBAAGjggEaMIIBFjAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUT4FJonJgeZBpFHc8iosc -WWM+mPswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +AQUAA4IBDwAwggEKAoIBAQDpZ9FM1s4VqqweOS24P5dVW4uTVrN4HgK2c70P+umh +u5+pr8cyPn/Kdor7SU9B/GdV6onZumgSUaeNqCSmGzLA77x/nR1xRWtiszWStJUQ +ICszEb8/WkPq68jlsmgIsfpTmABOBPYTvAqh7bZCTSoySG2fKt+E4UAd5S+BH1CH +YruIvrvuNxVMA/z8J+tMFZGqjQ6DopatYgSpccbSX5kuAgXCA9g9cemoPoKjjjLD +w0JBKCErtNKimY9pvf+SaRqoCc0YTIw6ydyna0e+tuPQImFjopZTyelnGHIZ/l62 +lnmrfB+sw2Younp7L9Fh9ki4wBOcXS/g4fQgyjKvLAG/AgMBAAGjggEFMIIBATAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUwdMoB5LJvckJ8GY1vi2f +AiL8s5YwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu -Lm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRw -Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEB -DgUAA4IBAQA60WN0QwQuFVYg/C156POjKENZP9CGF8NyiC/NUYqgbIrGGTTpwTxs -pW/+YDG1tVtCkqtLGsO0uZRe8Ihs3afNsPMNlCiTCPgrs5erc4ZTv5MB7Ap2lyL5 -NSQ9SggICbQhkHQHP6TINtas9+FrAw10jWIa107DYLLC7Ea77Y5vryL6/ymrpwdL -Vwm9kAkGYvm0lmzw6YfzPskKc3MpWnjBTraPG42Z8oWTEDJnBtS761k60lNwndKC -JdRUxoOOegzsKIIzorRz9xCN2zA2CAeChqHMbBpNCRwl0dQ00ztXReONl97iNgw6 -NrdHsqCiH8Q+I2JCxU230Zl6UFKARLo+ +Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDgUAA4IBAQCzWf9dGTbHy8B91uSR +BAR0K/Wi/j2AqqhDxIH7/PHh78ww9Zb1bBeCt5iFnpqGdTe17vmbga8QGK3W7NHm +hFYUJhXGyxT3uclUzsePLXKqDnoG9tbZMLoJLzle3j4uJ4PjWN0Wsu+76/QZudOt +zoJUZRyMvDfBByLOLqbdR7KOm0hNPsjCkzEfj2ql+IDQdNhulatpThqTRxZcYDP8 +bxpDIOaJQPGwpQFKIkZ34kZBPjUVY6Ad/mvoTna/ydWrPCGjfqcn/n14vxFS0nyh +FRtEpelFVKTX/JDXs/IZ0Bsn+lWar4lgUEs2PlmS5sMS8EZVOgiazT+rdVNWHrQh +cS9u -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem index 90631fb98..7b8a3631b 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,3EEEC63B86A4F0864B610F29D446AB99 +DEK-Info: AES-128-CBC,BA475B267FC48360A09763ED2A15E817 -aUw9rzSBLmvzVlWlCePyRXs2LL10A2QGVjB9jiarsjVLd5k1uVPrLVb6lcTVuGR6 -9pC9sA7+F9Ub1V6oe/n5f1UiHiLeaqdYShfVan7N1z0Kvoaqg1qaVNmbGuZH81Mv -VH/kvfKbig6Gxyn2wxhxoQ84r5uVyzzrfQlrqcwQze43NuRaxh6Eov/vpel8yB4/ -HNSEyItiDenT6tDO4Exw4H91GYWPbutaTmcsbaDSQS54LMcZZA/NVu0Y/uiJ6lxJ -5qQ8xejBC07nc/g+GJgFRxetd56FdiTXR4ADVUiSgOrUaUu2t9NIMig9VBNYWsmv -wlKI1NB/Jt111AhbF+wdw9M0Yqe3O4V0N+jTxTzff+0gky61T5CxbhCMosD/Ohzy -IhRjeuL2gFvCENd2kn0U/1POe9anPJEo7mYfA8oYpxb/jl8KxIxssxLKGDE5qF8n -+J8jGDFbLkiwm/pDeFSWc1LZqKfZsSsBMhffC4NR/hhCi3eY3HnMpnyngzpWpwwY -eZnElVXFYro3qEuJbLRUkD/7rrLgU+LMoetdB5I8oaEvKucRo7dulLNXUFCt6tbK -AXLWn+pTCuLpjtAXxWjF6Hyr7ssLEcLjixDwdb66Ypqm3YncjFemsRFncVQe0R0b -3LY0FH4+GFFXAOywrMP1rQ+2mhl+BH079bu+BhP3bjusJwqBhlz8j4cnbv/STWGl -B9XnMXYx1NVOMFF23zMm9ftkPa6PvkZ3TcGJX2S849pxPTPrA0oFLfIPqyYLqZ42 -+a2jmMdr7lPtcT4ENshpWZ1L8O25Bl10yll+Upx4T7yDrSD/9P+yv/MyIlGiV1x4 -N1oaaVdTLU+ZZbpjVUmD/eSprGye8FzblEhSkY990m5kupWxiPmHzLCKHRYBOnBS -rNdyiz7pTXAQQLZBP4/RLDlYuIyXmbmn61PSdF7u6K/daUf+voKHHGi5m5NUhnS7 -zkUx+ZrHUoWhybOeMoQT0lsx0BsD+NiuqUbthkTFXyLD2dhvWcyAtsOW2yLMATa3 -09HPwdjI2ntJx4Msz1jqBY8XicXd+NHS5yx1jvg0POnygX4sU9xF0J3hfk/Phwfd -Cc7I+jWi+1yPwKi85PHEs0F6SW2kxOx9rmdwXi4EC7Lii3d8LtCR4jEKswzLNwRn -uceH3+vUv6UZC7EA9cdcmh6RWe3HvTrHNyPoYHng35jT5aZ1lhYx4bg67TJg7I6y -j2OyP48YhbKvpF2S8uUGdhCZSYJHLqh3yDI1DrzABMZ/9s0xpSfQtzhQYVz5svHk -Hv93VcbqrYf2Cx0OlxuZG4EEObyYdSqFnqMQBEf/L53oDe9jJKVaXt9IA2XHtyBD -SAjQeDUUKlzfD+CctjX407qpF2Z22xblGVKzYL1V1oXdN4E8GXq6VWQ8SSwQF/2H -wQYubDOJ6xxP1PdW+ws2eXhe5g49cSW4PgIpvmxyUEEnKro16RQL4M3Hv5VJYic3 -CRxugrdJWLSrHGnoz/0W5QUTzMX4L2RNf+xeE3eKU74qj2lWEWZgtZLW1waiTqXE -MBvvFYWh/qMOprpTlXWG5vTag1XLj55uutz1KAVXQRg6AbMKpLXi7wTlZ2nUpUbj +jRBH0cHh7XWdhRMqOIoOrQUcQV/petFZ4n8xOlZyKhzN8tLCSDEujKpJ/Bw+mE+X +kXR2rIV3KAywXe3zWkA7s5jiJBKZ5BeTCYyk5veMf9GlRdKbh/BmaHelDRb/yvsv +GVlS9jT92vde96aMhbJM5AI4cjlu4GxFz5pCtkdg2hLLntSDQIl4fa++Cu2ToN1O +6wFbvYrKRB8eLUMXEfU/qfXnjL66QAnPA1vW0ys0DWBQKULjJXYzZJPBS/K/3tzS +HkB+ZhlLmg+aeggxxm3axPa8xF4VkmIfICsOgNcs7nUyGcC+9bY3DWpYtlvYo8ss +xOEAMGygf+DH4KcGfET+21Lzi8vX9Zz8dG2qhulojZ+IwHZAJ2sLcxGo2bJCimAD +0sOA4d+ikplEIUJlzNK765y5CYq93s0vgT7E9RiP1rbV2hn46uPZmTxEH904Hobs +h4aUg7jdiMVHX3/oFYnk0uKjVc4s/QukuvQ2Bd6DTi3UiSv59bZOfKyElQyFwSHP +C/eIn2lZJrYZBhIZT7BaoQ0ohnXiF7LNeyYj7OW7HeMbKmoIyYBvXFN7F0yk+A4d +LDa82N+OJax6t+mDMtfx0bH86mOsvHG5O4Vu3AcJIMTsQgyq+7RVJCt3MJXNshbk +TnkrMrWPFZgPuvZPi1l0+CcUXUqVCQlRkyBccDobG2NFWZEW3isirZX4/cPaKXgD +UwtGZ0/26vxCJHnf6eD2/2xwckKbsL85lFd0M1U0EijL+/4ScJIf/LS8G9wvma5L +cB80m32axufatrhmkQmMXijpgLmyr0IAvdhQgmD3AA99H7BbFueUh6oggjHw2kVK +0QFgW/s+eP9M1/jOlkndALEWzxuuisZ24UFUHLmIGkLwRh955rgtfb4ILlvNhAfG +2YTn9q9eTURwKJDWFk8SDfQiIqDpqC6iSF5A5PAlC9MOO9Xf+kGsj2+wZ5MeERO5 +DTpQOMbM8mKbswmbDwLbT4D1sOCJEPzpYgpN0s+UQvbcM8DVe06z8x/4g1sDVM0C +JRqB4Oz4Nbn/BuqKeNYwwP59y5VNez0Plneny3SRQE0mA711n8uiF8X403U33+6Y +In3B53FPVWjCS6u06YRe99ZXsZ/PsoV0pL9wTqt1Q4m4Kqm5eRQe/Mj4+jmyKbqz +4S4H2YulRHxC/75vqQr3Ffsdk80pwX4Guwpsd3RwuxJ0rPYh3qm1fMIJ1TW7pOX2 +n1RuPu1/N23u6FfVn8oiXny2FbultJLb9X10EQMIIPyqO0Uch7W8pAa1yH7egLUz +wJaxcfmBfVGHnrftSZd49WNaD7WcivZbkZgGWPFT6I8b4wGN3Qh6UornqiPptLSJ +vDYGjPjxA0/sXx/8uLG9On4wrg4RpqUVr7drkJ7PkSGf3q3rVCdaV5HYRdb/Mepz +k+coJ4HOzR+BSN/tm7XgYZfCLPYBHuDmTsHY5a3GjJcKwY+S75sygYR0uG+5W6ai +bdwz3pr/aPB8GEKO+ARLYlowesn57FJRtNg+q5he+iamYC/EK7Oh4bs9H/rQGDsL +9VCrbN3UtqXp8CUUEEtNxBCrIVHr4Fv+/GHHk5vrCWEhVjg16Ww/Pz1UDIILXyef -----END RSA PRIVATE KEY----- diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf index 8d328f00b..8acfbbffa 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown + load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf index 8d328f00b..8acfbbffa 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown + load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf index 0f4c68fdb..5f39be37e 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown + load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown plugins { openssl { diff --git a/testing/tests/swanctl/crl-to-cache/description.txt b/testing/tests/swanctl/crl-to-cache/description.txt new file mode 100644 index 000000000..0e6f1cbd6 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/description.txt @@ -0,0 +1,8 @@ +By setting cache_crls = yes in /etc/strongswan.conf, a copy of +both the base CRL and the latest delta CRL fetched via http from +the web server winnetou is saved locally in the directory +/etc/swanctl/x509crl on both the roadwarrior carol and the +gateway moon when the IPsec connection is set up. +The subjectKeyIdentifier of the issuing CA plus the suffixes +.crl and _delta.crl are used as unique filename for the +cached base CRL and delta CRL, respectively. diff --git a/testing/tests/swanctl/crl-to-cache/evaltest.dat b/testing/tests/swanctl/crl-to-cache/evaltest.dat new file mode 100644 index 000000000..fa61f19fb --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/evaltest.dat @@ -0,0 +1,8 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org::NO +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES +moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def_delta.crl::YES +carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES +carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def_delta.crl::YES +carol::cat /var/log/daemon.log::certificate was revoked::YES +carol::cat /var/log/daemon.log::no trusted RSA public key found for.*moon.strongswan.org::YES diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..61ff4005b --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -0,0 +1,16 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + + cache_crls = yes +} diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..e84508d19 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,23 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + } + } + version = 2 + } +} diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..60c368794 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr +lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E +LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI +IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3 +GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj +MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOBhTCBgjAf +BgNVHSMEGDAWgBRdp91wBlEyfue2bbO15eBg6i5N7zAfBgNVHREEGDAWgRRjYXJv +bEBzdHJvbmdzd2FuLm9yZzA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fYmFzZS5jcmwwDQYJKoZIhvcNAQELBQAD +ggEBABxfR7BK9IlDFdycldmYVfL2W2U/2b5tEZx/n943wEhc+AM+J1bba3yTeo61 +6AOEhO7QeaNnsAY9ZIRHfH827Lk1dWjub88ze/rS7qmozStF23Rzs4BimeiMQ6xI +f1hJA1OiNXja2/lLijprevBY824Cd2iEq8LdU+9PIstsYKoLaSD/Ohilk4PGHIqX +unhdasBKogtvS/PxKWSq+qdEFgHjM70uaf1Tx6QnPS9sqo/qxAQqxKOLstRmXRd6 +ojkTNWRO1miG1rOQkMcc4L2nbsb8nYFrUFLw7PjeJ1ugPL6R+tVjp32OWqCwvWtP +SGaAJ/regpHs89VLbTKz1ybcqhw= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..61ff4005b --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -0,0 +1,16 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + + cache_crls = yes +} diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..47dd36684 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,21 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + } + } + version = 2 + } +} diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..ce570cef7 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk +fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68 +TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz +oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7 +MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw +Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0 +87ryFUdshlmPpIHxfjufAgMBAAGjgZkwgZYwHwYDVR0jBBgwFoAUXafdcAZRMn7n +tm2zteXgYOouTe8wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNV +HSUEDDAKBggrBgEFBQcDATA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fYmFzZS5jcmwwDQYJKoZIhvcNAQELBQAD +ggEBAD7YFpbQoRC0nte5t/hpoaxiOwE4Wm+rKexOt8zbYhUc0Yrw6a89LELdqoa8 +vuSAxeHAUY4VmeWLOy7rSf/wURmjdMGO2su3Db+ZaOcrA8J5Oqxv3IAhdBcO4PUz +e0Lu2+f8RyKhKUQGpkSJBIlHhv0APN6TBX0R8cvvZ5XnFKj+GNd7fT4RN5Qjp+9H +f8kZboA3/Rg2+JcWOWgNu9sjqevoqjSJiDV8s3n5QO1VRZi32DAgSMAWWorDdKtd +uMPizLDy7W1nSQGf/vhXDkE95g689Md04dul6vAerCdsf389ckjthCIUqAPoLWn7 +XZnkIiV5xba29D9dTq0QElCzU+M= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/crl-to-cache/posttest.dat b/testing/tests/swanctl/crl-to-cache/posttest.dat new file mode 100644 index 000000000..210685a90 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/posttest.dat @@ -0,0 +1,4 @@ +carol::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +moon::rm /etc/swanctl/x509crl/* +carol::rm /etc/swanctl/x509crl/* diff --git a/testing/tests/swanctl/crl-to-cache/pretest.dat b/testing/tests/swanctl/crl-to-cache/pretest.dat new file mode 100644 index 000000000..8f72f9cc7 --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/pretest.dat @@ -0,0 +1,5 @@ +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/crl-to-cache/test.conf b/testing/tests/swanctl/crl-to-cache/test.conf new file mode 100644 index 000000000..fdda0a04c --- /dev/null +++ b/testing/tests/swanctl/crl-to-cache/test.conf @@ -0,0 +1,24 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + +# charon controlled by swanctl +SWANCTL=1 diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf index 53883f79d..5fefdcdd2 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf @@ -16,7 +16,8 @@ connections { local_ts = 10.1.0.0/16 priority = 2 interface = eth0 - + policies_fwd_out = yes + esp_proposals = aes128gcm128-modp3072 } } @@ -32,15 +33,15 @@ connections { local_ts = 0.0.0.0/0 remote_ts = 0.0.0.0/0 interface = eth0 - priority = 4 + priority = 4 - mode = drop + mode = drop start_action = trap } pass-ssh-in { local_ts = 0.0.0.0/0[tcp/ssh] remote_ts = 0.0.0.0/0[tcp] - priority = 1 + priority = 1 mode = pass start_action = trap @@ -61,6 +62,6 @@ connections { mode = pass start_action = trap } - } + } } } diff --git a/testing/tests/swanctl/net2net-multicast/description.txt b/testing/tests/swanctl/net2net-multicast/description.txt new file mode 100644 index 000000000..82874321b --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/description.txt @@ -0,0 +1,7 @@ +A connection between the subnets behind the gateways moon and sun is set up. +Using the forecast plugin additionally all 224.0.0.251 mDNS multicasts are going +to be tunneled. +The authentication is based on X.509 certificates. Upon the successful +establishment of the IPsec tunnel, mDNS multicasts sent by alice are +received by bob and vice versa whereas unfortunately multicasts originating +from the gateways moon and sun themselves are not tunneled. diff --git a/testing/tests/swanctl/net2net-multicast/evaltest.dat b/testing/tests/swanctl/net2net-multicast/evaltest.dat new file mode 100644 index 000000000..e29f312ef --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/evaltest.dat @@ -0,0 +1,14 @@ +alice::traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +bob:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +moon:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +sun:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16 224.0.0.251/32] remote-ts=\[10.2.0.0/16 224.0.0.251/32]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16 224.0.0.251/32] remote-ts=\[10.1.0.0/16 224.0.0.251/32]::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +alice::tcpdump::IP bob.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP moon1.strongswan.org.*224.0.0.251::YES +alice::tcpdump::IP sun1.strongswan.org.*224.0.0.251::NO +bob::tcpdump::IP alice.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP sun1.strongswan.org.*224.0.0.251::YES +bob::tcpdump::IP moon1.strongswan.org.*224.0.0.251::NO diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..bbd60d849 --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -0,0 +1,22 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..89d616c35 --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.1 + remote_addrs = 192.168.0.2 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-net { + local_ts = 10.1.0.0/16,224.0.0.251/32 + remote_ts = 10.2.0.0/16,224.0.0.251/32 + mark_in = %unique + mark_out = %unique + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..48c4b8375 --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + + multiple_authentication = no + plugins { + forecast { + groups = 224.0.0.251 + interface = eth1 + } + } +} diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..68ba24a8b --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.2 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-net { + local_ts = 10.2.0.0/16,224.0.0.251/32 + remote_ts = 10.1.0.0/16,224.0.0.251/32 + mark_in = %unique + mark_out = %unique + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-multicast/posttest.dat b/testing/tests/swanctl/net2net-multicast/posttest.dat new file mode 100644 index 000000000..ba484f90d --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/posttest.dat @@ -0,0 +1,3 @@ +moon::swanctl --terminate --ike gw-gw 2> /dev/null +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null diff --git a/testing/tests/swanctl/net2net-multicast/pretest.dat b/testing/tests/swanctl/net2net-multicast/pretest.dat new file mode 100644 index 000000000..5b8d98879 --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/pretest.dat @@ -0,0 +1,7 @@ +moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-multicast/test.conf b/testing/tests/swanctl/net2net-multicast/test.conf new file mode 100644 index 000000000..579978772 --- /dev/null +++ b/testing/tests/swanctl/net2net-multicast/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="alice sun bob" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/description.txt b/testing/tests/swanctl/net2net-sha3-rsa-cert/description.txt new file mode 100755 index 000000000..2db82a941 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/description.txt @@ -0,0 +1,8 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates with signatures consisting of +RSA-encrypted SHA-3 hashes. +

    +Upon the successful establishment of the IPsec tunnel, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat new file mode 100755 index 000000000..1d9bd6434 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat @@ -0,0 +1,5 @@ +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..5b67bf37e --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/rsa/moonKey.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/rsa/moonKey.pem new file mode 100644 index 000000000..f24b3ebf3 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/rsa/moonKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAnD3x6bsLjwUP9BU0+hDSo28XBn1aM8+UO5n5XnnuQ8CDB+Mq +pEHgNve71FBD8Gqf2dha5rfRx5HhXbw6BZMCTdUs5oxHsaOl5LGwp8W4G1BSxofV +T7yzfnmW/+lPER2zJnXbOlVfW8UoEbsAfXpCr/edJvBu10kk1VHjrnMJIDGlNc4N +Re06DcYSb/7AgRN6umPQr+uRzn5jFXJyROjx00gH89GzZIaNciyiYwaCZFBduByt +UhaL8RKMA+MxWrB1ICQgE7hITZXvJJg2UuEe+t3lXMSfKoZHyU2sTBtctXan6rf/ +XmC0O3Bf7RTwoFmDvJlApgfpL1QIe8gH1hi/NukTYskm+zWYPkJAzcwCyMmyhZFY +v0r0pybLWI1hZ8xeTr7MSbtImsvxl8mxwG7wRtWS5BKd0kke/gorCEI8AYZj33NA +G58iX4+z745z4UNNTDg1bnjB2fTw4c0AD7TOIU76ZskhGKj4J7ZMzeQ5YXLMFRmp +qn0p9obSqXwg62dXAgMBAAECggGAHb2g3efv5FKHXePniK5JGjkcPe0AjZo20j2V +/UjidN0hVBAG3ut3PZ9cjqaUuB/ju7j2XLKi6QU4y/n3ZXY9Wwl4GY6cWxEWk/jK +8rStPe3FQ+s5TItT84A7oQ0NMunfXzPR/kGf/D0ESpO5HSl3pj1RGcdsoehXbY+/ +8kYNd6Zbl2lYl3X3tgV9Hvp0NF2739z+LW5++7qNK9j0LW/WEGzGrr+9ESaXqCMc +6hKkIWo23MQArf6Ctunb4yWNEIFEDi1r9DzMbZN/lVhDx77Q0KYLH1P31R5rOc1G +NYXPF4F3CSfUsgd48dB2/1FCTnDJ4PmOU/R1L8jAgnSOroTAYDVzY4DJ7vyKGvIE +DL7eKlbwOfS5swyANUKgHO6QiHt9WzcNUGpeinTa3wJ4KoAdG+lzDMuiwRFdSRRU +z7t1ptTf2LuCAtva2daP2SPed+ITg2QB6X4BSQkqR0vPYBQIZAtFjMWH78E2PLrD +01+LpOj8TBRerd834etDODg4ddiRAoHBAMiYg7hWfChw3SdnmAmkhDAZN80pvsUU +bzzAiQ5EI59JYMoi/amYyLd6hUK4Z8g4gcdXzBYw9iwJuj8LMpPBZlplAxVnFdId +23I+GNDmcX2ovOpl6skKy1grNhBigxRUQUGsS9oxrYeuy2VymDzeZPCQmrrhsXk/ +Mac237nncJj2n8I5RtDOoSOFD0+grs7MXs4P+W2HHzWgkN7mBgKeFfUPLI3Kyy3p +F7tXegtJqIJsXlfZ/fzR40QTy7/VbwAW/wKBwQDHZVDYtYe4YoHKdwtAqs/J08QA +29fGkM4ZawLNTY4jz9rdtOuBWg0FPAo82x21xlbRQLsaTKzy9O6a3cQ5oaKtKCh/ +XmKCssrnzJsYZYnhkP4f4VXK8nai/9LFo8TWhB8hNy62GGmfXffsqhAIqIqZA02F +/mOfR6Wrqs7yfzYnJnVsjbR1B2zSiNAYKtk1VtQdGjuagSn/dEyhSCaQRXotXUKX +SJDzPf/H2mj97Cg+3bCtdE/h//N1/cmV/5QEx6kCgcEAh1ua7oW1bBiUsuVNi5wu +8sHhjJiRuS0LzsPg9/Z0zyRVorCv2IRXVK/hQl9q8Ilo0VnmRkctphO+UJI+w8Nq +TK8CwKt55vnsvY83cac+h9uX9tdk8dpN0qX96lp/NvWPv0ADQy3oebkyWLdWESTE +miwJrPdkqXtCByKZHzoUGbO5o/bAWWBFDdHYvhOgQb1Yb9YJqqXWInrBpxcykQuZ +p25g0yE3rzgtomXp3boLck6r7r4TjEkZATQWddERAM+DAoHAEW4w6BDOYXbzA6Du +ceO8sFb7vlt5fFkyOxSYtRu/fi/wYQssvy0BEGEUQAejjD1fX4F6Ga10PPTeWtli +CuuvTdXB3IiCsgwxIpxHPpW5vOcw39aR6mDRsCQO58oOLfZ0xjGNustdiFntj1m6 +dxdMrl2UjE8VpFneCKiw2I/4SunYv/mPOd/BSpI9Jq+wNzJ07mpZpYL/Cd6/yCWH +gXshWA/b/1+PlEPqNS1JmlDnn78/b5pIVWhLfxgFZEBoTxapAoHAY/58nLcWpvpY +3IZC0fBuR7usTACbxr9Z4okHzJUNnoJe+MSE+wQwuE3nP+vc1CrmBSwCjN2wyVLc +gy3idN77NthU9l0oElrPbGFKdFEaa85IcKtnfnspzmvo9AJn2wveZUAlZAzu2zBN +vKI8ubXgoS56uHQnNsWOIugTW/P1I8FnlD4jPItaACGJ3yZWolh9g/WOGS29qJvV +E/6hT4QPPXPZFEnOKO0/3YsMXBwcnEqm2mQ+c4rGMKrTcynk4KaE +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..9034651e7 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.1 + remote_addrs = 192.168.0.2 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-net { + local_ts = 10.1.0.0/16 + remote_ts = 10.2.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..bea7e81f8 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyDCCAzCgAwIBAgIBAjANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzU0N1oXDTI2MDky +MjEwMzU0N1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcPfHpuwuPBQ/0FTT6 +ENKjbxcGfVozz5Q7mfleee5DwIMH4yqkQeA297vUUEPwap/Z2Frmt9HHkeFdvDoF +kwJN1SzmjEexo6XksbCnxbgbUFLGh9VPvLN+eZb/6U8RHbMmdds6VV9bxSgRuwB9 +ekKv950m8G7XSSTVUeOucwkgMaU1zg1F7ToNxhJv/sCBE3q6Y9Cv65HOfmMVcnJE +6PHTSAfz0bNkho1yLKJjBoJkUF24HK1SFovxEowD4zFasHUgJCATuEhNle8kmDZS +4R763eVcxJ8qhkfJTaxMG1y1dqfqt/9eYLQ7cF/tFPCgWYO8mUCmB+kvVAh7yAfW +GL826RNiySb7NZg+QkDNzALIybKFkVi/SvSnJstYjWFnzF5OvsxJu0iay/GXybHA +bvBG1ZLkEp3SSR7+CisIQjwBhmPfc0AbnyJfj7PvjnPhQ01MODVueMHZ9PDhzQAP +tM4hTvpmySEYqPgntkzN5DlhcswVGamqfSn2htKpfCDrZ1cCAwEAAaOBnTCBmjAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVghNtb29u +LnN0cm9uZ3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdHwQ7MDkw +N6A1oDOGMWh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEz +LXJzYS5jcmwwDQYJYIZIAWUDBAMOBQADggGBAAHZATrdzGmUIq+0+EdA1AbPdcaT +UDKJvDS30JyOkUnAv5jr63PHyfw+RS92zgE2UyB4+u43BiggBNmTNCjpaEUmViAo +tdywkzIKm7q3dr0078IZ8LU8Wo+hoeRNkBJOxdgflsSislQYDeTd7syoQ4BW7whs +jjFK2Lbthd+/33Iw3LMekYuZF7ZUbHY7D3nlBidrmTIQQCvOnsW2lJi/S83FEYzl +noK+of3eo4Ryg1/428FHts26PxSmnHv+ckj9R4Jf5kH8kd1WhrgDyHQMnihWlUJ2 +pintDBgislbZytqiBOGeYpbpxKl57zHs421wmUs329asu7zgfJFnCynkUgvuRXdc +gDJ+DAiVaXCJlYnk36P87028SR9/C0JLzHA3O5CcfUdFEUs0BvVe1D3b9kC28rdA +5V86DFCL+gp6rB+wDtq6YnCddaNk+ZCs/QAPidqOFAytaBBKaagMIFk+wlsFge79 +ZssIfKy33Frluw0HCj0LNs2tjWvG4Ku8xkFO1Q== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf new file mode 100755 index 000000000..5b67bf37e --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/rsa/sunKey.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/rsa/sunKey.pem new file mode 100644 index 000000000..a694bbb8f --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/rsa/sunKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAuoGEVV6htuzLZd7oeZHYznMbBLffOz2l+t0XqHTUA44eM57K +ZZMDAcc0gZvZWVFNDmOWpXpxbSQozA8Dgb9b9BYkNWHKW11rwSHq5mzmjBME394p +DvzdV3tMmSGrhS00EyFWXLnpqrvkNTtiIm6nNHidrqM4ixbXiebOjDi3Z1vIJHOu +MiUBe8KvZ7p8q4MpRADpEB565NWd+5/Yy4DECepBcmQn+9Pn/6FvdYfodBin9QyO ++7xsgQlnx6XI1HeiMdB6EE8r4AOVbZWseEJkUo/ZhsQk5tIYKZB18vo/8nnAHn6r +ez+belmo4l/3hctRn8t08Lp7TRxnIUwGL8b8BxtAkR9T09duwE1KRt4h/PsCRx1H +WKN9g/KsOi8ZPrBiz+hoHhIv+pvQ4ciEuC1Zf6AelEUnI/Rh6RuIkEjuisNk6zL6 +Fi9J2RWDTXY5vJdUTbmQhoQpbmX3yWdJyLn9vLaK/IDhaguYOuiUHKY57jWXZwW/ +bD3a5wi08JLCb0ahAgMBAAECggGALeWxq1Cee2XKqEcy7rf1otiwzXhydyG0twex +ysL1aeqPhCSPqm+DTey3/y1bT5+yVtgrOo3nW/SKFa2cL1HoTykjv/9QzSswWVb/ +d7VVByOnD3CcqhOQZPby4rxmeV+mcQ7DMg6OcnXKs07p149jloYYR+HjCFeWs1kZ +e2h5ufXcSxwswipZMxu2DtDV3V9pyFJxCIZ3t9jaCBJOR8ZoeAguEviS3mZHsaEI +zOOlUOzAaI2uokS8bwThhUBHLAJEe5hglKtu5N1QGUo5x62wIK1+4McKqX5cphvW +63N5P7yB30hfc1xM9VP/fi5UzmgccNmHl3ErJX6EbHbVNUv0a/wI6cp+s/DQRZMc +Injr5BJIIFbzmqYST+UxEwtxUL7uV1s/eTXwsFxfQPJnx8rWbeyvGJHU6VykWJ2n +vHmOItgaw4Lm0iw5XH2g0QC7nYFW6qC5sk7LIS3xUzN73JWjV2Z1E5nLfKxZ9sXz +aA8WNrMSHUM/KkFaUri1xoH6gdABAoHBAPfA/gcZaoMemP06BIWKwgb/91GRsvc+ +slrmyZy+nq2bQaJw8oYyUmgWfh9X8pD6eVQN7jJBuA3BMg3L4Vn/R65rcwwYKA20 +pHgZF2MbwRlbBDtFQJe8kmwFu+TkHpGcoo94V6MdpbqoRKwQs66WOcjp4vzRLOL0 +ueynDrAPxpOaNIsr66s7xjd01VwEXYlfOfNBpOF/+3vN+O++k45/rnlEWgLeq6ie +1xkv9vZp4FuNf6gnBXcNhu8aDJvJEMfxnQKBwQDAtqgE9K7Rhq9ht8w8P+QZUGYL +c8mL4IGsPgmucuuheeWpmvLuAhsTxWBQhrO8/eEK4je+li6R/x0HYqgytsnOxlQH +xH8ZsvouPtacUF9pv8x7GLnGlvdxdQzmnjYqR5MzFEX/L8+8skiyY95V/kNiWE/T +X/Q8JgqyQ7VlykHtaToYchEhgY2m2Zxw6YhrI/ghtlP6NwOJDYsFxe7cfVvBQj9K +qtwAidr8pKSLyJFaot+dAdSqAYZxiO90aSt/i9UCgcEAjzv7YR1Xj+CjsFrXfGFB +VYysbnMelYSg1p7w1nb6BAJrir9j5yO2ssi2N+a/rQOyG19GY7XM897K0mEZss88 +oOEsDUT1+x6Bq5FODRVhqQgOxTl/Y3o46MzT2TvtVF/LN8jqWbptMyHPOe8aAoiF +dduKSIGiQsAbsW7PtggY1QLk98T3pfKT4UHhjCZV8XKlbTZ5XYmBWg01q11xr4Ov +2hojM9+KPJ1AXCZ3z/RcKnH+6LdOmIqwhRF5UqOG2SGdAoHAEA+pFTCnWUMWXtiI +pwTUJ9/xgUbXJ1dAt3A8MlPVm5GjOG13jaqTQySSEGQJmti15shPyQyPOQ/ABZuN +VRyy2Q7idftEdIncG/qUvFZefVvE2QWIhiqS2NvehWHuNbvdYsZvxwLfF2TsdiGo +qBYW251smbtHibPJ9G18Ms2WjQjWFK99CgPYIG3GggqUmglXZsfhW9s16jg8u/Bx +JeM0wHia+cgfqdPTcnbuV9ARfTJR3K4IYVrbL58wBc22GF05AoHAQvhfvtieWCJ8 +ATqOBjOcUHJ2WLiOslWsYOoqXy7v2YuVt8XFWAWZmLlzcC+8Tv79lCLpOmpiseQw +kP9Mihi+8T15AmRUUsPREeGb7wCDNbd/KixPimhnelNGPNAV+6DPonSa4WcF9jZk +nDa51PBPWCEPB5GHdbg/E5yiWMbr63bcTQNZxlRDaljNSRPp8xprs+JT1AIZI2wq +hEyK6IMjYIj80jB8JZIM7nNgRhzCKCo7RdR3JMb5tduOgzvEheC3 +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..2b9ddcf72 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.2 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-net { + local_ts = 10.2.0.0/16 + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509/sunCert.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509/sunCert.pem new file mode 100644 index 000000000..f1c086ee9 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509/sunCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIExjCCAy6gAwIBAgIBATANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzUzMFoXDTI2MDky +MjEwMzUzMFowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2FuLm9y +ZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALqBhFVeobbsy2Xe6HmR +2M5zGwS33zs9pfrdF6h01AOOHjOeymWTAwHHNIGb2VlRTQ5jlqV6cW0kKMwPA4G/ +W/QWJDVhyltda8Eh6uZs5owTBN/eKQ783Vd7TJkhq4UtNBMhVly56aq75DU7YiJu +pzR4na6jOIsW14nmzow4t2dbyCRzrjIlAXvCr2e6fKuDKUQA6RAeeuTVnfuf2MuA +xAnqQXJkJ/vT5/+hb3WH6HQYp/UMjvu8bIEJZ8elyNR3ojHQehBPK+ADlW2VrHhC +ZFKP2YbEJObSGCmQdfL6P/J5wB5+q3s/m3pZqOJf94XLUZ/LdPC6e00cZyFMBi/G +/AcbQJEfU9PXbsBNSkbeIfz7AkcdR1ijfYPyrDovGT6wYs/oaB4SL/qb0OHIhLgt +WX+gHpRFJyP0YekbiJBI7orDZOsy+hYvSdkVg012ObyXVE25kIaEKW5l98lnSci5 +/by2ivyA4WoLmDrolBymOe41l2cFv2w92ucItPCSwm9GoQIDAQABo4GcMIGZMB8G +A1UdIwQYMBaAFOTJzYzyiG0dpy7XXnkxpWZVNc4CMB0GA1UdEQQWMBSCEnN1bi5z +dHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBCBgNVHR8EOzA5MDeg +NaAzhjFodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tc2hhMy1y +c2EuY3JsMA0GCWCGSAFlAwQDDgUAA4IBgQACXiUqwisoOZUH3CPfi+aGaluK3mO7 +nj/gX5X9oE2JC3haWjbnC9fsKai72U8makp12xCpWjHsuiytVlXiiSCRxBGAaFm0 +cy2AI4Ttj+4+GAaI4BkqYBTApdSSXXUH3X4Lwb4LReX+16TsJ4E+d2U/j70gyGRK +F/KgkKj/Bi4F//4/uXHPbgp2istKmkQ4wlcUb5EdM0tUiAUwYGMhdUhSryq4+7y8 +1QaPGg0Zv3nvGgoj332BOczflmNzoonXcihZk97iMRc/TvBOoizvuH9COCSbw/AB +hnVG1lyTQjBAcE2U4MP5yUVuIqBgPnKtbyN3gf30Iq3g/ThVekchrYGO3PWMWAzS +ecfr2yN11BC6nDca039Yub41AuzQqBQR1gY5sHouXNTx4Bs0g4xk+3rGa8MMgI0+ +jXhDVAorQFYuACDuto6skRtkcmXJ/1psvVEv5dcKAHdZCNKkgtXe2XoVvrjNxnPw +MTVros8o+8Bz2R4qArLjwrZtvYI+czZx6dk= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat new file mode 100755 index 000000000..30d10b555 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat @@ -0,0 +1,5 @@ +moon::swanctl --terminate --ike gw-gw 2> /dev/null +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat new file mode 100755 index 000000000..b128bef44 --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/test.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/test.conf new file mode 100755 index 000000000..07a3b247a --- /dev/null +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt new file mode 100755 index 000000000..e9ea4aca5 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/description.txt @@ -0,0 +1,8 @@ +The roadwarriors carol and dave set up a connection each +to gateway moon. The authentication is based on EAP-TLS only using +X.509 certificates with signatures consisting of RSA-encrypted SHA-3 hashes. +

    +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both carol and dave ping +the client alice behind the gateway moon. diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat new file mode 100755 index 000000000..51bf8c1ba --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..3b492f0d4 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} + +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..db6c98d89 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAw7ArNq1Cs5RMc1MuHO5BZAIAc9v04THLSpCs+zNQlyJCXaij +siTQUbATyhgB5O11HKh69J8PRITx+dqIW/are3KGAKbvo8G5AgVOPhO+X3n7iOwT +PqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9Js36gZegcm/w3d0QVOPUIEMWpSMIHCAm +v6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8djDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH +8akPB6NgNvFVUZPK4EQfr19JNAQp7KbPA6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj +4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfubaGkFE4AKxUEGcm0N4gHXo1PBj7hayJJSU +IuAfoIfmkorqrPTp3bRoH2NWmMveBU6W4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9x +KPeiD232KeBZdpK4vs1ewkzftWmOVYUBG0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7 +Z6iqH7hQ9gNGOe+NAgMBAAECggGAKuC3F0vviZm9Bqf7OquZ+GfX4YsYpR9cBAKf +ZIth5TvEfvEsrSQT4VJLg8Su5ZKCTr07883GcqUOwEh6CGyMNohphEsPxznzZ9Xx +xvhchl8cFmxj6x9woYEb40hRQp4gUO7f+nW1DfpssYKIlbAca7jlly2gAX0mzvL8 +z/TjSVvbsw34b5UNS5LZmCrfVLkSEscQbvWM/cECgnIJ72fxmC8NvAIZ9ZNSLpyk +lDuEeNU+2zBQtUrt2CacNm263B0dvHrW9QSTdi1GvIjxhc3ab8OT0ZDNzo/S2eRJ +InN77gwkYgEu1jeloBsicG4ZAAdbQU5/X4prnJIy2novnA/2C+hrmpYDhxqOT4Uk +AhoMiyvrJF6rxPZj+R5qzc4RUzZapcXUNzH0lCwtwd19Ogfw38LUkHCtqQQpleme +AL7FeVDXDu9oe6c5YrZihehT7p8ExKwlwiWy4u2bnoip77wOCuLo+D6eZpt64w4e +XiHpWtmkADqhfzMgt/WUMpD/+gcBAoHBAPTa6zMClhGP6su624Rv9HSVClacXR7d +zJNo5stnPierfcIZs8loWthR6AgGx36q9bOqtfIdFRc/PajF7oggnTcxMBZdCoU8 +Oi3vWEH+aIzIX3KICUjRYjj1kpm9xcy7XPGc6bEit+PM1DJ1jXCTiC30uQpavNxr +klV4+ROIt9MYsb3tQw7CO1mGNR37jAEUqbJ7sK2OnvmjZPJlwJs0AyN1j7ZUihDO +VT5UhjwB4KUH6BEirXTkoaDxZwsRfR5SaQKBwQDMmFm2M8J9AOxgrYTY80YIRQpy +vrcX7Xrzn4Lu8M8Xr6RlS5bbXApAH7WtRHGlIj14lItmvZpRSOTzawtn65AzeIUF +82/EMxLJaGjMBviTyNy+ta9wn8Qdy5c2ZZ5dKgsQ4PprSkAvNOnpd1wG48pbGg7/ +n3tVs9zdD2wa35KVjoyueu9Ls9BbND8v7OYmkmSNqFlA5KuLIeQkuLNxjxQsV5Vg +S8pyg1jlYs7KmYs9GIFHAVEf5LG6a/3huWfuR4UCgcAGWfdn51VFN1p71mkDUnQg +4gzWmk/AETjRShNSi2cNWGF2u3vyaYaRve4q5yIdowmkk3UMxrxZUgajbh714QKy +/8+jhN5U/m7z6hV8AMFthXUUX3r+LJBDsfsPieCrouCSU+Or+J6Uhieq92mn1eve +ZU63egsUHKY7GVw8qXs7OpTBvHnU1Cz98YFHOdMz4/lS6+p1VhHBn/9qWkFYxUyf +itkjfaXnMbL8XuzseY/+N+pJJ4EgWx3mMtzdaKK6OqECgcAttOdt1fhgFsG4A2vH +T+nYVRw1cDfVJ5+tJ3iHytJpFzshyhZEoTZFBxB+SekdnB2hf4X5COiduiwz2Tku +GSkY5pbJMo5IhaRvzFyFIBWOZnQyQsKT5Y1Znq8EXwVXCNp6BdjL+UWHhkmvd5Pe +kisV2Sd6ofVauxjfZd+fzUyhDryNCjfFcMFebrijC0iLW28NWou9/Jf6ODMQpRap +iu5Vzac4YRY0KPXGISHTjyPVHVFcPIYUGvI9lHyeXd5DFEUCgcA9s3ei/H000sC6 +3q5iELW8kxFCpwvu7uKCFfakAqQn8nponHEUgRS7eLjzS1NB0qysIiOMtZPAVMCz +puETLsi9PxD8de4RyEyZC2yd973j+TqFQmPyiWF3QNW55zM2iELW5sGeEVk/Z15c +nlItcy7KOJOJU0TAKvUUjr4ug5N7sVSN1aeF4tiaFz0GFIqV3qAkcTMfpaOKfuSc +huiHBdBaY7m4uNK4/ZOi1JitocO7wpRsX/eRJ4AuNrro8EHHAe0= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..229b6022c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = eap-tls + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..94f2c0a19 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtTCCAx2gAwIBAgIBAzANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzYwMloXDTI2MDky +MjEwMzYwMlowWTELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw7ArNq1Cs5RMc1Mu +HO5BZAIAc9v04THLSpCs+zNQlyJCXaijsiTQUbATyhgB5O11HKh69J8PRITx+dqI +W/are3KGAKbvo8G5AgVOPhO+X3n7iOwTPqtaAlAa4/qpVyD/RSfOiQPXj+SFtBz9 +Js36gZegcm/w3d0QVOPUIEMWpSMIHCAmv6Ji/QHyOEVyOuiW0PTKVxqY8iFgnT8d +jDo0xWU40RNcIC7qyMkmGD8xR+kIbBcH8akPB6NgNvFVUZPK4EQfr19JNAQp7KbP +A6tlzRxR6z0eL57zRUU47g3cf9Ie1zNj4FrIfv/+nA9ZVpR/DsGe3qmJvTVDfuba +GkFE4AKxUEGcm0N4gHXo1PBj7hayJJSUIuAfoIfmkorqrPTp3bRoH2NWmMveBU6W +4c8Vocv4ceWmCsrodcNdzqcnU4QGFc9xKPeiD232KeBZdpK4vs1ewkzftWmOVYUB +G0X5oNNYoT54Qr8YXTWTI/3Rp7TbVGh7Z6iqH7hQ9gNGOe+NAgMBAAGjgYkwgYYw +HwYDVR0jBBgwFoAU5MnNjPKIbR2nLtdeeTGlZlU1zgIwHwYDVR0RBBgwFoEUY2Fy +b2xAc3Ryb25nc3dhbi5vcmcwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5z +dHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLXNoYTMtcnNhLmNybDANBglghkgBZQME +Aw4FAAOCAYEAHxkcN7plS2BvO/yXxE5WJ+2k9IP/IupuE6ChuFHDq5SrGNMsStsG +sGpV6/yxvLSHchNGnGMIOyLTMzKgWy5dnDy4YX2FqZkI8ZBa0FJ9iO2IxILCsmyw +ouShOv47YkNuAzJWIZjRz3+7mNhfX3TsdEr26cNKf1JqawTyFCDq0t/UYS6K/8O+ ++6Q1kmy2mRgR19XkxA0ts3xno+eeB0NelnVEjJwqZPFgmVYK/2T4fUKraJyQzwhp +xghLtlmwNuN6jetB4Z9k3hQQaPlUy2wxrqdsNfV9Ysgy+3LcI2ynoFMYShrS4avW +FI2z0hb8sDkvS4Knif4UCv14Gycb/8nSgiingEMU+UmPOxwUl79/99e4LvIaslp4 +S0AiLwe0Tz2NqQ6uhvVppw3lYptIt+EK042cYpm/CPTMlMhT+Pi8l/POWIdquNLp +85NuiVBbt3wMff+qTu+/ppyQsytTfDMD6XLggorLni/Owf9PoBakcdGuPW9MAUTf +6Idv0tl5T0qX +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..3b492f0d4 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} + +libtls { + suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem new file mode 100644 index 000000000..85ad0d826 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/rsa/daveKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEA2tDIPF4nBGWCGJrnrV1npIw4nz24u1siDlD1eS2o17sYTBnf +zQGkayW9dw/hhy3bGNrsGmuwr/lTMn1g3Kg+UQ0MNIWGPs3UWLeB5OBjQ4mWTmHK +l0Aov2QnFO5PT63f57qwZOBXMLJzIdOlBJku5kxBu0qYT/FsX40KR0QSzl5at7QH +5tJ81eBHuVaLEJrg5hYkqaDltGvisUeUozo5sijMfNvJUbwYQtL7UQrAMyFDAHqH +kx/RaOkOP58FdmzTihqRXLObVVrOMWq6pTARCssdDhcA/y2QtcQzftCbID9/+hMx +8yRyD0FbPcDC6CvrxVzUTyqBNjW9ZnrDfIxrqiRna7Fnjfq9gDYxYtDXGjvx1PdI +p1ZgiiiQ0BLWQV8w+ujKgM52wy8YMdnCTDdcIVmreo02amu4txX3wf9YAeGtQ5gN +QkJSooZEjwOnqVhiqNDEjxDgoEssAJ/VQtSwj37Ug1AFZ9bB2x+YNtC5b/Mj0Y4o +k7mO+ButDiTzkw53AgMBAAECggGACY1lwGTn1SRNSp+wj3vtY1yPuDvsjZlL4k4c +eT7KCSjsxZ23jG6O6/KI0+LImKsiznH4LqsW2ofK3wBkMx3RIp6sMrrFgoZfx8Oz +EvfMvY0LF77jJjkxzjEkF6DTq4nOpYIb4zt78u9HYWmo4YuCZaFcmT2Haq4CaiVx +Fm1dWM77rNtaIPR9aKTS3L9vcLkiKkk7LoCMppSzH8QdNAb9r85iJu09W6kXcgtd +10rd2x2PnDy9IGoaLTdHXPWnOmVDviFgCp9zxBk4g/SWDR2AdHOgg3D2mvOmFkVK +SLxr8RKhzzQfbRQuV4F3so9QVfkKyH8xsOpjAqjQwJC1LIWMJipzmc8o/AnUw0Rj +UvU1sDYV8MHimgoftG000vB72hws8tv/XQHl13Tig8y46lSOYxavBJZuHjPPhkQF +YlsfyUV5B11EmlyZ+KsNCHj9vXGRL6bw3Hu1UeG5cnXBXNkPq7ssNpgwdJrpqcW3 +8KWtl7w/b68ZLwyMpxKbmUNIyNkJAoHBAP9KBnqa91RA8gg0/Kp91NLiNXT9ibN3 +cQ6Y6HXuCWrKIKVKMmxRkhM9lMzOVfVVw5ydWZ3B5tzMiIfVCnyzs357vxBGsQEk +TQ9I/kdFuR1gSMZVbXSH1Cbf/Ealg7j/w5/3WpQSaszUN2dmkJ64I3iEWELjT/VV +RaxEhdNmZiRieOglkpvt+4X2Cr5oKXUofb11QX8bBmPnZklWUTuEfQu2KFc7T2im +2ZonJKdxRMMFcnHqS3StX8OYqK8qqTC9hQKBwQDbbMIAp2omxd+iiN4hCIgZ1mK3 +HzBBwam6A/ZLqbByB4Ch1TNRK959xtJW6FLibZPYCi12b1ILwjOVO7aQHKnhKItX +rhwAdhaBd3tJTxu2jDB0Bx1UkKbTDQ3bipnLY+VX/r/rMKbRsWgzejLs/CjafOj7 +OaFSpQOiQfOkpGKpwTab2H0CYqCMxK/4VYBP/NWwM0o0gaL5dJCjZ5i72CnHtmx7 +3D69TCieFY7RiDyf4Pix0tonwD5FfVHfH1SpjssCgcEAxJIcYQW4EhEcDIO4VhMj +7+msndOn1x/OVx4YSM4sRCU1c/Co2M0KfHQ7gmQSviD2yT5DxfyLJlL7ghPhylmY +iXkBiqfUHXv1NiLPYNPoER2Vi9o1uLfp/LEVkNRbk/SkjiUpgsCXqfZyXtUT4JML +BP5q874SUGcDif0NStUbK0MDtEVSGWzq8qCcbzbHTWYLQ/non9WQWxbPpQKo8/o1 +SvJNJ7YMlBl9jnw7dg76kmw8TkjJJyNkjLickpx3wIb9AoHBAIx01s6SW9nL6fZh +xEbC7lQTrobn2P0OmbWv2ZXfXknv0YBGOB4qhbZfcb8d4gh8+hldknJwmcVbH6fU +XG1tW7T8Pg33LoeBD7D6KZnooKW+oTl0YGsEWTVZ8tfopb/TBzjHolRLhU1PUZM6 +EqUuWHxbXsuJvWForaXMr8hhTaK6QlmKP6MqPPk+4iGFoagSATtT6Zkorokd+4QN +yW/c1Am6FUFH34VO3eUriYtIuP3ihW9WuDyfy3yx1pmLtab/9wKBwQDbBXYm9ugE +wRSIxCywJ+aPNRQKanCKORwQMNJZ80rrXIs7saomY4Os+utJpOhoksTJB7mAn3ij +kopmXn6NOsXdOlp9Ty55YRylGmOIQpsO7kSfylE1NFioHqksuQndbUwZFbskI0cN +egyoihqnbfoLyxGu1/M521IseW3AwFIc0gAGdQ7i4ZXVlXOXWvdZFxnpd6PAfFMb +J9mOicxHQ6Yv5b30RUvSIN+LHnUNGGk9XAxCH/jKtU7886jD6f34ru8= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..adf9326c7 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,28 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = eap-tls + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem new file mode 100644 index 000000000..c5c769cb5 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509/daveCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIBBDANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzcwN1oXDTI2MDky +MjEwMzcwN1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDa0Mg8XicEZYIYmuet +XWekjDifPbi7WyIOUPV5LajXuxhMGd/NAaRrJb13D+GHLdsY2uwaa7Cv+VMyfWDc +qD5RDQw0hYY+zdRYt4Hk4GNDiZZOYcqXQCi/ZCcU7k9Prd/nurBk4FcwsnMh06UE +mS7mTEG7SphP8WxfjQpHRBLOXlq3tAfm0nzV4Ee5VosQmuDmFiSpoOW0a+KxR5Sj +OjmyKMx828lRvBhC0vtRCsAzIUMAeoeTH9Fo6Q4/nwV2bNOKGpFcs5tVWs4xarql +MBEKyx0OFwD/LZC1xDN+0JsgP3/6EzHzJHIPQVs9wMLoK+vFXNRPKoE2Nb1mesN8 +jGuqJGdrsWeN+r2ANjFi0NcaO/HU90inVmCKKJDQEtZBXzD66MqAznbDLxgx2cJM +N1whWat6jTZqa7i3FffB/1gB4a1DmA1CQlKihkSPA6epWGKo0MSPEOCgSywAn9VC +1LCPftSDUAVn1sHbH5g20Llv8yPRjiiTuY74G60OJPOTDncCAwEAAaOBiDCBhTAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVgRNkYXZl +QHN0cm9uZ3N3YW4ub3JnMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwuc3Ry +b25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEzLXJzYS5jcmwwDQYJYIZIAWUDBAMO +BQADggGBAISXAxemOSUmXqkf7cgTQHpreMH1Y9LPJxZUUq5GVErmPzhLaZDSqZSy +ZXcu3EWPA0RElaYBd9CSgFx0I89tw41dIYOLDyLnrEDHmcsgcJl74YYBSzebB/TJ +OGXtV3S9M9OF1vSdugaXI1hDXck7cODUR6nyZAWOp5kBSItAH5bglCRtaQlAuSxM +wRWYhBErUR5tZvu0loCN+11hVg/ddQ3r+FeHUt35KNenxkd6hWlHljbPv/eTtqgc +/5VGEC96I2rD6WNcszj/SKK40zA9GuF1mIwNKEdcYnPRxoszlD6C7cdGJZ8VpJLc +d7sO0QJur5HNtj6oUbM3HuHAaZBjg7uh5GDj+RehhKCybYyJQ1fu4iRaNYKdPwZh +/F6hBRLytkt1qjJhngmBmQU4Ent8GL0Zn6Q8/HvbTP/xw4VXkY9JHdMIkzH8zokd +TVjkunPPt+zdzeMq4hOewYR8HfiKcAnNUG7eO6PnUvC2NKsqX8a7/z0OV68XybZs +gjC1FqvMvg== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..646ee0e4c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem new file mode 100644 index 000000000..f24b3ebf3 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/rsa/moonKey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAnD3x6bsLjwUP9BU0+hDSo28XBn1aM8+UO5n5XnnuQ8CDB+Mq +pEHgNve71FBD8Gqf2dha5rfRx5HhXbw6BZMCTdUs5oxHsaOl5LGwp8W4G1BSxofV +T7yzfnmW/+lPER2zJnXbOlVfW8UoEbsAfXpCr/edJvBu10kk1VHjrnMJIDGlNc4N +Re06DcYSb/7AgRN6umPQr+uRzn5jFXJyROjx00gH89GzZIaNciyiYwaCZFBduByt +UhaL8RKMA+MxWrB1ICQgE7hITZXvJJg2UuEe+t3lXMSfKoZHyU2sTBtctXan6rf/ +XmC0O3Bf7RTwoFmDvJlApgfpL1QIe8gH1hi/NukTYskm+zWYPkJAzcwCyMmyhZFY +v0r0pybLWI1hZ8xeTr7MSbtImsvxl8mxwG7wRtWS5BKd0kke/gorCEI8AYZj33NA +G58iX4+z745z4UNNTDg1bnjB2fTw4c0AD7TOIU76ZskhGKj4J7ZMzeQ5YXLMFRmp +qn0p9obSqXwg62dXAgMBAAECggGAHb2g3efv5FKHXePniK5JGjkcPe0AjZo20j2V +/UjidN0hVBAG3ut3PZ9cjqaUuB/ju7j2XLKi6QU4y/n3ZXY9Wwl4GY6cWxEWk/jK +8rStPe3FQ+s5TItT84A7oQ0NMunfXzPR/kGf/D0ESpO5HSl3pj1RGcdsoehXbY+/ +8kYNd6Zbl2lYl3X3tgV9Hvp0NF2739z+LW5++7qNK9j0LW/WEGzGrr+9ESaXqCMc +6hKkIWo23MQArf6Ctunb4yWNEIFEDi1r9DzMbZN/lVhDx77Q0KYLH1P31R5rOc1G +NYXPF4F3CSfUsgd48dB2/1FCTnDJ4PmOU/R1L8jAgnSOroTAYDVzY4DJ7vyKGvIE +DL7eKlbwOfS5swyANUKgHO6QiHt9WzcNUGpeinTa3wJ4KoAdG+lzDMuiwRFdSRRU +z7t1ptTf2LuCAtva2daP2SPed+ITg2QB6X4BSQkqR0vPYBQIZAtFjMWH78E2PLrD +01+LpOj8TBRerd834etDODg4ddiRAoHBAMiYg7hWfChw3SdnmAmkhDAZN80pvsUU +bzzAiQ5EI59JYMoi/amYyLd6hUK4Z8g4gcdXzBYw9iwJuj8LMpPBZlplAxVnFdId +23I+GNDmcX2ovOpl6skKy1grNhBigxRUQUGsS9oxrYeuy2VymDzeZPCQmrrhsXk/ +Mac237nncJj2n8I5RtDOoSOFD0+grs7MXs4P+W2HHzWgkN7mBgKeFfUPLI3Kyy3p +F7tXegtJqIJsXlfZ/fzR40QTy7/VbwAW/wKBwQDHZVDYtYe4YoHKdwtAqs/J08QA +29fGkM4ZawLNTY4jz9rdtOuBWg0FPAo82x21xlbRQLsaTKzy9O6a3cQ5oaKtKCh/ +XmKCssrnzJsYZYnhkP4f4VXK8nai/9LFo8TWhB8hNy62GGmfXffsqhAIqIqZA02F +/mOfR6Wrqs7yfzYnJnVsjbR1B2zSiNAYKtk1VtQdGjuagSn/dEyhSCaQRXotXUKX +SJDzPf/H2mj97Cg+3bCtdE/h//N1/cmV/5QEx6kCgcEAh1ua7oW1bBiUsuVNi5wu +8sHhjJiRuS0LzsPg9/Z0zyRVorCv2IRXVK/hQl9q8Ilo0VnmRkctphO+UJI+w8Nq +TK8CwKt55vnsvY83cac+h9uX9tdk8dpN0qX96lp/NvWPv0ADQy3oebkyWLdWESTE +miwJrPdkqXtCByKZHzoUGbO5o/bAWWBFDdHYvhOgQb1Yb9YJqqXWInrBpxcykQuZ +p25g0yE3rzgtomXp3boLck6r7r4TjEkZATQWddERAM+DAoHAEW4w6BDOYXbzA6Du +ceO8sFb7vlt5fFkyOxSYtRu/fi/wYQssvy0BEGEUQAejjD1fX4F6Ga10PPTeWtli +CuuvTdXB3IiCsgwxIpxHPpW5vOcw39aR6mDRsCQO58oOLfZ0xjGNustdiFntj1m6 +dxdMrl2UjE8VpFneCKiw2I/4SunYv/mPOd/BSpI9Jq+wNzJ07mpZpYL/Cd6/yCWH +gXshWA/b/1+PlEPqNS1JmlDnn78/b5pIVWhLfxgFZEBoTxapAoHAY/58nLcWpvpY +3IZC0fBuR7usTACbxr9Z4okHzJUNnoJe+MSE+wQwuE3nP+vc1CrmBSwCjN2wyVLc +gy3idN77NthU9l0oElrPbGFKdFEaa85IcKtnfnspzmvo9AJn2wveZUAlZAzu2zBN +vKI8ubXgoS56uHQnNsWOIugTW/P1I8FnlD4jPItaACGJ3yZWolh9g/WOGS29qJvV +E/6hT4QPPXPZFEnOKO0/3YsMXBwcnEqm2mQ+c4rGMKrTcynk4KaE +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..ec6b06bbc --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,26 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = eap-tls + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = eap-tls + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-modp3072 + } + } + version = 2 + send_certreq = no + proposals = aes128-sha256-modp3072 + } +} diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..bea7e81f8 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyDCCAzCgAwIBAgIBAjANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjEwMzU0N1oXDTI2MDky +MjEwMzU0N1owWDELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5v +cmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCcPfHpuwuPBQ/0FTT6 +ENKjbxcGfVozz5Q7mfleee5DwIMH4yqkQeA297vUUEPwap/Z2Frmt9HHkeFdvDoF +kwJN1SzmjEexo6XksbCnxbgbUFLGh9VPvLN+eZb/6U8RHbMmdds6VV9bxSgRuwB9 +ekKv950m8G7XSSTVUeOucwkgMaU1zg1F7ToNxhJv/sCBE3q6Y9Cv65HOfmMVcnJE +6PHTSAfz0bNkho1yLKJjBoJkUF24HK1SFovxEowD4zFasHUgJCATuEhNle8kmDZS +4R763eVcxJ8qhkfJTaxMG1y1dqfqt/9eYLQ7cF/tFPCgWYO8mUCmB+kvVAh7yAfW +GL826RNiySb7NZg+QkDNzALIybKFkVi/SvSnJstYjWFnzF5OvsxJu0iay/GXybHA +bvBG1ZLkEp3SSR7+CisIQjwBhmPfc0AbnyJfj7PvjnPhQ01MODVueMHZ9PDhzQAP +tM4hTvpmySEYqPgntkzN5DlhcswVGamqfSn2htKpfCDrZ1cCAwEAAaOBnTCBmjAf +BgNVHSMEGDAWgBTkyc2M8ohtHacu1155MaVmVTXOAjAeBgNVHREEFzAVghNtb29u +LnN0cm9uZ3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEIGA1UdHwQ7MDkw +N6A1oDOGMWh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1zaGEz +LXJzYS5jcmwwDQYJYIZIAWUDBAMOBQADggGBAAHZATrdzGmUIq+0+EdA1AbPdcaT +UDKJvDS30JyOkUnAv5jr63PHyfw+RS92zgE2UyB4+u43BiggBNmTNCjpaEUmViAo +tdywkzIKm7q3dr0078IZ8LU8Wo+hoeRNkBJOxdgflsSislQYDeTd7syoQ4BW7whs +jjFK2Lbthd+/33Iw3LMekYuZF7ZUbHY7D3nlBidrmTIQQCvOnsW2lJi/S83FEYzl +noK+of3eo4Ryg1/428FHts26PxSmnHv+ckj9R4Jf5kH8kd1WhrgDyHQMnihWlUJ2 +pintDBgislbZytqiBOGeYpbpxKl57zHs421wmUs329asu7zgfJFnCynkUgvuRXdc +gDJ+DAiVaXCJlYnk36P87028SR9/C0JLzHA3O5CcfUdFEUs0BvVe1D3b9kC28rdA +5V86DFCL+gp6rB+wDtq6YnCddaNk+ZCs/QAPidqOFAytaBBKaagMIFk+wlsFge79 +ZssIfKy33Frluw0HCj0LNs2tjWvG4Ku8xkFO1Q== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..29ad5b942 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEazCCAtOgAwIBAgIBADANBglghkgBZQMEAw4FADBXMQswCQYDVQQGEwJDSDEb +MBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MQ4wDAYDVQQLEwVTSEEtMzEbMBkG +A1UEAxMSc3Ryb25nU3dhbiBSb290IENBMB4XDTE2MDkyMjA5NDA1NVoXDTMxMDky +MjA5NDA1NVowVzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJv +amVjdDEOMAwGA1UECxMFU0hBLTMxGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJpHGoOCJSiZoJhPXHqF +XWvrY8zyGwlUCiwphOobq4nhqo2EchTuKdPvCckxtXp/pF5IJsXpptbMmNUmgN7K +VMI/zmI9estFUZg8hn5LSMAbnm102W3xLzM6FRJWMcwe2gajg/NCww02mPsohONC +R4nNMUgYOZdesPDmtYUKk3sr5ZNdpBL6hESBMzFYmYLBzaoeseuzra7U850tF9JU +YfpJStBXNDz8iVPCqOkgKf1hFrPNNxtmsBW68V2ARmYNzqnaP3nLs/U43zZQiT6t +b+zcAE1h6RGgVXjF1b1KG64J153n0YELrC2TpaF2JAGQVvzQgxoZbgiWCKt0m7wx +Qb7P3euy8MxsMGmqHDMtztrg6AAzRKoJN56qHqdP2qExc32uu/BwfmbFv7MLxKQw +g0VykfWBSNyx/2HMDHw79idgFpzHr2nj4CDqB6QLWtRMCWtlT8R7rlz5JlcsJY1U +7Rlwokje9Ctj/5gToXctnLbo+j2506GLtbhxNOaH1s7GswIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU5MnNjPKIbR2n +LtdeeTGlZlU1zgIwDQYJYIZIAWUDBAMOBQADggGBAF+Q4zABKa1ZWohHqsTgru6v +4ru0Pnfbmg3vhlc5ur93Sd0C+fX+e+78n+0QpUNa0N9Vw54r/aF4ki0ceL4Dl4w0 +aXcDa2ozl/hksSeKwIp14W/NHTAjzP2aNpN5/dqd1DM+vojJhlcArepuVVH+NIKt +YYUXwvsjJN9OAAKkMCbnda8gOnKMGJkVIUOTz2DOyzqd5iQ3h3zxzluP4KIya5/k +FZV0wXy8v7phLGgbPJ5DtGuTCjao7+nF6lLkJ+/l3vPC1luB4/UbMGML4GxVwVIM +riCepPT1I9CNuHy2qKpsEmCv8zb5pxXrxv0uIYn8MZx7VCnLuD61AOqIExTYvxv2 +Z3JbOuOsgHJeMKJbhY8r8HkktNLOeLrOW2KSilNpE915EFN0exGMC3zG4IgzRc9u +kGGDVV9BsTkAYjQrWBuuWqxy8TCRPNpe6hnVJIQLLjE9M1V/PW3MD5ObndgT8jA3 +sMMwCxo+S11MZIcKCgnCCcGhgTLT7rFpC0hwRa6dkA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat new file mode 100755 index 000000000..d7107ccc6 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +dave::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat new file mode 100755 index 000000000..762c35418 --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +dave::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-newhope-bliss/description.txt b/testing/tests/swanctl/rw-newhope-bliss/description.txt new file mode 100755 index 000000000..0a7f2489c --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/description.txt @@ -0,0 +1,14 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +The IKEv2 key exchange is based on the NewHope lattice-based post-quantum algorithm +with a cryptographical strength of 128 bits. Authentication is based on the BLISS +algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for +carol, dave and moon, respectively. +

    +Both carol and dave request a virtual IP via the IKEv2 configuration payload. +The gateway moon assigns virtual IP addresses from the pool 10.3.0.0/28 in a monotonously +increasing order. +

    +leftfirewall=yes automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnels, carol and dave then ping +the client alice behind the gateway moon. The source IP addresses of the two +pings will be the virtual IPs carol1 and dave1, respectively. diff --git a/testing/tests/swanctl/rw-newhope-bliss/evaltest.dat b/testing/tests/swanctl/rw-newhope-bliss/evaltest.dat new file mode 100755 index 000000000..be3b867a3 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/evaltest.dat @@ -0,0 +1,10 @@ +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*remote-vips=\[10.3.0.1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*remote-vips=\[10.3.0.2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES +alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES +alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..00576a842 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf @@ -0,0 +1,17 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/bliss/carolKey.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/bliss/carolKey.der new file mode 100644 index 000000000..b2831a8ed Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/bliss/carolKey.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..5706eda18 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + vips = 0.0.0.0 + + local { + auth = pubkey + certs = carolCert.der + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes256gcm128-newhope128 + } + } + version = 2 + proposals = aes256-sha256-newhope128 + fragmentation = yes + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509/carolCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509/carolCert.der new file mode 100644 index 000000000..8a520c0b4 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509/carolCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509ca/strongswan_blissCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509ca/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/swanctl/x509ca/strongswan_blissCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..83cfb4ee0 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf @@ -0,0 +1,17 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/bliss/daveKey.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/bliss/daveKey.der new file mode 100644 index 000000000..0ec528ddf Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/bliss/daveKey.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..13407ed44 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,29 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + vips = 0.0.0.0 + + local { + auth = pubkey + certs = daveCert.der + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes256gcm128-newhope128 + } + } + version = 2 + proposals = aes256-sha256-newhope128 + fragmentation = yes + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509/daveCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509/daveCert.der new file mode 100644 index 000000000..75a114339 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509/daveCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509ca/strongswan_blissCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509ca/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/swanctl/x509ca/strongswan_blissCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..98de2c921 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + pools = /usr/local/sbin/swanctl --load-pools + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/bliss/moonKey.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/bliss/moonKey.der new file mode 100644 index 000000000..c989f91e5 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/bliss/moonKey.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..bce22d057 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + pools = rw_pool + + local { + auth = pubkey + certs = moonCert.der + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes256gcm128-newhope128 + } + } + version = 2 + proposals = aes256-sha256-newhope128 + fragmentation = yes + } +} + +pools { + rw_pool { + addrs = 10.3.0.0/28 + } +} diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509/moonCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509/moonCert.der new file mode 100644 index 000000000..d0ea364b0 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509/moonCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509ca/strongswan_blissCert.der b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509ca/strongswan_blissCert.der new file mode 100644 index 000000000..fdfd39f13 Binary files /dev/null and b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/swanctl/x509ca/strongswan_blissCert.der differ diff --git a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat new file mode 100755 index 000000000..d7107ccc6 --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +dave::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat new file mode 100755 index 000000000..a550a2f6d --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat @@ -0,0 +1,14 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem +carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem +dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +dave::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-newhope-bliss/test.conf b/testing/tests/swanctl/rw-newhope-bliss/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-newhope-bliss/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf index 1a8d3625e..b158ccdb3 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf index 1a8d3625e..b158ccdb3 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf index ec18f448c..c6dd6be45 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 -- cgit v1.2.3